This command lists hundreds of windows servers. How do I select the most popular ones those are displayed on web console while I create a new instance?
# aws ec2 describe-images --owners amazon --filters "Name=name,Values=Windows_Server*" --query 'sort_by(Images, &CreationDate)[].Name'
[
"Windows_Server-2016-English-Full-ECS_Optimized-2017.11.24",
"Windows_Server-2016-English-Full-ECS_Optimized-2018.01.10",
"Windows_Server-2016-English-Full-ECS_Optimized-2018.02.21",
"Windows_Server-2016-English-Full-ECS_Optimized-2018.03.26",
"Windows_Server-2016-English-Nano-Base-2018.04.11",
...
...
]
I am looking for the full name and not just the ami-id.
For e.g. which one of the above is "ami-04ca2d0801450d495"?
The DescribeImages API call returns the name of the AMI along with the rest of the info. To extract just the name of the AMI, you can run the following command:
aws ec2 describe-images --image-ids $IMAGE_ID \
--output text --query 'Images[*].Name'
Details about the describe-images command can be found here.
This command will return the full name of the given ami ID
aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region us-east-1 | grep -C3 '04ca2d0801450d495'
Related
I would like to run AWS CLI command to start the instance if it has relevant Tags exist for Eg "MigratedBy". If Tag doesnt exists, it shouldnt start the instance at all
I tried running below command but it didnt work out
aws ec2 start-instances --instance-ids `aws ec2 describe-instances --filters "Name=tag:MigratedBy,Values=my-super-tag" --query 'Reservations[].Instances[].InstanceId' --outpu t text`
It seems this command would run all the instance with the tag "MigratedBy" but this is wrong in my case. I would like to just start the particular instance if tag exists otherwise not
If you want to filter based only on the existence of the tag you can include it in the query and then pipe to show only the InstanceId:
aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?Key=='MigratedBy'],InstanceId] | [*][1]' --output text
Finally, to start those instances the whole command will be:
aws ec2 start-instances --instance-ids `aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?Key=='MigratedBy'],InstanceId] | [*][1]' --output text`
Reference:
Filtering AWS CLI output
I run falco and falcosidekick with docker compose, without k8s.
I need to retrive aws instance metadata to falco rules output.
I've found the jevt field class but I encountered an error on falco container start
Invalid output format 'command=%jevt.value[/awsRegion': 'invalid formatting token jevt.value[/awsRegion']
Here my rules:
- rule: Terminal shell in container
desc: A shell was used as the entrypoint/exec point into a container with an attached terminal.
condition: >
spawned_process and container
and shell_procs and proc.tty != 0
and container_entrypoint
and not user_expected_terminal_shell_in_container_conditions
output: >
command=%jevt.value["/awsRegion"]
priority: NOTICE
tags: [ container, shell, mitre_execution ]
How can I do?
Thank you
several things to know:
the syntax for jevt.value is jevt.value[/awsRegion] (no quotes)
these kind fields are for events in json format, it works for kubernetes audit logs but in your case where the rule is based on syscalls
falco will not query aws metadata either, you will not have this information in your output like this
Regards,
Falco doesn't query AWS metadata, so I retrieved the metadata with an aws cli describe-instances and passed the metadata to falcosidekick container.
#loading EC2 metadata
INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
INSTANCE_IP=$(aws ec2 describe-instances --instance-id "$INSTANCE_ID" --region eu-west-1 --query 'Reservations[*].Instances[*].{InstanceIp:PublicIpAddress}' --output text)
CLUSTER_NAME=$(aws ec2 describe-instances --instance-id "$INSTANCE_ID" --region eu-west-1 --query 'Reservations[*].Instances[*].{ClusterName:Tags[?Key==`Name`]|[0].Value}' --output text)
docker run -d -p 2801:2801 -d \
-e CUSTOMFIELDS=INSTANCE_ID:"$INSTANCE_ID",INSTANCE_IP:"$INSTANCE_IP",CLUSTER_NAME:"$CLUSTER_NAME" \
--name falcosidekick \
falcosecurity/falcosidekick
I can use the following to list all Amazon Windows EC2 instances. How do I list Linux instances?
aws ec2 describe-images --owners self amazon --filters "Name=root-device-type,Values=ebs" "Name=platform,Values!=windows"
I think you can use the below to list all instances with platform type, then filter by platform type.
for region in `aws ec2 describe-regions --output text | cut -f2|awk -F. '{print $2}'`; do echo -e "\nInstances in: '$region':"; aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,Platform]' --output text --region $region; done;
Platform type "None" indicates the Linux.
I'd like to delete all AMIs that my own and they are non-shared.
Eg:
$aws ec2 describe-images --executable-users 804427628951
This will list all images by user 804427628951 with explicit launch permissions. But I don't know how to list all non-shared AMI. Could you please help?
Thanks.
You can list all of your own Amazon Machine Images (AMIs) with the command:
aws ec2 describe-images --filters Name=image-type,Values=machine Name=owner-id,Values=YOUR_ACCOUNT_ID
Within the output, private images will be shown as "Public": false.
You could also show only private images:
aws ec2 describe-images --filters Name=image-type,Values=machine Name=is-public,Values=false Name=owner-id,Values=YOUR_ACCOUNT_ID
You can list AMIs that are in an account and how they are shared using a combination of aws ec2 describe-images and aws ec2 describe-image-attribute. The latter can return the launchPermission element which is a list of accounts that the AMI is shared with. Combining the two allows you to iterate over all images and count how many times they are shared as follows:
for ami in $(aws ec2 describe-images --owners self | jq -r '.Images[].ImageId')
do aws ec2 describe-image-attribute --image-id $ami --attribute 'launchPermission' | \
jq '.ImageId + " - " + ([.LaunchPermissions[]]|length|tostring)'
done
In your case you're only interested in the unshared images so you might want to do this:
for ami in $(aws ec2 describe-images --owners self | jq -r '.Images[].ImageId')
do
ct=$(aws ec2 describe-image-attribute --image-id $ami --attribute 'launchPermission' | \
jq '[.LaunchPermissions[]]|length')
if [ 0 -eq $ct ]; then echo $ami; fi
done
I have found a script for starting/stopping a dynamically created ec2 instance, but how do I start any instances in my inventory?
Seems you are talking about scripting, not SDK. So there are two tools to do the job.
1 AWS CLI tools
download aws cli tool and set the API Key in $HOME/.aws/credentials
list all instances on region us-east-1
Confirm which instances you are targeting.
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --region us-east-1 --output text
2 Amazon EC2 Command Line Interface Tools
download and setup instruction
list all instances on region us-east-1
You should get same output as WAY #1.
ec2-describe-instances --region us-west-2 |awk '/INSTANCE/{print $2}'
With the instance ID list, you can use your command to start them one by one.
for example, the instance name are saved in file instance.list
while read instance
do
echo "Starting instance $instance ..."
ec2-start-instances "$linstance"
done < instance.list
BMW, give you an excellent startup, but you can even summarise the thing like this:
1) First get the id of all the instances and save them into a file
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --region us-east-1 --output text >> id.txt
2) Then simply run this command to start all the instances
for id in $(awk '{print $1}' id.txt); do echo "starting the following instance $id"; aws ec2 start-instances --instance-ids --region us-east-1 $id; done
Please change the region, I am considering that you have installed and setup the AWS CLI tools properly. Thanks