i am digging on aws cli and from past 5 hours i struggling with 2 cli commands
i should get InstanceId, Name(this is a tag value) and specific tag value by providing its key ( including not tags given i.e NULL)
I should get InstanceId, Name and specific tag value by providing its key ( excluding NULL tags)
i got 50% of the answer for the 1 Question & 2 Question 0%
My cli command:
aws ec2 describe-instances --query 'jsondata[ ].Instances[
].[InstanceId, [Tags[?keys='Name'].Value] [0][0]' --output table`
Ex: {
"Jsondata" : [
{ "Instances" : "i-xxxxxx",
"Tags":[
{ "valve":" testserver",
"key": "server"
},
{ "valve":" elb",
"key": "Name"
}
]
},
{ "Instances" : "i-yyyyyy",
"Tags":[
{ "valve": " ",
"key": " "
},
{ "valve":" elb2",
"key": "Name"
}
]
}
]`
Thanks in advance. Please help me i need to sleep
To describe all instances with Tag "NAME" Use:
aws ec2 describe-instances --filters "Name=tag-key,Values=Name"
or
This Gives InstanceId with Particular Tag "Name"
aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`].Value[0]]'
or
This Gives InstanceId with Particular Tag "Name" and Value of Tag
aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`], Tags[?Key==`Name`].Value[]]'
To describe all instances with Tag "Purpose" and its value as "test" Use:
aws ec2 describe-instances --filters "Name=tag:Purpose,Values=test"
If you already know the Instance id:
aws ec2 describe-instances --instance-ids i-1234567890abcdef0
To find every instance which doesn't contain a tag named "Purpose":
aws ec2 describe-instances | jq '.Reservations[].Instances[] | select(contains({Tags: [{Key: "Purpose"} ]}) | not)'
To filter against the value of the tag, instead of the name of the tag:
aws ec2 describe-instances | jq '.Reservations[].Instances[] | select(contains({Tags: [{Key: "Name"}, {Value: "testbox1"}]}) | not)'
To find every instance which doesn't contain a tag:
aws ec2 describe-instances | jq '.Reservations[].Instances[] | select(contains({Tags: [{Key: ""}, {Value: ""}]}) | not)'
Related
My EC2 instance has many tags with a desired value EBM. The thing that this value could be in a different Name, sometimes under tag:Name and sometimes tag:XXX, I tried the below query and it didn't work:
aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*,Values=*EBM*'
An error occurred (InvalidParameterValue) when calling the DescribeSecurityGroups operation: The filter '*' is invalid
any idea how to make the Name as wild card just match the value?
I tried this and it didn't work:
aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*,Values=*EBM*'
An error occurred (InvalidParameterValue) when calling the DescribeSecurityGroups operation: The filter '*' is invalid
I also tried this and didn't work:
aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*.*,Values=*EBM*'
Latest Edit:
I have tested that in my lab environment and its possible to get what you are looking for combining --filter & -query altogether!
Alternatively, you can use the contains function with the Tag[] in the query to match tag values that contain SecGrp anywhere in the value, Keep in mind that the --query option uses the JMESPath query language, which has its own syntax and rules. You can find more information on using JMESPath queries in the AWS CLI documentation.
Further, to get the tag values for security groups in a hash form (i.e., a dictionary or associative array), you can combine that with your --query to get a nicer readable format, below is how you can get that ...
$ aws ec2 describe-security-groups --filters Name=tag-key,Values="*" --query 'SecurityGroups[*].Tags[?contains(Value, `EBM`)][].{Key: Key, Value: Value}' --profile dev
[
{
"Key": "mylabtest",
"Value": "EBMSecGrpec2"
},
{
"Key": "mylabtest",
"Value": "EBMSecGrpfsxontap"
},
{
"Key": "mylabtest",
"Value": "EBMSecGrpfsxlustre"
},
{
"Key": "mylabtest",
"Value": "EBMSecGrpPostConfigAWSCodeBuild"
}
]
You can get into into tablular form as well..
aws ec2 describe-security-groups --filters Name=tag-key,Values="*" --query 'SecurityGroups[*].Tags[?contains(Value, `EBM`)][].{Key: Key, Value: Value}' --profile dev --output table
Use describe-tags
To --filter with a value only regardless of the name in the AWS CLI, you simply can use "Name=value,Values=*tg*".
Keep Name=value so as to look at the value fields only.
use Value=*EBM* it will fetch all values having EBM regardless of prefix or suffix.
However, You can combine --filters with the --query option to filter the output and only display specific fields. For example, to only display the tag names and values, you can use the following command:
$ aws ec2 describe-tags --filters "Name=value,Values=*tg*" --query 'Tags[*].{Key_Name: Key, VauleOfKey: Value}' --profile dev
[
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
},
{
"Key_Name": "SSM_Managed",
"VauleOfKey": "Stg"
}
]
OR
You can get it as a table to be more readable ..
$ aws ec2 describe-tags --filters "Name=value,Values=*tg*" --query 'Tags[*].{Key_Name: Key, VauleOfKey: Value}' --profile dev --output table
-------------------------------
| DescribeTags |
+--------------+--------------+
| Key_Name | VauleOfKey |
+--------------+--------------+
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
| SSM_Managed | Stg |
+--------------+--------------+
To make it more explicit before you use above, you can use the following command to be more simplistic. it will return all tags with a value of "VALUE", regardless of the tag name.:
aws ec2 describe-tags --filters "Name=value,Values=VALUE"
If you want to filter the results further, you can include additional filters by adding them to the list in the --filters flag, separated by a comma. For example, to only return tags with a value of "VALUE" that are associated with security groups, you can use the following command:
aws ec2 describe-tags --filters "Name=value,Values=VALUE","Name=resource-type,Values=security-group"
EDIT:
Using describe-security-groups with all values *SecGrpec2* and then get the name of Security group these value belongs to.
$ aws ec2 describe-security-groups --filters "Name=tag-value,Values=*SecGrpec2*" --profile dev | jq -r '.SecurityGroups[].GroupName'
EC2 - SC101
EC2 - SD102
EC2 - ST101
Its not possible. You have to get all rules first, then then do filtering yourself.
I am trying to show all instances along with attached security groups, block device name and their deleteontermination status. I need to show this data in table format but I am continuously getting the below error.
Kindly help me to understand what I am missing here.
PR-MacBook-Pro:~ pr$ aws ec2 describe-instances --output table --query 'Reservations[*].Instances[*].[InstanceId,SecurityGroups[].GroupName,Placement.AvailabilityZone,BlockDeviceMappings[].DeviceName, BlockDeviceMappings[].Ebs.DeleteOnTermination]'
Row should have 1 elements, instead it has 2
PR-MacBook-Pro:~ pr$
I came across this while searching in google.
After I did a bit of research I found that you have to use | join(`, `, #)
So the command will be
aws ec2 describe-instances --output table --query 'Reservations[*].Instances[*].[InstanceId,SecurityGroups[].GroupName | join(`, `, #),Placement.AvailabilityZone,BlockDeviceMappings[].DeviceName | join(`, `, #), BlockDeviceMappings[].Ebs.DeleteOnTermination | join(`, `, to_array(to_string(#)))]'
modify your command as below to make it work
aws ec2 describe-instances --output table --region "us-east-1" --query 'Reservations[*].Instances[*].[InstanceId,SecurityGroups[].GroupName |[0],Placement.AvailabilityZone,BlockDeviceMappings[].DeviceName |[0], BlockDeviceMappings[].Ebs.DeleteOnTermination|[0] ]'
the response was in the format of
[
[
"i-xxxxxxxx",
[
"xxxxxx"
],
"us-east-1a",
[
"/dev/xvda"
],
[
true
]
]
]
so you need parse the array element using | [0]
I want to run an ec2 describe-instances command and get output in a table format as follows (where name is the Value of the Tag with Key 'Name'):
----------------------------------------------------------
| DescribeInstances |
+-------------+----------------+--------------+----------+
| instance_id | ip_address | name | state |
+-------------+----------------+--------------+----------+
| i-g93g494d | 99.99.99.01 | name1 | running |
| i-a93f754c | 99.99.99.02 | name2 | running |
+-------------+----------------+--------------+----------+
I can run the following command:
aws ec2 describe-instances --instance-ids i-g93g494d i-a93f754c --query "Reservations[*].Instances[*].{name: Tags[?Key=='Name'].Value, instance_id: InstanceId, ip_address: PrivateIpAddress, state: State.Name}" --output json
and obtain output:
[
[
{
"instance_id": "i-g93g494d",
"state": "running",
"ip_address": "99.99.99.01",
"name": [
"name1"
]
}
],
[
{
"instance_id": "i-a93f754c",
"state": "running",
"ip_address": "99.99.99.02",
"name": [
"name2"
]
}
]
]
However, when I run the same command with --output table rather than --output json I get an error.
command:
aws ec2 describe-instances --instance-ids i-g93g494d i-a93f754c --query "Reservations[*].Instances[*].{name: Tags[?Key=='Name'].Value, instance_id: InstanceId, ip_address: PrivateIpAddress, state: State.Name}" --output json
output:
list index out of range
I would like the table output to look like the above example but I'm having difficulty solving this. I'd very much appreciate any help anyone can offer on this.
You need to use pipe expression to filter the Tag results and get the first value such as:
aws ec2 describe-instances --instance-ids i-g93g494d i-a93f754c --query "Reservations[*].Instances[*].{name: Tags[?Key=='Name'] | [0].Value, instance_id: InstanceId, ip_address: PrivateIpAddress, state: State.Name}" --output table
There is a nice related blog post here: Get a list of instance with id, name and type
Here's a python program that can be used to generate listings from the descibe-instances command:
import json
import sys
with open( sys.argv[1] ) as f:
aws = json.load( f )
Reservations = aws['Reservations']
for Reservation in Reservations:
Instances = Reservation['Instances']
for Instance in Instances:
Tags = Instance['Tags']
for Tag in Tags:
if Tag['Key'] == "Name":
print Tag['Value'],Instance['PrivateIpAddress'],Instance['InstanceId'],Instance['State']['Name']
BTW, I absolutely LOVE Volkan Paksoy's answer. That's going into my bag o' tricks. The above python may have the advantage of allowing you to be more expressive with your search criteria or somehow combining results. In short, it's python, and you don't have to figure out how to use the aws syntax.
Here's how to invoke the python script above:
python parse.py <( aws ec2 describe-instances )
Of course, your mileage may vary. For instance, you may not have your region defaulted so, you may need to add an extra parameter as follows:
python parse.py <( aws ec2 --region us-east-2 describe-instances )
And you can than manipulate the output a bit to select only running instances and put in a well formatted column list:
python parse.py <( aws ec2 --region us-east-2 describe-instances ) | column -t | sort -k1,1 | cat -n | grep running
One last note, as I stated, I am a fan of the one liner provided by Volkan. I was just wondering how if the column ordering can be manipulated. I found that aws is sorting the columns alphabetically. To make the ordering obvious, I put numbers in front of the attribute names. However, these attribute names weren't interpreted properly as identifiers, so I had to quote them with double quotes. Here's what I wound up with, please note the subtle quoting changes ( and not so subtle quoting around 'Name' ):
aws ec2 describe-instances --query 'Reservations[*].Instances[*].{"01-name": Tags[?Key=='"'Name'"'] | [0].Value, "03-instance_id": InstanceId, "02-ip_address": PrivateIpAddress, "04-state" : State.Name}' --output table
I using the CLI tools and I want to list only the instance ID and related tags of an instance. The command that I am using is ec2-describe instances. I have tried certain filters but nothing is working out.
Can anybody help ??
error :
./Instance_Audit.sh: line 24: $: command not found
./Instance_Audit.sh: line 25: syntax error near unexpected token `do'
./Instance_Audit.sh: line 25: ` do echo $ID ; echo $(aws ec2 describe-instances --query "Reservations[].Instances[?InstanceId==\`$ID\`].Tags[]") done'
Using the aws cli, I can produce a few different alternatives of the tag output:
aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId,Tags[]]'
Result: i-xxxxx [{u'Value': 'key1value', u'Key': 'key1name'}, {u'Value': 'key2value', u'Key': 'key2name'}]
aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId,Tags[].*]'
Result: i-xxxxx [['key1value', 'key1name'], ['key2value', 'key2name']]
aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId,Tags[].Key,Tags[].Value]'
Result: i-xxxx ['key1name', 'key2name'] ['key1value' 'key2value']
Is any of those formats what you're looking for?
The AWS CLI command
aws ec2 describe-instances --region us-west-2 --query 'Reservations[].Instances[].[InstanceId,Tags[]]' --output text
produces these results:
i-789c55c3
Name Instance1
aws:cloudformation:logical-id Instance1
aws:cloudformation:stack-id arn:aws:cloudformation:us-west-2:012345678901:stack/test10-test10-foobarfoobar/a6e545a0-af52-11e4-a0be-50d5020578e0
aws:cloudformation:stack-name test10-test10-foobarfoobar
i-77c108cc
Name Instance2
aws:cloudformation:logical-id Instance2
aws:cloudformation:stack-id arn:aws:cloudformation:us-west-2:012345678901:stack/test10-test10-foobarfoobar/a6e545a0-af52-11e4-a0be-50d5020578e0
aws:cloudformation:stack-name test10-test10-foobarfoobar
If that is not in the format you are looking for, can you provide an example of they format you are expecting?
If you want to only display the instance id and the tags associated to that instance, you can use something like :
$ for ID in $(aws ec2 describe-instances --region eu-west-1 --query "Reservations[].Instances[].InstanceId" --output text); do echo $ID ; echo $(aws ec2 describe-instances --region eu-west-1 --query "Reservations[].Instances[?InstanceId==\`$ID\`].Tags[]") done
i-60****2a
[ [ { "Value": "SB", "Key": "Name" } ] ]
i-1a****56
[ [ { "Value": "Course and Schedule on Apache 2.4", "Key": "Name" } ] ]
i-88eff3cb
[ [ { "Value": "secret.com", "Key": "Name" } ] ]
i-e7****a5
[ [ { "Value": "2014.03 + Docker", "Key": "Name" } ] ]
I could not find a way to do that with only one AWS CLI call. Should someone come up with a shorter solution, I would love to hear from you.
If you want to filter to certain tag key/value only, you can edit the aws ec2 describe-instances to add a --filter option.
For example :
aws ec2 describe-instances --region eu-west-1 --filter "Name=tag:Name,Values=SB"
--Seb
simple answer:
aws ec2 describe-instances \
--query 'Reservations[*].Instances[*].[InstanceId,Tags[*]]'
not so simple answer .. the same principle could be applied to both instances and vpc's
# how-to get all the tags per instance-id with aws ec2 for prd env
while read -r i ; do \
aws ec2 describe-tags --filters "Name=resource-id,Values=$i" \
--profile prd; done < <(aws ec2 describe-instances \
--query 'Reservations[*].Instances[*].InstanceId' --profile prd)
# how-to get all the tags per virtual-private-cloud-id
while read -r v; do aws ec2 describe-tags \
--filters "Name=resource-id,Values=$v" ; \
done < <(aws ec2 describe-vpcs \
--query 'Vpcs[*].VpcId'|perl -ne 's/\t/\n/g;print')
The aws cli has a --query option, which allows you to select only some information.
For an example, I am interested in getting just the Security group name from ec2 describe-instances.
If I run:
aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,SecurityGroups]
my output looks like:
i-xxxxxxx m1.type [{u'GroupName': 'groupName', u'GroupId': 'sg-xxxxx'}]
I can also access elements of the list using an index:
aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,Tags[0].Value,Tags[0].Name]
Is it possible to query tags so that instead of Tag[0] I search for a Tag where the name is specified?
As of 1.3.0, you can now query that information like this:
--query 'Reservations[*].Instances[*].Tags[?Key==`<keyname>`].Value[]'
So where you have this:
"Tags" : [
{
"Value" : "webserver01",
"Key" : "InstanceName"
},
you'd want to do this:
aws ec2 describe-instances --query 'Reservations[*].Instances[*].Tags[?Key==`InstanceName`].Value[]'
What you probably want to use is the --filters option:
aws ec2 describe-instances --output text --filters "Name=tag-key, Values=SecurityGroups, Name=tag-value, Values=Foo" --region us-east-1
You can change the filters around to "query" for the exact field you're looking for.
checkout this slideshare from the Atlanta AWS meetup group's talk on the new AWS CLI for more examples
This way works for me: (this only works in version 1.3.0 and above)
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId, Tags[?Key==`Name`].Value[*]]'
select security_groups from aws.aws_ec2_instance;
> select security_groups from aws.aws_ec2_instance limit 1;
+---------------------------------------------------------------------------------------------------------------------------------+
| security_groups |
+---------------------------------------------------------------------------------------------------------------------------------+
| [{"GroupId":"sg-xxxx","GroupName":"xxxx"},{"GroupId":"sg-xxxxxx","GroupName":"xxxx"}] |
+---------------------------------------------------------------------------------------------------------------------------------+
This will just list out the security groups for your instances.
You can also use
select security_groups from aws.aws_ec2_instance where instance_id = 'i-xxxxxx';