I have created a new instance on us-east-2, configured the security groups, policies and access rules and I can see it running and access it via the browser. However, when I attempt to connect to it via the aws-cli, it tells me us-east-2 is an invalid choice for the region.
What am I missing here? It is clearly a region on AWS:
I am running Ubuntu and aws --version results in: aws-cli/1.2.9 Python/3.4.3 Linux/3.13.0-100-generic
I am trying to connect to the instance via aws ec2 get-console-output --instance-id XXXXXXXX --region us-east-2
You CLI version is outdated by 3 years and it doesn't know the new regions. Can you upgrade the CLI to 1.10.x and try?
$ aws --version
aws-cli/1.10.66 Python/2.7.12 Linux/3.14.35-28.38.amzn1.x86_64 botocore/1.4.56
$ aws ec2 describe-regions
{
"Regions": [
{
"Endpoint": "ec2.us-east-2.amazonaws.com",
"RegionName": "us-east-2"
},
Related
I am trying to copy an ami from one region to a different region through the AWS CLI.
The following command works fine for copying an ami to the same region:
aws ec2 copy-image --name ami-copy-test --source-image-id ami-123... --source-region us-east-1
but I am trying to copy to a different region, us-east-2 for instance.
There doesn't seem to be a --destination-region flag. The documentation page:
https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-image.html
states:
You specify the destination Region by using its endpoint when making
the request.
But what does this actually mean?
You are on the right page, just continue to read
from https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-image.html
...
This example copies the specified AMI from the us-east-1 region to the ap-northeast-1 region.
Command:
aws ec2 copy-image --source-image-id ami-5731123e --source-region us-east-1 --region ap-northeast-1 --name "My server"
I wanted to add validation to my script before starting the Pod build in AWS.
One of the validation step is to check the # of VPCs in the asked region and the max limit set on the account.
I didn't find any CLI or SDK API to get it.
However there are similar APIs, example to get the max elastic IP per VPC, I can query:
aws ec2 describe-account-attributes
And look for "AttributeName": "default-vpc"
There is a brand new service which is able to do what you want: AWS Service Quotas.
It is currently available in most of the regions.
You can query the VPC service limit using the GetServiceQuota action.
The quota code for the quota VPCs per Region is L-F678F1CE (ARN: arn:aws:servicequotas:<REGION>::vpc/L-F678F1CE).
The service code for the service Amazon Virtual Private Cloud (Amazon VPC) is vpc.
Documentation: https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html
GetServiceQuota-Command Documentation for the CLI: https://docs.aws.amazon.com/cli/latest/reference/service-quotas/get-service-quota.html
You can use the latest version of the aws cli as follows:
aws service-quotas get-service-quota --service-code 'vpc' --quota-code 'L-F678F1CE'
On Windows cli:
aws service-quotas get-service-quota --service-code vpc --quota-code L-F678F1CE
As long as Trusted Advisor access to the Service Limits category remains free, you can do this:
CHECK_ID=$(aws --region us-east-1 support describe-trusted-advisor-checks --language en --query 'checks[?name==Service Limits].{id:id}[0].id' --output text)
aws support describe-trusted-advisor-check-result --check-id $CHECK_ID --query 'result.sort_by(flaggedResources[?status!="ok"],&metadata[2])[].metadata' --output table --region us-east-1
CHECK_ID is currently eW7HH0l7J9
I am trying to get the RDS endpoint to use in user data with cli but unable to figure it out.
I need to get the RDS endpoint to inject into a php file but when I try the following I get:
Unable to locate credentials. You can configure credentials by running "aws configure".
I am building the ec2 and vpc using CLI and need to be able to get RDS endpoint as part of the Userdata.
I tried the following on the EC2 instance itself and I get the above error.
aws rds --region ca-central-1 describe-db-instances --query "DBInstances[*].Endpoint.Address"
Even if I am able to resolve that, I need to be able to get the endpoint to pass as part of the userdata. Is that even possible?
The Unable to locate credentials error says that the AWS Command-Line Interface (CLI) does not have any credentials to call the AWS APIs.
You should assign a role to the EC2 instance with sufficient permission to call describe-db-instances on RDS. See: IAM Roles for Amazon EC2
Then, your User Data can include something like:
#!
RDS=`aws rds --region ca-central-1 describe-db-instances --query "DBInstances[*].Endpoint.Address"`
echo >file $RDS
Or pass it as a parameter:
php $RDS
I have it working with this -
mac=curl -s http://169.254.169.254/latest/meta-data/mac
VPC_ID=curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$mac/vpc-id
aws rds describe-db-instances --region us-east-2 | jq -r --arg VPC_ID "VPC_ID" '.DBInstances[] |select (.DBSubnetGroup.VpcId=="'$VPC_ID'") | .Endpoint.Address'
Could not connect to the endpoint URL: "https://ec2.ec2-east.amazonaws.com/" is throwing
You do not use a valid region (ec2-east)
For ec2 regions, please refer to http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
Your command should be aws ec2 describe-instances --region xxx where xxx is in the list from http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region like aws ec2 describe-instances --region us-east-1
I can not connect to eu-central-1 using aws.
I am trying:
aws ec2 describe-instances --region eu-central-1
Return is suggesting that there is no eu-central-1 at all.
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument --region: Invalid choice, valid choices are:
us-west-2 | fips-us-gov-west-1
cn-north-1 | us-east-1
us-west-1 | ap-northeast-1
ap-southeast-1 | sa-east-1
us-gov-west-1 | ap-southeast-2
eu-west-1
I gave my user admin permissions in IAM management console.
When I try
aws ec2 describe-instances --region eu-west-1
I get:
{
"Reservations": []
}
Specifications of my instance has: Availability zone
eu-central-1b (I even tried to add b just in case, same thing)
I gave Access Key and Secret Access Key to aws configure. Should I give something else in region instead of eu-central-1?
Upgrade your version of the AWS CLI. It's too old to recognize the eu-central-1 region.
Use aws --version to display the current version of the CLI.
I'm using Ubuntu and the packaged version was too old. I had to install awscli with pip to get a version which knows of eu-central-1.
This version works for me:
aws --version
aws-cli/1.11.144 Python/2.7.6 Linux/3.13.0-123-generic botocore/1.7.2