I am trying to get the RDS endpoint to use in user data with cli but unable to figure it out.
I need to get the RDS endpoint to inject into a php file but when I try the following I get:
Unable to locate credentials. You can configure credentials by running "aws configure".
I am building the ec2 and vpc using CLI and need to be able to get RDS endpoint as part of the Userdata.
I tried the following on the EC2 instance itself and I get the above error.
aws rds --region ca-central-1 describe-db-instances --query "DBInstances[*].Endpoint.Address"
Even if I am able to resolve that, I need to be able to get the endpoint to pass as part of the userdata. Is that even possible?
The Unable to locate credentials error says that the AWS Command-Line Interface (CLI) does not have any credentials to call the AWS APIs.
You should assign a role to the EC2 instance with sufficient permission to call describe-db-instances on RDS. See: IAM Roles for Amazon EC2
Then, your User Data can include something like:
#!
RDS=`aws rds --region ca-central-1 describe-db-instances --query "DBInstances[*].Endpoint.Address"`
echo >file $RDS
Or pass it as a parameter:
php $RDS
I have it working with this -
mac=curl -s http://169.254.169.254/latest/meta-data/mac
VPC_ID=curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$mac/vpc-id
aws rds describe-db-instances --region us-east-2 | jq -r --arg VPC_ID "VPC_ID" '.DBInstances[] |select (.DBSubnetGroup.VpcId=="'$VPC_ID'") | .Endpoint.Address'
Related
I need to get information such as VPCs, subnets, security groups, etc for many AWS accounts at once. How can I go about this?
One solution is to use a for loop with the AWS CLI. Check out the CLI Documentation for the service that you're wanting to gather information for and find the appropriate commands then use a for loop to loop over the profiles in your ~/.aws/credentials file.
For example, if you're wanting to get the VPCs, subnets, and security groups, those are all described in the EC2 CLI docs.
Here is an example of getting information about those resources and outputting it into the current directory as .json (this assumes you didn't change the default output format when using aws configure
#!/usr/bin/env bash
region=us-east-1
for profile in `grep [[] ~/.aws/credentials | tr -d '[]'`
do
echo "getting vpcs, subnets, and security groups for $profile"
aws ec2 describe-vpcs --region $region --profile $profile > "$profile"_vpcs.json
aws ec2 describe-subnets --region $region --profile $profile > "$profile"_subnets.json
aws ec2 describe-security-groups --region $region --profile $profile > "$profile"_security_groups.json
done
I have created EC2 instance in the my office PC. It was successfully and I used it well. But when I logged to the AWS console from my home laptom - no one instance exist there and I have the error You do not have any instances in this region. I try to search instance information in other regions but do not found any.
How I can found my created instance or list all instances independently of region?
Quick way would be to use combination of AWS CLI, jq and a simple Bash for loop to iterate through each region and list the instances. Be sure to set your credentials before running
for region in `aws ec2 describe-regions | jq .Regions\[\].RegionName -r`
do
echo -e "\tRegion: ${region}"
aws ec2 describe-instances --query "Reservations[*].Instances[*].{InstanceID:InstanceId}" --output=table --region ${region}
done
You can copy post the code in your Linux shell, or run them in AWS CloudShell which gives you an authenticated shell with aws cli preinstalled
We're having an issue where we're on a CentOS EC2 instance that is using a role through an attached instance profile. When we're on the console after SSHing in, we run the python awscli command line tool to get our identity:
$ aws sts get-caller-identity
we're getting
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid
other commands, such as aws ec2 describe-instances work and are allowed by the instance profile.
From reading the AWS documentation, no permissions should be required to get-caller-identity and there's no explicit deny set on the role associated with instance.
We checked and there's no .aws/credentials file and no env variables set, so access should be entirely managed through the metadata service on the EC2 instance.
Is there something missing in our setup or invocation of the awscli that might cause the permission to fail?
Just documenting the fix for anyone that runs into this issue.
All calls to the awscli should probably include a --region <region> parameter.
E.g.
$ aws sts get-caller-identity --region us-east-2
We were prompted for the region on our aws ec2 describe-instances call but on the aws sts get-caller-identity call, it just failed.
Additionally, we found that the AWS_REGION environment variable didn't seem to affect calls: we still needed to include the --region <region> parameter.
Trying to issue:
$ aws ec2 create-security-group --group-name Grp1 --description Grp1 --vpc-id vpc-0e6f748e8c01534bc
But I get
An error occurred (InvalidVpcID.NotFound) when calling the CreateSecurityGroup operation:
The vpc ID 'vpc-0e6f748e8c01534bc' does not exist
That vpc does exists, but it isn't being recognized.
It is in a different region.
I can't specify region in the command.
How do I get around that?
When you do some command on the aws cli, you can submit the region option as follows.
aws cli <some code> --region <region>
The cli options are listed in the aws documentation.
I am very new to AWS. I have a Windows Server EC2 instance. I installed AWS CLI on my laptop. Then I opened a CMD window, typed in "aws configure", put in the access key credentials, and was able to connect to the EC2.
From here, how do I get the http://169.254.169.254/latest/meta-data working? How do I retrieve some meta data?
On your Laptop
On your local machine you only can use the cli to retrieve metadata about your instance. Simply use this aws cli command:
aws ec2 describe-instance-attribute --instance-id <your-ec_instance_id e.g. i-ab12345> --attribute instanceType --region <your_region e.g. eu-west-1>
Documentation: http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-attribute.html
On your EC2-Instance only:
On your instance you can use the cli (like above) and the following:
PowerShell >3.0:
Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/instance-type
Documentation: http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html
Or you can install "curl for windows" and run:
curl http://169.254.169.254/latest/meta-data/instance-type
When running on an EC2 instance, you can query the metadata service, like so:
curl http://169.254.169.254/latest/meta-data/public-ipv4
You can also use:
curl http://instance-data/latest/meta-data/public-ipv4
From outside the EC2 instance, you can use the awscli, like so:
aws ec2 describe-instances
--instance-ids i-01234567890123456
--query "Reservations[0].Instances[0].PublicIpAddress"
--output text
You cannot use http://169.254.169.254/latest/meta-data from AWS cli on your laptop
Use the ec2 describe-instances command instead for getting instance details
More details here