I am adding SNS to applications on AWS Beanstalk. I want to know which SNS topics the application/environment is attaching to. I tried
aws --region us-east-1 elasticbeanstalk describe-environments
It only gets a very vague file telling me the app is associated with one sns but no name no arn. Also, my ARM role has no access to the AWS Configuration.
Any thoughts?
My mistake. The command actually shows the detailed configuration info.
Related
I have successfully installed cloudwatch agent in amazon linux instance and configured the awslogs.conf file as below.But unfortunately the loggroup is created in us-east-1 instead of configured region us-east-2.Any idea what mistake i'm doing?
Please check your AWS profile region. This must be because of the current default region is selected as us-east-2. Try run aws configure command and change your region to the desired one.
I recently enabled flow logs for global accelerator to troubleshoot an issue. below is the AWS CLI command i ran to enable flowlogs for global accelerator as per aws article.
aws globalaccelerator update-accelerator-attributes
--accelerator-arn arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh
--region us-west-2
--flow-logs-enabled
--flow-logs-s3-bucket s3-bucket-name
--flow-logs-s3-prefix s3-bucket-prefix
My S3 bucket is getting huge with the GA flow logs and I no longer need these logs, I would like to disable the flow logs for global accelerator and I don't find a working aws cli command to disable the flow logs for global accelerator. --flow-logs-disabled doesnt exist.
The option you are looking for is:
--no-flow-logs-enabled
So your commandline would become:
aws globalaccelerator update-accelerator-attributes
--accelerator-arn arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh
--region us-west-2
--no-flow-logs-enabled
See the documentation for details: https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/update-accelerator-attributes.html
I really need to know about the stopped time of AWS EC2 instances. I have checked with AWS cloudtrail, but its not easy to find the exact stopped EC2 instance. Is possible to see exact time of stopped EC2 instances by aws-cli commands or any boto3 script?
You can get this info from StateTransitionReason in describe-instances AWS CLI when you search for stopped instances:
aws ec2 describe-instances --filter Name=instance-state-name,Values=stopped --query 'Reservations[].Instances[*].StateTransitionReason' --output text
Example output:
User initiated (2020-12-03 07:16:35 GMT)
AWS Config keeps track of the state of resources as they change over time.
From What Is AWS Config? - AWS Config:
AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
Thus, you could look back through the configuration history of the Amazon EC2 instance and extract times for when the instance changed to a Stopped state.
Sometimes time is missing from StateTransitionReason, you can use CloudTrail and search for Resource Name = instance ID to find out StopInstance(s) API calls.
By default you can track back 90 days, or indefinitely if you create your own trail.
I ventured asking this question because I am getting the following error when I try to run any command in aws cli
Could not connect to the endpoint URL: "https://mturk-requester.us-west-1.amazonaws.com/"
I am in norhtern California and my config file reads:
region = us-west-1
output = table
Therefore I am not experiencing the 1a error described in the questions already answered here and there.
I am also able to communicate with the server using all the steps described here.
The commands I've been attempting to run are:
aws mturk get-account-balance
aws mturk list-hits
I believe this is because mturk is only available in us-east-1 which is also considered the AWS global region, this is mentioned in the documentation for the SDK and the only region mentioned on the endpoints page.
Configure the AWS SDK to use the ‘us-east-1’ region. This is the region in which the MTurk API is available.
If you specify the --region flag and set the value to us-east-1 it should be able to connect to the mechanical turk endpoint.
For a month or so, I've been studying AWS services and now I have to accomplish some basic stuff on AWS elastic beanstalk via command line. As far as I understand there are the aws elasticbeanstalk [command] and the eb [command] CLI installed on the build instance.
When I run eb status inside application folder, I get response in the form:
Environment details for: app-name
Application name: app-name
Region: us-east-1
Deployed Version: app-version
Environment ID: env-name
Platform: 64bit Amazon Linux ........
Tier: WebServer-Standard
CNAME: app-name.elasticbeanstalk.com
Updated: 2016-07-14 .......
Status: Ready
Health: Green
That tells me eb init has been run for the application.
On the other hand if I run:
aws elasticbeanstalk describe-application-versions --application-name app-name --region us-east-1
I get the error:
Unable to locate credentials. You can configure credentials by running "aws configure".
In home folder of current user there is a .aws directory with a credential file containing a [profile] line and aws_access_key_id and
aws_secret_access_key lines all set up.
Beside the obvious problem with the credentials, what I really lack is understanding of the two cli. Why is EB cli not asking for credentials and AWS cli is? When do I use one or the other? Can I use only aws cli? Any clarification on the matter will be highly appreciated.
EDIT:
For anyone ending up here, having the same problem with "Unable to locate credentials". Adding --profile profile-name option solved the problem for me. profile-name can be found in ~/.aws/config (or credentials) file on [profile profile-name] line.
In order to verify that the AWS CLI is configured on your system run aws configure and provide it with all the details it requires. That should fix your credentials problem and checking the change in configuration will allow you to understand what's wrong with your current conf.
the eb cli and the aws cli have very similar capabilities, and I too am a bit confused as to why they both should exist. From my experience the main differences are that the cli is used to interact with your AWS account using simple requests while the eb cli creates connections between you and the eb envs and so allows for finer control over them.
For instance - I've just developed a CI/CD pipeline for our beanstalk apps. When I use the eb cli I can monitor the deployment of our apps and notify the developers when it's finished. aws cli does not offer that functionality, and the only to achieve that is to repeatedly query the service until you receive the desired result.
The AWS CLI is a general tool that works on all AWS resources. It's not tied to a specific software project, the type of machine you're on, the directory you're in, or anything like that. It only needs credentials, whether they've been put there manually if it's your own machine, or generated by AWS if it's an EC2 instance.
The EB CLI is a high level tool to wrangle your software project into place. It's tied to the directory you're in, it assumes that the stuff in your directory is your project, and it has short commands that do a lot of background work to magically put everything in the right place.