How to get list available regions from amazon?
Before I tried next query
https://ec2.amazonaws.com/?Action=DescribeRegions&AWSAccessKeyId=****&SignatureMethod=HmacSHA256&SignatureVersion=1&Version=2013-08-15
But I get "AWS was not able to validate the provided access credentials" and I don't sure that it correct query.
Your Question Does not seem to specify what services you need to use and how but here is generic example from AWS CLI:
Using describe-regions will give answer to your question , example to describe region names only:
aws ec2 describe-regions --query 'Regions[].{Name:RegionName}' --output text output will be like:
ap-south-1
eu-west-1
ap-southeast-1
ap-southeast-2
eu-central-1
ap-northeast-2
ap-northeast-1
us-east-1
sa-east-1
us-west-1
us-west-2
This is the AWS CLI Documentation that you can refer.
Related
I am trying to use the AWS CLI to retrieve the list of tags and values attached to an AWS account inside our AWS Organisation without sucesss. Is there somebody that has done this before?
I tried the followwing: aws organizations list-accounts --query 'Accounts[].Id'); do aws resourcegroupstaggingapi get-resources --query 'ResourceTagMappingList[].{ResourceARN:ResourceARN,Tags:Tags}' --output table --resource-type-filters AWS::AllSupported --region us-east-1 --account-id $account_id
but not luck
Consider an AWS organization with 50+ accounts. Each account has a role created that allows read-only access to the EC2 service - named "EC2ReadAccess" - and a trust relationship with the master(/management) account. A single IAM user in the master account has a policy applied to allow it to assume the role in every single account.
I would like to be able to iterate through all the accounts in order to retrieve all the EC2 instances, using the unique IAM user. I know that running a CLI command against all the accounts at once is out of the question. Leaving aside cycling through the regions in each account, which has been discussed extensively, is there an elegant solution for doing this?
One hack that comes to mind is to programmatically build the credentials file so that it contains a profile for each account. Each profile, in turn, will be "linked" to the profile of the IAM user (as described here), and have the account id within the role updated for each entry. An example below:
[user1]
aws_access_key_id=<key_id>
aws_secret_access_key=<secret_key>
[marketing]
role_arn = arn:aws:iam::123456789012:role/EC2ReadAccess
source_profile = user1
[dev]
role_arn = arn:aws:iam::234567890123:role/EC2ReadAccess
source_profile = user1
...
[prod]
role_arn = arn:aws:iam::345678901234:role/EC2ReadAccess
source_profile = user1
Running the CLI command - in this case aws ec2 describe-instances - can be accompanied by the --profile parameter in order to cycle through all the profiles present in the credentials file. The region can be cycled through within another loop. So a list of commands to be issued, generated programmatically beforehand, could look something like:
aws ec2 describe-instances --profile marketing --region us-east-1
aws ec2 describe-instances --profile marketing --region us-east-2
...
aws ec2 describe-instances --profile marketing --region sa-east-1
aws ec2 describe-instances --profile dev --region us-east-1
aws ec2 describe-instances --profile dev --region us-east-2
...
aws ec2 describe-instances --profile dev --region sa-east-1
...
aws ec2 describe-instances --profile prod --region us-east-1
aws ec2 describe-instances --profile prod --region us-east-2
...
aws ec2 describe-instances --profile prod --region sa-east-1
Is there a better way of doing this? Am I missing something obvious here?
Don't use the CLI to do this. If you're able to "programmatically build the credentials file", then you should be able to write a program that does the following for every child account:
Assumes the administrator role for that account.
Invokes the DescribeInstances API call.
Do whatever you want with the information
You don't indicate what programming language(s) you're familiar with, but here's some Python that I use to create an SDK client with the standard "OrganizationalAccountAccessRole" in a child account:
def create_boto_resource(account, region, resource_type):
creds = assumeRole(account)
return boto3.resource(resource_type,
region_name=region,
aws_access_key_id=creds['AccessKeyId'],
aws_secret_access_key=creds['SecretAccessKey'],
aws_session_token=creds['SessionToken'])
def assumeRole(account, role_name='OrganizationAccountAccessRole', duration=900):
stsClient = boto3.client('sts')
request = {}
request['RoleArn'] = f"arn:aws:iam::{account}:role/{role_name}"
request['RoleSessionName'] = 'DESCRIPTIVE_TEXT_HERE'
request['DurationSeconds'] = duration
return stsClient.assume_role(**request)['Credentials']
This code actually creates a Boto resource object, which is a simplified API that's supported for EC2 and a few other services. Here's and example of using the resource API to create an instance iterator.
Another way to attack this kind of problem might be via Systems Manager Inventory and Querying inventory data from multiple Regions and accounts.
I am trying to copy an ami from one region to a different region through the AWS CLI.
The following command works fine for copying an ami to the same region:
aws ec2 copy-image --name ami-copy-test --source-image-id ami-123... --source-region us-east-1
but I am trying to copy to a different region, us-east-2 for instance.
There doesn't seem to be a --destination-region flag. The documentation page:
https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-image.html
states:
You specify the destination Region by using its endpoint when making
the request.
But what does this actually mean?
You are on the right page, just continue to read
from https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-image.html
...
This example copies the specified AMI from the us-east-1 region to the ap-northeast-1 region.
Command:
aws ec2 copy-image --source-image-id ami-5731123e --source-region us-east-1 --region ap-northeast-1 --name "My server"
Given this example of aws-cli command
aws rds describe-db-cluster-snapshots
I returns a list of objects with fields.
I only want to display the fields: "SnapshotCreateTime" and "DBClusterIdentifier"
How do I do this?
AWS CLI provides built-in output filtering capabilities with the --query option.
aws rds describe-db-cluster-snapshots --query 'DBClusterSnapshots[*].[SnapshotCreateTime,DBClusterIdentifier]'
The above will work if your AWS CLI configured in the same region and have single AWS CLI profile. If AWS CLI configured in a different region and different profile then you can use below command.
aws rds describe-db-cluster-snapshots --query 'DBClusterSnapshots[*].[SnapshotCreateTime,DBClusterIdentifier]' --region us-west-2 --profile test
cli-usage-output
I am trying to list down all the regions for which my AWS VPC is configured.
The following commands are of no use to me, since:
aws ec2 describe-vpcs
Only lists VPC details but not the region
aws ec2 describe-availability-zones
Lists all the availability zones available for me.
I do see the specific AZs for my subnets under:
AWS Console --> VPC --> Summary --> Network ACL --> Subnet Associations
But I would like to list the same on the command line for my VPC. Is this possible?
An Amazon VPC exists only in one region. There is no multi-region capability for VPCs.
The VPC will be in the region to which you issue the above commands. Therefore, you must already know the region before issuing any of these commands.
If you merely want a list of regions (unrelated to a particular VPC), use describe-regions:
aws ec2 describe-regions
Yes it possible using the shellscript. At time you can list only one region Resources using AWS CLI.
#!/bin/bash
Profile='Enter_your_profile_name'
while read f1 f2
do
Region=$f1
Region_Name=$f2
echo "$Region - $Region_Name \n" >> vpc-details.csv
aws ec2 describe-vpcs --profile $Profile --region $Region --output text --query 'Vpcs[].[Tags[?Key==`Name`].Value | [0],CidrBlock,VpcId,IsDefault]' --filter Name=isDefault,Values=false >> vpc-details.csv
echo "\n" >> vpc-details.csv
done < region.txt
region.txt
us-east-2 US-East(Ohio) us-east-1 US-East(N-Virginia)
us-west-1 US-West(N-California) us-west-2 US-West-(Oregon)
ap-northeast-1 Asia-Pacific-(Tokyo)
ap-northeast-2 Asia-Pacific-(Seoul) ap-south-1 Asia-Pacific-(Mumbai)
ap-southeast-1 Asia-Pacific-(Singapore)
ap-southeast-2 Asia-Pacific-(Sydney) ca-central-1 Canada-(Central)
eu-central-1 EU -Frankfurt) eu-west-1 EU-(Ireland)
eu-west-2 EU-(London) eu-west-3 EU-(Paris)
sa-east-1 South-America-(São-Paulo)
Sample output
eu-west-1 - EU-(Ireland)
Testining 10.135.0.0/16 vpc-xxxx False
VPC_prod 10.140.0.0/16 vpc-zzzz False
Note: - you will be getting the following output
Name of the VPC
CIDR range
VPC-ID
Is the VPC is default or not
You have to give your profile variable to make it work... Let me know if you have any query.