I forgot my AWS account, I tried all the email account in the reset password page I can remember, still no luck. Right now I can connect to my ec2 instance ip using ssh, what can I do if I use the server to help me remember my AWS account? I wrote several email to them, still not a single reply.
Find the hostname, instance id or other metadata of the instance.
$ curl http://169.254.169.254/latest/meta-data/hostname
ec2-203-0-113-25.compute-1.amazonaws.com
With that information they can track down your account.
See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
Running this command from the EC2 instance will give you your AWS accountId among other information:
curl http://169.254.169.254/latest/dynamic/instance-identity/document
Related
We have an AWS Org with AWS Grafana running in the root account setup with Org access.
We have successfully connected to AWS Prometheus and other data sources across different organization accounts. But cant get AWS Grafana to connect to Amazon OpenSearch that is hosted in a VPC.
If you look at Grafana -> AWS Data Sources -> Amazon OpenSearch Service, it lists the cluster. But all attempts to connect have failed.
We have tried setting:
Using SigV4auth Auth
Using Basic auth + With Credentials (Even adding VPC connections between accounts and checking ports are open
When we try Save and Test, we always get a Testing.. followed by OpenSearch error: Bad Gateway in grafana.
Has anyone got it working successfully and able to assist?
Same issue here. Except the Grafana is setup in the same account that the opensearch cluster.
Also tried to configure the security group on the open search cluster to accept everything (all port, all protocol from anywhere).
I'm wondering if it's a network issue : the opensearch cluster being in a VPC can grafana access it ? But I can't find documentation on the network part of the managed grafana.
Hope someone will help.
Been told it’s a known issue.
The solution is to create a proxy for your opensearch cluster and let it get internet access to connect to grafana.
No idea on timelines for AWS to build / fix the problem :(
A solution that works well on my side is to fill in the fields:
HTTP part:
URL: https://search-anything
Access: Server (default)
Auth part:
Check Basic auth
then in Basic Auth Details fill in the master username and password
OpenSearch details part:
fill in the name of an index
make sure that a timestamp field exists in the index filled above and put the name of this field in Time field name
choose the right OpenSearch version 1.0.x
Test
I hope this will help you
This happens when accessing EC2 console for any region.
Global services like S3, IAM and account related pages can be accessed without problems.
No AWS Organization issue, no policy issue.
Just go to your email and click the link AWS management console and open an AWS account.
So, now you can access your EC2.
Check whether you have skipped one or more steps during registration.
You may have received an email stating you need to complete those steps.
File a support case to receive the email again if you missed it.
It takes a while to AWS to verify your card details after you register a new account with AWS. It would be great if AWS would give a more sensible message.
Wait for account activation :
After you choose a Support plan, a confirmation page indicates that your account is being activated. Accounts are usually activated within a few minutes, but the process might take up to 24 hours.
AWS create and activate account
Is it possible to send an email from an EC2 instance and join some files with it to the owner of the instance ?
The idea is to compute some things with a Python script, to store the informations in a database and to generate two files of result and log.
It would be great if I can automatize it so that I receive these two files in an email and the instance stops after it.
Yes, you can send email from an ec2 instance using the AWS SES service.
When you launch your instance, you can assign it a role. That role should have rights to send email using SES, and if you want it to shut down when you're done then you'd add the StopInstances permission as well.
You would then use the AWS CLI tool to stop the instance. You can get the current instance ID from the instance metadata.
This is not a duplicate of the question "Getting my AWS credentials using an API call" because I am asking specifically about what Amazon means in the example that they give.
I am looking here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
I see this bit:
Warning
If you use services that use instance metadata with IAM roles, ensure that you don't expose your credentials when the services make HTTP calls on your behalf. The types of services that could expose your credentials include HTTP proxies, HTML/CSS validator services, and XML processors that support XML inclusion.
The following command retrieves the security credentials for an IAM role named s3access.
$ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access
Where does this IP address come from? What is 169.254.169.254? It can't be my server, since I don't have software running on port 80, nor would I grant Amazon an alias on my server.
But I did actually run the above, and it simply timed out. So the IP address 169.254.169.254 is not a service that Amazon is actively running. So what is it?
Does anyone understand this example that Amazon offers?
169.254 is within the link-local address space: https://en.wikipedia.org/wiki/Link-local_address
It's usually used for a lot of localhost/local-subnet use cases. Amazon happens to put their metadata service at 169.254.169.254 so that it can be queried from EC2 Instances.
curl http://169.254.169.254/latest/meta-data
Should always return something, the full http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access will only return something if you had an IAM role attached to your instance named s3access.
169.254.169.254 is the address of the AWS metadata service. You can query this address from an EC2 server to obtain information about the server. The metadata that can be obtained in this manner is documented here.
Are you saying that when you run that curl command from an EC2 server it is timing out?
I have launched a linux server on AWS, there is another developer and i want him to work on the server, but i don't want to give .pem file to him, what should i do?
he should be able to connect to server via a console and deploy files and configure on http server. when the jobs done i want to take his priviliges back.
Thanks for your interest.
You should add his public ssh key to /home/ubuntu/.ssh/authorized_keys and that's basically it.
He will be able to login via SSH using corresponding private key.
This have nothing to do with AMI though.
There is a solution here, new user and a new key/pair for that user can be created on server machine. new user can access to server with the new key.
Another anwers about same topic is here