I wanted to add validation to my script before starting the Pod build in AWS.
One of the validation step is to check the # of VPCs in the asked region and the max limit set on the account.
I didn't find any CLI or SDK API to get it.
However there are similar APIs, example to get the max elastic IP per VPC, I can query:
aws ec2 describe-account-attributes
And look for "AttributeName": "default-vpc"
There is a brand new service which is able to do what you want: AWS Service Quotas.
It is currently available in most of the regions.
You can query the VPC service limit using the GetServiceQuota action.
The quota code for the quota VPCs per Region is L-F678F1CE (ARN: arn:aws:servicequotas:<REGION>::vpc/L-F678F1CE).
The service code for the service Amazon Virtual Private Cloud (Amazon VPC) is vpc.
Documentation: https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html
GetServiceQuota-Command Documentation for the CLI: https://docs.aws.amazon.com/cli/latest/reference/service-quotas/get-service-quota.html
You can use the latest version of the aws cli as follows:
aws service-quotas get-service-quota --service-code 'vpc' --quota-code 'L-F678F1CE'
On Windows cli:
aws service-quotas get-service-quota --service-code vpc --quota-code L-F678F1CE
As long as Trusted Advisor access to the Service Limits category remains free, you can do this:
CHECK_ID=$(aws --region us-east-1 support describe-trusted-advisor-checks --language en --query 'checks[?name==Service Limits].{id:id}[0].id' --output text)
aws support describe-trusted-advisor-check-result --check-id $CHECK_ID --query 'result.sort_by(flaggedResources[?status!="ok"],&metadata[2])[].metadata' --output table --region us-east-1
CHECK_ID is currently eW7HH0l7J9
Related
I have like 15 Lightsail instances created on my AWS account and now I wanted to know when these Lightsail instances were created.
The creation date of the Lightsail instances on which date and time these were created. But is not able to find this information from the AWS Lightsail console.
You can use the AWS Command Line Interface (AWS CLI) to retrieve the creation date of your Lightsail instances. The following AWS CLI command will list all of your Lightsail instances and the creation date for each instance:
aws lightsail get-instances --query "instances[*].{Name:name, CreationDate:createdAt}"
This command uses the get-instances command to retrieve information about all of your Lightsail instances, and the --query option to extract the name and creation date of each instance.
Alternatively, you can also retrieve the creation date of a specific Lightsail instance by using the get-instance command and specifying the instance name:
aws lightsail get-instance --instance-name <instance_name> --query "instance.createdAt"
Replace <instance_name> with the name of the Lightsail instance you want to retrieve information for.
Note: The AWS CLI must be installed and configured on your local machine in order to use these commands.
If you haven't already done so, just follow these steps:
1- Install the AWS CLI:
You can install the AWS CLI on your local machine by following the installation instructions for your operating system. You can find the installation instructions at the following URL: https://aws.amazon.com/cli/
2- Configure the AWS CLI:
After installing the AWS CLI, you need to configure it with your AWS credentials. You can do this by running the following command:
aws configure
This will prompt you for your AWS access key ID, secret access key, default region name, and default output format. You can find your AWS access keys in the AWS Management Console.
3- Verify the configuration:
To verify that your AWS CLI is configured correctly, you can run the following command:
aws lightsail get-instances
This command should list all of your Lightsail instances in your AWS account.
With the AWS CLI installed and configured, you can now use the AWS CLI commands to retrieve information about your Lightsail instances, including the creation date.
I hope my answer helps you
Is there any Rest api to get all details(including the AMI image details) of AWS marketplace public listing?
For Example:-
https://aws.amazon.com/marketplace/pp/prodview-lk3liabqn4x2i?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
I want all details if I provide any identifier from the URL.
Yes, you can use the EC2 API DescribeImages action and set the Owner parameter to aws-marketplace to output all the AWS Marketplace-owned AMIs and their details in a specific region.
Here is an example AWS CLI command that does that:
aws ec2 describe-images \
--region us-east-1 \
--owners aws-marketplace
With AWS CLI, you can also use filtering to filter the list.
I'm new to Cloud Custodian and have the few doubts specific to using it for AWS.
I ran the following policy (no filters and actions present) so that I could get all the options for using as keys in value type filters :
policies:
- name: CheckPublicECRRepo
resource: ecr
The output was a detailed list of all the AWS ECR private repositories in my account which is exactly same as running aws ecr describe-repositories --region <region>.
So,
How AWS CLI command responses relate to those from running Cloud Custodian commands? Are they both calling same APIs? If yes, which API is being called here exactly?
How can I write a Cloud Custodian policy to detect AWS ECR public repositories? I'm getting the desired output by running this AWS CLI command : aws ecr-public describe-repositories --region us-east-1.
ecr-public resource does not seem to be supported yet. So I would either submit a feature request here or I would try to code the missing feature and contribute it.
We have deployed alpine images on EKS Fargate nodes, and have also associated a service account to an IAM role which has access to DynamoDb and some other services.
When deploying the containers, we can see that AWS has automatically set these env vars on all containers
AWS_ROLE_ARN=arn:aws:iam::1111111:role/my-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
But if we execute this command with the cli
aws sts get-caller-identity
or
aws dynamodb list-tables
the command simply hangs and does not return any results.
We have followed the docs on setting up the iam roles for the EKS (k8s) service accounts - is there anything more we need to do to check the connectivity from the containers to the DynamoDb for example? (please note, from Lambda or so we can access DynamoDb - an endpoint exists for the necessary services)
When I execute this on the pod:
aws sts assume-role-with-web-identity \ --role-arn $AWS_ROLE_ARN \ --role-session-name mh9test \ --web-identity-token ```
file://$AWS_WEB_IDENTITY_TOKEN_FILE \ --duration-seconds 1000
I get this error: Connect timeout on endpoint URL: "sts.amazonaws.com" which is strange because the vpc endpoint is sts.eu-central-1.amazonaws.com
I can also not ping endpoint address such as ec2.eu-central-1.amazonaws.com
Thanks
Thomas
I got AWS CLI tools and account on AWS. I ran the command aws configure and set the AWS Access key, AWS secret key, region and output format. Now when I am running the command
aws ec2 describe-spot-price-history --instance-type m1.xlarge --product-description "Linux/Unix"
I get the output empty
{
"SpotPriceHistory": []
}
I have tried it with multiple instance types, giving start time and end time etc.
Please can someone help me on this.
Are you sure your account supports launching an ec2-classic instance ?
If you created your account after 2013-12-04, it supports EC2-VPC only and to retrieve the information you will need to specify that you want ec2 instances from VPC
aws ec2 describe-spot-price-history --product-description "Linux/UNIX (Amazon VPC)" --instance-type m1.xlarge