I have 2 EC2 instances spawned using service catalog product provisioning. For some reasons, I have terminated them both and want to spawn new EC2 instances back (Not the terminated ones).
So I tried to update the product again from service catalog and was hoping the service catalog would create them back because the earlier instances are not present.
Product provisioning is successful and yet the EC2 instances are not created.
My product is actually a full stack comprising of some sub-stacks and one of the sub-stack actually creates the EC2 instance.
We could envision this as below -
Full Stack
Sub-Stack-1
Sub-Stack-2
Sub-Stack-3
Question is how to get the new EC2 instances created without having to terminate the full stack.
More info on permission for these -
I have 2 roles that I have used to achieve this. 1 role is used only to provision products from service catalog. Other is admin like role that I can use to terminate the EC2 instance. I just don't want to spawn the EC2's from the admin role and use the products to provision them.
AWS CloudFormation is not "aware" of resources changes made outside of its control. So, it currently thinks that the EC2 instances still exist, even though they have been terminated.
If you have sufficient permissions to use CloudFormation, you could:
Download the CloudFormation template that was deployed by Service Catalog
Remove the section that defines the EC2 instances
Update the stack by providing the edited template -- this will cause CloudFormation to terminate the instances (that are already terminated)
Edit the template and add back the instance definitions, then Update the stack again with this template (effectively the same template that was originally used to launch the stack) -- this should cause new instances to be deployed that match the original specification
Related
I'm trying to create an autoscaling group manages EKS worker node provisioning. According to AWS' docs under the "Nodes fail to join cluster" section, in order for instances to join a cluster, the new instances must contain the tag kubernetes.io/cluster/my-cluster where my-cluster is the name of the cluster and the value of the tag must be owned. However, when the auto scaling group tries to provision new instances, I see the following error in the activity section:
Launching a new EC2 instance. Status Reason: Could not launch Spot
Instances. InvalidParameterValue -
'kubernetes.io/cluster/my-cluster' is not a valid tag
key. Tag keys must match pattern ([0-9a-zA-Z\-_+=,.#:]{1,255}), and
must not be a reserved name ('.', '.', '_index'). Launching EC2
instance failed.
Does anyone know why this is happening and how I can address this?
I worked with AWS Support and discovered the issue is coming from a new feature called instance tags on EC2 instance metadata service.
This feature provides an alternative solution to making API calls via AWS CLI by allowing developers to use the metadata service API to query instance tags. This is useful to reduce the number of API calls if you are having issues with exceeding the maximum number of requests to AWS.
However, this causes conflicts with auto scaling group when the special IAM key is required which includes non-supported characters.
The solution to the problem is to set 'Metadata accessible' to 'Don't include in launch template' or 'Disabled' when creating your launch template.
You can find this option when creating or modifying a launch template under: Advanced details section > Metadata accessible
I'm looking to see if I can create an instance and deploy applications to athis instance dynamically via the API. I only want these instances to be created when my application needs them, or I request for them to be created.
I have two applications that I need to deploy to each created instance which require some set up and installation of dependencies prior to their launch. When I am finished with this application, I want to terminate the instance.
Am I able to do this? If so, could someone please point me to the right section of the documentation. I have searched on the documentation and found some information about creating images but I am unsure as to what exactly I will need to achieve this task.
Yes. Using an Autoscaling Group, you can create a launch configuration that will launch you instances. Using CodeDeploy, you would link your deployment group to the auto-scaling group.
See Integrating AWS CodeDeploy with Auto Scaling
AWS CodeDeploy supports Auto Scaling, an AWS service that can launch
Amazon EC2 instances automatically according to conditions you define.
These conditions can include limits exceeded in a specified time
interval for CPU utilization, disk reads or writes, or inbound or
outbound network traffic. Auto Scaling terminates the instances when
they are no longer needed. For more information, see What Is Auto
Scaling?.
Assuming you set your desired/minimum instances to 0, then the default state of the ASG will be to have no instances.
When you application needs an instance spun up, it would simply change the desired instance value to 1. When your application is completed with the instance, it would set your desired count to 0 again, thereby terminating that instance.
To develop this setup, start by running your instance normally (manually) and get the application deployment working. When that works, then create your auto scaling group. Finally, update your deployment group to refer to the ASG so that your code is deployed when you have scaling events.
I am member of an organisation account in AWS. I have created two EC2 instance in us-east-1 region. But other team members are not able to see this EC2 instance in Management console.
Since infrastructure or assets is managed by a team and not individuals we need to have a team view for all that is in use. The admin users should have ability to view any instance, that is what we want to achieve here. The problem is at present the user who created the EC2 instance is the only user who is able to see EC2 instance in console.
Below is the account details as it gets displayed in AWS Management Console -
Below is the screen shot which confirms that the user belongs to an organisation -
Can any one suggest how can this be achieved?
If users have the ability to view any instances in the EC2 management console, then they will see all instances in the console.
If they can see some instances (which proves they have the right permission to view instances), but some instances are not appearing then the problem might be one of:
The 'missing' instance was launched in a different account
The 'missing' instance was launched in a different region than you are viewing in the console
There is a filter active on the listing that is limiting the instances shown
You could also try using the AWS Command-Line Interface (CLI) aws ec2 describe-instances command to list instances to verify that the same information is returned for different credentials. (That is, run it as different users and compare the output.)
Bottom line: You should either see them all or see none (due to insufficient permissions to list instances). It is not possible to only view some.
After I initiated an Amazon ECS following their tutorial (But I don't recall there is one step that asks me for the key-pair information.)
After I set it up, I found that there is an extra EC2 in my EC2 instance list that starts to charge me money. I wonder what that EC2 is doing.
Is it the EC2 that is associated with ECS that I can start to build my own server on?
If so, how can I log into it? (There is no key-pair information for me to log in. It says I need to log in via valid username-password pair, but I don't even know my username.)
If not, how can I kill it? (Directly terminating it in EC2 service is not helping since it seems ECS will just start another one)
The username will be ec2-user. ECS creates a launch configuration in which you can set key pair
ECS creates an autoscaling group you can find it under ec2/autoscaling/home you can edit this group and set min and desired to 0 this will shut down the instance automatically.
Is it possible to do AutoScaling with Static IPs in AWS ? The newly created instances should either have a pre-defined IP or pick from a pool of pre-defined IPs.
We are trying to setup ZooKeeper in production, with 5 zooKeeper instances. Each one should have a static-IP which are to hard-coded in the Kafka's AMI/Databag that we use. It should also support AutoScaling, so that if one of the zooKeeper node goes down, a new one is spawned with the same IP or from a pool of IPs. For this we have decided to go with 1 zoo-keeper instance per AutoScaling group, but the problem is with the IP.
If this is the wrong way, please suggest the right way. Thanks in advance !
One method would be to maintain a user data script on each instance, and have each instance assign itself an elastic IPs from a set of EIPs assigned for this purpose. This user data script would be referenced in the ASGs Launch Configuration, and would run on launch.
Say the user script is called "/scripts/assignEIP.sh", using the AWS CLI you would have it consult the pool to see which ones are available and which ones are not (already in use). Then it would assign itself one of the available EIPS.
For ease of IP management, you could keep the pool of IPs in a simple text properties file on S3, and have the instance download and consult that list when the instance starts.
Keep in mind that each instance will need an to be assigned IAM instance profile that will allow each instance to consult and assign EIPs to itself.