Creating Elastic Beanstalk environment with specified VPC - amazon-web-services

I'm trying to create an Elastic Beanstalk environment using the AWS CLI
aws elasticbeanstalk create-environment \
--application-name my-application \
--environment-name my-environment \
--region us-east-1 \
--solution-stack-name "64bit Amazon Linux 2015.09 v2.0.6 running Docker 1.7.1" \
--version-label my-version
but this dumps everything into the default VPC, whereas I'd like to put it in a specific (non-default) VPC. I know this can be accomplished through the AWS web interface. Can it be accomplished with the CLI? Choosing a VPC is not mentioned in the create-environment docs.

Elastic Beanstalk has it's own CLI implementation that is much more robust than the one integrated into the AWS CLI. You can read more about it and download it here. Then, you can use the eb cli as follows to specify the VPC:
eb create \
--elb-type application \
--region us-east-1 \
--platform "64bit Amazon Linux 2015.09 v2.0.6 running Docker 1.7.1" \
--version my-version \
--vpc.id <vpc to launch into> \
my-environment-name

Related

AWS CLI restore-from-cluster-snapshot doesn't find snapshot in account

I'm trying to restore a cluster from a snapshot using
aws redshift restore-from-cluster-snapshot --cluster-identifier my-cluster
--snapshot-identifier my-identifier --profile my-profile --region my-region
But I'm receiving
An error occurred (ClusterSnapshotNotFound) when calling
the RestoreFromClusterSnapshot operation: Snapshot not found: my-identifier
I checked the available snapshots using
aws redshift describe-cluster-snapshots --profile my-profile --region my-region
And my-identifier appears as available snapshot.
Entering via Redshift console I'm also able to see the snapshots and was able to restore it from the UI.
Does anybody have any clues ?
P.S.: Not sure if it's relevant, but it's a snapshot from another account that I shared with the account where I'm trying to restore the cluster
You must specify the owner account number when restoring to enable Redshift to decrypt the shared snapshot.
aws redshift restore-from-cluster-snapshot \
--profile myAwsCliProfile \
--snapshot-identifier mySnapshotName \
--owner-account 012345678910 \
--cluster-identifier my-new-redshift-cluster \
--number-of-nodes 6 \
--node-type ra3.16xlarge \
--port 5439 \
--region us-east-1 \
--availability-zone us-east-1d \
--cluster-subnet-group-name default\
--availability-zone-relocation \
--no-publicly-accessible \
--maintenance-track-name CURRENT

Initialize AWS EC2 machine with access keys on launch

I want to launch an EC2 machine using aws cli. I want several things to take place before I connect, including setting my configuration.
I successfully launch the machine using:
aws ec2 run-instances --image-id ami-062f7200baf2fa504 --count 1 \
--instance-type t2.micro --key-name MyFirstKey --security-group-ids \
launch-wizard-3 --user-data file://aws_setup_script.txt
my aws_setup_script.txt is
sudo yum update -y
aws configure set aws_access_key_id AAAAABBBBBCCCCCDDDDD
aws configure set aws_secret_access_key AAAAABBBBBCCCCCDDDDDEEEEEFFFFFGGGGGHHHHH
aws configure set default.region us-east-1
sudo yum update -y successfully runs, but the aws configure steps do not.
It is insecure passing secrets in user-data.
Your script is failing because it isn't running as ec2-user so it doesn't have aws in the path. Even if it worked, it wouldn't be configuring the CLI tool for the ec2-user account so it isn't going to work the way you want.
Most importantly, there is a much better way to accomplish this. You should be assigning an IAM instance profile to the instance. When you run the aws cli tool on an instance with an IAM role assigned it will automatically use those credentials.
As per best practice, It's always better to use the IAM instance role attached to your Ec2 instead of setting the AWS credentials within Ec2.
Create an IAM instance role (refer AWS Doc) with the required permission want to give to Ec2.
Use --iam-instance-profile in aws cli command to attache the Ec2 with specific Iam role.
aws ec2 run-instances --image-id ami-062f7200baf2fa504 --count 1 \
--instance-type t2.micro --key-name MyFirstKey --security-group-ids \
launch-wizard-3 --iam-instance-profile

How do I enable the AWS CLI on an EC2 instance?

How do I enable the AWS CLI on an EC2 instance? After I create the EC2 instance, I can SSH into the machine, but when I try to do something like aws s3 ls, it prompts me to do aws configure first, which I then have to enter my keys. I want to be able to automate this so that I can grab additional artifacts from S3 buckets to install. Note that I am using the AWS CLI on my computer to create the EC2 instance, but I need to use the AWS CLI on the EC2 instance itself.
My AWS command to create a simple EC2 instance looks like the following (this is done on my computer).
aws ec2 run-instances \
--image-id ami-14c5486b \
--count 1 \
--instance-type t2.micro \
--key-name testkey \
--subnet-id subnet-xxxxxxxx \
--security-group-ids sg-xxxxxxxx \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=test}]'
--user-data file://install-software.sh
The install-software.sh looks something like the following (this is submitted to the EC2 instance).
#!/bin/bash
aws s3 cp s3://mybucket/some-archive.tar.gz some-archive.tar.gz
tar xf some-archive.tar.gz
sudo some-archive/bin/install.sh
You need to use an instance profile when launching your EC2 instance – if it has an instance profile attached then the AWS CLI will automatically use the permissions set in it to grant access to resources, rather than relying on your providing credentials.
You need to assign an instance role to your instance. Give it rights to get objects from your bucket. Then the aws cli will get the credentials from instance metadata automatically so you won't need to configure aws first.

Where to find Endpoint in creating aws-cli bots without using amazon-lex?

I'm trying to create a chatbot using aws-cli .Going through the Steps in Documentation in https://docs.aws.amazon.com/lex/latest/dg/gs-create-flower-types.html
I couldn't understand what endpoint did it mean in the documentation as shown in the syntax.
aws lex-models put-slot-type \
--region region \
--endpoint endpoint \
--name FlowerTypes \
--cli-input-json file://FlowerTypes.json
What is the endpoint in the above syntax?
You can find the list of endpoints for Lex at this link
For your current case, https://models.lex.us-east-1.amazonaws.com/ will work as endpoint, given that your region is us-east-1.
Below code will work if you are using Windows machine:
aws lex-models put-slot-type ^
--region us-east-1 ^
--endpoint https://models.lex.us-east-1.amazonaws.com/ ^
--name FlowerTypes ^
--cli-input-json file://FlowerTypes.json
Keep the input json file in the same folder where you have opened the CLI.

How do I configure Kubernetes node labels when creating a cluster with kops?

When creating a Kubernetes cluster on AWS with kops version 1.6.2, how do I configure Kubernetes labels for nodes? My specific scenario is that I need to set the label beta.kubernetes.io/fluentd-ds-ready as true, because otherwise Fluentd pods won't be scheduled.
My current kops command for creating a cluster looks as follows:
kops --state s3://example.com create cluster \
--zones eu-central-1a,eu-central-1b,eu-central-1c \
--master-zones eu-central-1a,eu-central-1b,eu-central-1c \
--topology private --networking flannel --master-size m4.large \
--node-size m4.large --node-count 2 --bastion --cloud aws \
--ssh-public-key id_rsa.pub --authorization RBAC --yes \
production.example.com
How do I also configure kops to set the label beta.kubernetes.io/fluentd-ds-ready=true on created Kubernetes nodes?
From https://github.com/kubernetes/kops/issues/742
You can create a yaml file with the cluster definition and the labelling there. On an existing cluster you can then do a rolling update.