AWS cant connect to vm inside vpc - amazon-web-services

I am trying to create a VPC without the wizard.
I added the routes, internet gateway, NACL and Security groups but my vm remains unreachable, below I have posted details from the aws cli to give you precise details.
I have a feeling that it has something to do with my routes. I am unable to ping or ssh into my jumpbox
Architecture Diagram:-
yamazaki#yamazaki-linux:~$ aws ec2 describe-security-groups --group-ids sg-ab7a71cd
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": [],
"PrefixListIds": []
}
],
"Description": "mysg",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": -1,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": []
}
],
"GroupName": "mysg",
"VpcId": "vpc-220e9346",
"OwnerId": "646132786531",
"GroupId": "sg-ab7a71cd"
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-network-acls --network-acl-ids acl-1816717c
{
"NetworkAcls": [
{
"Associations": [
{
"SubnetId": "subnet-91a025ac",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-78fa7001"
},
{
"SubnetId": "subnet-aea02593",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-ede56f94"
},
{
"SubnetId": "subnet-6da02550",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-19e46e60"
}
],
"NetworkAclId": "acl-1816717c",
"VpcId": "vpc-220e9346",
"Tags": [],
"Entries": [
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 100,
"Protocol": "-1",
"Egress": true,
"RuleAction": "allow"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": true,
"RuleAction": "deny"
},
{
"RuleNumber": 100,
"Protocol": "6",
"PortRange": {
"To": 22,
"From": 22
},
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"IcmpTypeCode": {
"Code": -1,
"Type": -1
},
"RuleNumber": 200,
"Protocol": "1",
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": false,
"RuleAction": "deny"
}
],
"IsDefault": true
}
]
yamazaki#yamazaki-linux:~$ aws ec2 describe-vpcs --vpc-id vpc-220e9346
{
"Vpcs": [
{
"VpcId": "vpc-220e9346",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-80c96ce5",
"CidrBlock": "192.168.0.0/20",
"IsDefault": false
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-subnets --subnet-ids subnet-6da02550 subnet-aea02593 subnet-91a025ac
{
"Subnets": [
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-databases",
"Key": "Name"
}
],
"CidrBlock": "192.168.3.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-91a025ac",
"AvailableIpAddressCount": 251
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-internet",
"Key": "Name"
}
],
"CidrBlock": "192.168.1.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-6da02550",
"AvailableIpAddressCount": 250
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-computes",
"Key": "Name"
}
],
"CidrBlock": "192.168.2.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-aea02593",
"AvailableIpAddressCount": 250
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f rtb-1eb9f37a rtb-c980caad rtb-9980cafd
{
"RouteTables": [
{
"Associations": [],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
},
{
"Associations": [
{
"RouteTableAssociationId": "rtbassoc-0113ef66",
"Main": true,
"RouteTableId": "rtb-1eb9f37a"
}
],
"RouteTableId": "rtb-1eb9f37a",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-c980caad",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in-computes",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-9980cafd",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-computes-databases",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-internet-gateways --internet-gateway-ids igw-51638f35
{
"InternetGateways": [
{
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"InternetGatewayId": "igw-51638f35",
"Attachments": [
{
"State": "available",
"VpcId": "vpc-220e9346"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-instances --instance-ids --instance-ids i-3c6c09c5
{
"Reservations": [
{
"OwnerId": "646132786531",
"ReservationId": "r-12f788fb",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-12-10T16:30:41.000Z",
"PublicIpAddress": "52.70.141.142",
"PrivateIpAddress": "192.168.1.67",
"ProductCodes": [],
"VpcId": "vpc-220e9346",
"StateTransitionReason": "",
"InstanceId": "i-3c6c09c5",
"ImageId": "ami-60b6c60a",
"PrivateDnsName": "ip-192-168-1-67.ec2.internal",
"KeyName": "yamazaki",
"SecurityGroups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"ClientToken": "DpGNG1449765041380",
"SubnetId": "subnet-6da02550",
"InstanceType": "t2.micro",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "06:1a:f4:6a:b6:f5",
"SourceDestCheck": true,
"VpcId": "vpc-220e9346",
"Description": "Primary network interface",
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"NetworkInterfaceId": "eni-971b94ab",
"PrivateIpAddresses": [
{
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"Primary": true,
"PrivateIpAddress": "192.168.1.67"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-cdd36cbc",
"AttachTime": "2015-12-10T16:30:41.000Z"
},
"Groups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"SubnetId": "subnet-6da02550",
"OwnerId": "646132786531",
"PrivateIpAddress": "192.168.1.67"
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1e"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-5ade4392",
"AttachTime": "2015-12-10T16:30:45.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/xvda",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "jumpbox",
"Key": "Name"
}
],
"AmiLaunchIndex": 0
}
]
}
]

After adding a subnet association for the route table with the one with the internet gateway I was able to connect to my box.
aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f
{
"RouteTables": [
{
"Associations": [
{
"SubnetId": "subnet-6da02550",
"RouteTableAssociationId": "rtbassoc-48a35d2f",
"Main": false,
"RouteTableId": "rtb-fb83c99f"
}
],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
}
]
}

Related

Unable to access redshift from local machine using VPN

I created a redshift cluster in EU region. I also created a VPC and other artifacts including route tables with igw (using GUI with VPC and More option). Then attached this VPC to redshift cluster while creation.
However, I’’m unable to connect with this redshift from CD or local machine. I'm using postgres CLI.
Ideally it should have worked. Any ideas?
I'm able to connect from query editor from AWS Redshift console
Edit Troubleshooting done so far
This postgress command times out psql -h redshift-cluster-1.xxxxx.eu-west-1.redshift.amazonaws.com -U awsuser -d dev -p 5497. postgres installation is correct. As I'm able to connect with one of other redshift installations
psql: could not connect to server: Connection timed out
Is the server running on host "redshift-cluster-1.xxxx.eu-west-1.redshift.amazonaws.com" (xx.xx.xx.xx) and accepting
TCP/IP connections on port 5497?
dig works but telnet fails
Adding describes.
VPC
{
"Vpcs": [
{
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-0f7cfde8258b431f5",
"State": "available",
"VpcId": "vpc-0a673f3e2399e0904",
"OwnerId": "xx",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0f738813e1a319934",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "test-vpc"
}
]
}
]
}
Security Groups
{
"SecurityGroups": [
{
"Description": "default VPC security group",
"GroupName": "default",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-07c16a51da213b9a8",
"UserId": "xx"
}
]
}
],
"OwnerId": "xx",
"GroupId": "sg-07c16a51da213b9a8",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0a673f3e2399e0904"
},
{
"Description": "SG1",
"GroupName": "SG1",
"IpPermissions": [
{
"FromPort": 5497,
"IpProtocol": "tcp",
"IpRanges": [
"IpRanges": [
{
"CidrIp": "52.27.190.0/23"
},
{
"CidrIp": "64.39.96.0/20"
},
{
"CidrIp": "10.189.32.85/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [
{
"PrefixListId": "pl-6fa54006"
}
],
"ToPort": 6000,
"UserIdGroupPairs": []
}
],
"OwnerId": "xxxxx",
"GroupId": "sg-0fccd6f7706900e54",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0a673f3e2399e0904"
}
]
}
Redshift cluster
{
"Clusters": [
{
"ClusterIdentifier": "redshift-cluster-1",
"NodeType": "dc2.large",
"ClusterStatus": "available",
"ClusterAvailabilityStatus": "Available",
"MasterUsername": "awsuser",
"DBName": "dev",
"Endpoint": {
"Address": "redshift-cluster-1.xxx.eu-west-1.redshift.amazonaws.com",
"Port": 5497
},
"ClusterCreateTime": "2022-08-09T14:51:58.527000+00:00",
"AutomatedSnapshotRetentionPeriod": 1,
"ManualSnapshotRetentionPeriod": -1,
"ClusterSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-07c16a51da213b9a8",
"Status": "active"
},
{
"VpcSecurityGroupId": "sg-0fccd6f7706900e54",
"Status": "active"
}
],
"ClusterParameterGroups": [
{
"ParameterGroupName": "default.redshift-1.0",
"ParameterApplyStatus": "in-sync"
}
],
"ClusterSubnetGroupName": "cluster-subnet-group-1",
"VpcId": "vpc-0a673f3e2399e0904",
"AvailabilityZone": "eu-west-1a",
"PreferredMaintenanceWindow": "mon:03:30-mon:04:00",
"PendingModifiedValues": {},
"ClusterVersion": "1.0",
"AllowVersionUpgrade": true,
"NumberOfNodes": 2,
"PubliclyAccessible": true,
"Encrypted": false,
"ClusterPublicKey": "<>",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "10.0.2.114",
"PublicIPAddress": "52.208.40.55"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "10.0.6.171",
"PublicIPAddress": "46.51.199.140"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "10.0.8.205",
"PublicIPAddress": "18.200.92.114"
}
],
"ClusterRevisionNumber": "40496",
"Tags": [],
"EnhancedVpcRouting": false,
"IamRoles": [],
"MaintenanceTrackName": "current",
"ElasticResizeNumberOfNodeOptions": "[4]",
"DeferredMaintenanceWindows": [],
"NextMaintenanceWindowStartTime": "2022-08-15T03:30:00+00:00",
"AvailabilityZoneRelocationStatus": "disabled",
"ClusterNamespaceArn": "<>",
"TotalStorageCapacityInMegaBytes": 800000,
"AquaConfiguration": {
"AquaStatus": "disabled",
"AquaConfigurationStatus": "auto"
}
}
]
}

How to solve JSON error on AWS Bad String?

Don't know where is the bad string here, someone can help me?
It appears like a bad error message on the AWS Console, but i can't find what am i missing here.
This script is to create VPCs, Routes, IGW and a Palo Alto Firewall, think that the problem is some ] or } that i am missing.
Do we have a tool to analyze it, instead of searching manually?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName":{
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap" : {
"us-west-2" : { "AMI": "ami-d28992ab"},
"ap-northeast-1" : { "AMI": "ami-ab04e7cd"},
"us-west-1" : { "AMI": "ami-0f88a16f"},
"ap-northeast-2" : { "AMI": "ami-6cbd6402"},
"ap-southeast-1" : { "AMI": "ami-1897057b"},
"ap-southeast-2" : { "AMI": "ami-8ed3cced"},
"eu-central-1" : { "AMI": "ami-6df35f02"},
"eu-west-1" : { "AMI": "ami-86d63eff"},
"eu-west-2" : { "AMI": "ami-3c170658"},
"sa-east-1" : { "AMI": "ami-15651279"},
"us-east-1" : { "AMI": "ami-0d7ef242edccdad95"},
"us-east-2" : { "AMI": "ami-f1200094"},
"ca-central-1" : { "AMI": "ami-0f08b76b"},
"ap-south-1" : { "AMI": "ami-1ffc8470"}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"Path":"/",
"Policies": [ {
"PolicyName" : "BootstrapRolePolicy",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" }]]}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" } , "/*" ]]}
}]
}
}]
}
},
"BootstrapInstanceProfile":{
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"PublicElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"ManagementElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": "" ,
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": [ "NewVPC", "NewDBSubnet" ]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"VpcId": {"Ref": "NewVPC"},
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn":[ "NewVPC", "NewDBSubnet" ]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 MGMT"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/1"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {"Ref": "NewWebSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/2"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {"Ref": "NewDBSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name", "Value": "WP AWS FW1 E1/3"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "ManagementElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface" }
},
"DependsOn": [ "FWManagementNetworkInterface", "ManagementElasticIP" ]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "PublicElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface" }
},
"DependsOn": [ "FWPublicNetworkInterface", "PublicElasticIP" ]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {"Ref": "NewVPC"},
"Tags": [{"Key": "Name","Value": "Lab External SG"}],
"SecurityGroupIngress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewDBSubnet"}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewWebSubnet"}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"InternetGatewayId": {"Ref": "igweb3def8e"}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {"Ref": "rtb049a2461"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb059a2460"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb049a2461"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"DhcpOptionsId": {"Ref": "dopt21c7d043"}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {"Ref": "BootstrapInstanceProfile"},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": { "Fn::FindInMap" : [ "PANFWRegionMap", { "Ref" : "AWS::Region" }, "AMI" ] },
"InstanceType": "m4.xlarge",
"BlockDeviceMappings" :
[
{
"DeviceName" : "/dev/xvda",
"Ebs" :
{
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "60"
}
}
],
"KeyName": { "Ref" : "ServerKeyName" },
"Monitoring": "false",
"Tags": [{ "Key": "Name", "Value": "WP VM-Series Firewall" }],
"NetworkInterfaces": [
{
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface"},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface"},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate12NetworkInterface"},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate13NetworkInterface"},
"DeviceIndex": 3
}
],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"vmseries-bootstrap-aws-s3bucket=", { "Ref" : "BootstrapBucketName" }
]]}}
},
"DependsOn": [ "FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet" ]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": { "Fn::Join" : ["", [
"https://",
{ "Ref": "ManagementElasticIP"}
]]}}
},
}]]
}
}
}
Yes, you had missing } and some extra ,. Below is valid json. The template may have other issues, but your current error is about invalid json, so I fixed only that. For new issues, please make new question.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName": {
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap": {
"us-west-2": {
"AMI": "ami-d28992ab"
},
"ap-northeast-1": {
"AMI": "ami-ab04e7cd"
},
"us-west-1": {
"AMI": "ami-0f88a16f"
},
"ap-northeast-2": {
"AMI": "ami-6cbd6402"
},
"ap-southeast-1": {
"AMI": "ami-1897057b"
},
"ap-southeast-2": {
"AMI": "ami-8ed3cced"
},
"eu-central-1": {
"AMI": "ami-6df35f02"
},
"eu-west-1": {
"AMI": "ami-86d63eff"
},
"eu-west-2": {
"AMI": "ami-3c170658"
},
"sa-east-1": {
"AMI": "ami-15651279"
},
"us-east-1": {
"AMI": "ami-0d7ef242edccdad95"
},
"us-east-2": {
"AMI": "ami-f1200094"
},
"ca-central-1": {
"AMI": "ami-0f08b76b"
},
"ap-south-1": {
"AMI": "ami-1ffc8470"
}
}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "BootstrapRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}]]
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}, "/*"]]
}
}
]
}
}]
}
},
"BootstrapInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [{
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"PublicElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"ManagementElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": "",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 MGMT"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/1"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {
"Ref": "NewWebSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/2"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {
"Ref": "NewDBSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/3"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["ManagementElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
}
},
"DependsOn": ["FWManagementNetworkInterface", "ManagementElasticIP"]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["PublicElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
}
},
"DependsOn": ["FWPublicNetworkInterface", "PublicElasticIP"]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "Lab External SG"
}],
"SecurityGroupIngress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}],
"SecurityGroupEgress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewDBSubnet"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewWebSubnet"
}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"InternetGatewayId": {
"Ref": "igweb3def8e"
}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb049a2461"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb059a2460"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb049a2461"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"DhcpOptionsId": {
"Ref": "dopt21c7d043"
}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {
"Ref": "BootstrapInstanceProfile"
},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": {
"Fn::FindInMap": ["PANFWRegionMap", {
"Ref": "AWS::Region"
}, "AMI"]
},
"InstanceType": "m4.xlarge",
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"DeleteOnTermination": "true",
"VolumeSize": "60"
}
}],
"KeyName": {
"Ref": "ServerKeyName"
},
"Monitoring": "false",
"Tags": [{
"Key": "Name",
"Value": "WP VM-Series Firewall"
}],
"NetworkInterfaces": [{
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate12NetworkInterface"
},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate13NetworkInterface"
},
"DeviceIndex": 3
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [
"vmseries-bootstrap-aws-s3bucket=", {
"Ref": "BootstrapBucketName"
}
]]
}
}
},
"DependsOn": ["FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet"]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": {
"Fn::Join": ["", [
"https://",
{
"Ref": "ManagementElasticIP"
}
]]
}
}
}
}
}

Creating a JSON table from 'aws autoscaling describe-auto-scaling-groups'

I have a problem with parsing output/transforming it from aws autoscaling describe-auto-scaling-groups
The output looks like this:
{
"AutoScalingGroups": [
{
"AutoScalingGroupName": "eks-nodegroup-AZ1",
"AutoScalingGroupARN": "arn:aws:autoscaling:eu-central-1::autoScalingGroup:854a8f05-cd3c-421d-abf3-0f3730d0b068:autoScalingGroupName/eks-nodegroup-AZ1",
"LaunchTemplate": {
"LaunchTemplateId": "lt-XXXXXXXXXXXXX",
"LaunchTemplateName": "eks-nodegroup-AZ1",
"Version": "$Latest"
},
"MinSize": 1,
"MaxSize": 6,
"DesiredCapacity": 1,
"DefaultCooldown": 300,
"AvailabilityZones": [
"eu-central-1a"
],
"LoadBalancerNames": [],
"TargetGroupARNs": [],
"HealthCheckType": "EC2",
"HealthCheckGracePeriod": 300,
"Instances": [
{
"InstanceId": "i-XXXXXXXXXXXXXXX",
"AvailabilityZone": "eu-central-1a",
"LifecycleState": "InService",
"HealthStatus": "Healthy",
"LaunchTemplate": {
"LaunchTemplateId": "lt-XXXXXXXXXXXXX",
"LaunchTemplateName": "eks-nodegroup-AZ1",
"Version": "1"
},
"ProtectedFromScaleIn": false
}
],
"CreatedTime": "2019-09-24T17:24:57.805Z",
"SuspendedProcesses": [],
"VPCZoneIdentifier": "subnet-XXXXXXXXXXXX",
"EnabledMetrics": [],
"Tags": [
{
"ResourceId": "eks-nodegroup-AZ1",
"ResourceType": "auto-scaling-group",
"Key": "Name",
"Value": "eks-nodegroup-AZ1",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ1",
"ResourceType": "auto-scaling-group",
"Key": "k8s.io/cluster-autoscaler/enabled",
"Value": "true",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ1",
"ResourceType": "auto-scaling-group",
"Key": "k8s.io/cluster-autoscaler/k8s-team-sandbox",
"Value": "true",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ1",
"ResourceType": "auto-scaling-group",
"Key": "kubernetes.io/cluster/k8s-team-sandbox",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
],
"NewInstancesProtectedFromScaleIn": false,
"ServiceLinkedRoleARN": "arn:aws:iam::XXXXXXXXXXXXXXX:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
},
{
"AutoScalingGroupName": "eks-k8s-team-sandbox-AZ2",
"AutoScalingGroupARN": "arn:aws:autoscaling:eu-central-1::autoScalingGroup:25324f3a-b911-453c-b316-46657e850b19:autoScalingGroupName/eks-nodegroup-AZ2",
"LaunchTemplate": {
"LaunchTemplateId": "lt-XXXXXXXXXXXX",
"LaunchTemplateName": "eks-nodegroup-AZ2",
"Version": "$Latest"
},
"MinSize": 1,
"MaxSize": 6,
"DesiredCapacity": 1,
"DefaultCooldown": 300,
"AvailabilityZones": [
"eu-central-1b"
],
"LoadBalancerNames": [],
"TargetGroupARNs": [],
"HealthCheckType": "EC2",
"HealthCheckGracePeriod": 300,
"Instances": [
{
"InstanceId": "i-XXXXXXXXXXXX",
"AvailabilityZone": "eu-central-1b",
"LifecycleState": "InService",
"HealthStatus": "Healthy",
"LaunchTemplate": {
"LaunchTemplateId": "lt-XXXXXXXXXX",
"LaunchTemplateName": "eks-nodegroup-AZ2",
"Version": "1"
},
"ProtectedFromScaleIn": false
}
],
"CreatedTime": "2019-09-24T17:24:57.982Z",
"SuspendedProcesses": [],
"VPCZoneIdentifier": "subnet-XXXXXXXX",
"EnabledMetrics": [],
"Tags": [
{
"ResourceId": "eks-nodegroup-AZ2",
"ResourceType": "auto-scaling-group",
"Key": "Name",
"Value": "eks-nodegroup-AZ2",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ2",
"ResourceType": "auto-scaling-group",
"Key": "k8s.io/cluster-autoscaler/enabled",
"Value": "true",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ2",
"ResourceType": "auto-scaling-group",
"Key": "k8s.io/cluster-autoscaler/k8s-team-sandbox",
"Value": "true",
"PropagateAtLaunch": true
},
{
"ResourceId": "eks-nodegroup-AZ2",
"ResourceType": "auto-scaling-group",
"Key": "kubernetes.io/cluster/k8s-team-sandbox",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
],
"NewInstancesProtectedFromScaleIn": false,
"ServiceLinkedRoleARN": "arn:aws:iam::ARN:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
}
]
}
I need to parse it to get :
{
"eks-nodegroup-AZ1" : "$DesiredCapacityForEks-nodegroup-AZ1",
"eks-nodegroup-AZ2" : "$DesiredCapacityForEks-nodegroup-AZ2",
"eks-nodegroup-AZ3" : "$DesiredCapacityForEks-nodegroup-AZ3",
"eks-nodegroup-AZX" : "$DesiredCapacityForEks-nodegroup-AZX",
}
The following expected output will be used for external data resource for terraform to be able to automate DesiredCapacity value during the ASG rolling-updates.
Thanks,
Dominik
Try with your response,
response | jq '.AutoScalingGroups[] | {(.AutoScalingGroupName): .DesiredCapacity}' | jq -s add

Get AWS machine type (ubuntu/nixos/centos, etc) [duplicate]

This question already has answers here:
How to find OS of an EC2 instance using AWS CLI
(6 answers)
Closed 3 years ago.
Using an AWS cli command like so:
aws ec2 describe-instances
is there a way to get information about what kind of machine (or the AMI used) for each instance? This is the info I see for instance using describe-instances:
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "20xx-x9-21T22:59:00.000Z",
"PublicIpAddress": "xxx.xxx.xxx.xxx",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"ProductCodes": [],
"VpcId": "vpx-xx338d07",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 1
},
"StateTransitionReason": "",
"InstanceId": "i-xxxxf9762a4140a88",
"EnaSupport": true,
"ImageId": "amx-xx32ec5bc225539f5",
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"KeyName": "ntrs-prod",
"SecurityGroups": [
{
"GroupName": "public web server",
"GroupId": "sg-xxxac430acd613381"
}
],
"ClientToken": "",
"SubnetId": "suxxxx-cc1c0e84",
"InstanceType": "t2.medium",
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "0z:5O:8z:O5:3o:9z",
"SourceDestCheck": true,
"VpcId": "vpx-xx338d07",
"Description": "",
"NetworkInterfaceId": "enx-xxbd4b3bd8f339aaf",
"PrivateIpAddresses": [
{
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"Primary": true,
"Association": {
"PublicIp": "xxx.xxx.xxx.xxx",
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
}
}
],
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "enx-xxtach-01948e0bd9059a635",
"AttachTime": "20xx-x9-21T22:59:00.000Z"
},
"Groups": [
{
"GroupName": "public web server",
"GroupId": "sg-xxxac430acd613381"
}
],
"Ipxxxxdresses": [],
"OwnerId": "91xxxx820371",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"SubnetId": "suxxxx-cc1c0e84",
"Association": {
"PublicIp": "xxx.xxx.xxx.xxx",
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
}
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-xxxt-2a"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vox-xxda51640e0c4ac9a",
"AttachTime": "20xx-x9-21T22:59:01.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "manu-demo",
"Key": "Name"
},
{
"Value": "Web Server",
"Key": "Type"
}
],
"HibernationOptions": {
"Configured": false
},
"AmiLaunchIndex": 0
}
It's right there in the describe-images output under the field ImageId.
To get a list of instances and their images (i.e. AMIs), you can use the query option to list only those attributes:
$ aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, ImageId]"

Sort EC2 Instances by Tag Name

So I'm using the aws cli to retrieve a list of instances in addition to the jq tool. I do so with the following command.
aws ec2 describe-instances | jq '.Reservations[].Instances[]'
With the following example json response.
{
"Reservations": [
{
"OwnerId": "1234",
"ReservationId": "r-124991k",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-07-31T16:48:01.000Z",
"PrivateIpAddress": "11.123.104.123",
"ProductCodes": [],
"VpcId": "vpc-sdfsdf9109",
"StateTransitionReason": "",
"InstanceId": "i-1223421",
"ImageId": "ami-aklasd131",
"PrivateDnsName": "private.dns.name",
"KeyName": "testkey",
"SecurityGroups": [
{
"GroupName": "secur-grou",
"GroupId": "sg-a3d234a"
}
],
"ClientToken": "",
"SubnetId": "subnet-57absfsdf",
"InstanceType": "m3.large",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "12:c3:f2:5c:5f:4d",
"SourceDestCheck": false,
"VpcId": "vpc-sdfsdf9109",
"Description": "",
"NetworkInterfaceId": "eni-81b1234",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "11.123.104.123"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-5asdf234",
"AttachTime": "2015-07-30T16:10:39.000Z"
},
"Groups": [
{
"GroupName": "secur-grou",
"GroupId": "sg-a3d234a"
}
],
"SubnetId": "subnet-57absfsdf",
"OwnerId": "1234",
"PrivateIpAddress": "11.123.104.123"
}
],
"SourceDestCheck": false,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1c"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-28c882",
"AttachTime": "2015-07-30T16:10:43.000Z"
}
},
{
"DeviceName": "/dev/sdb",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-3f1d5",
"AttachTime": "2015-07-30T16:10:43.000Z"
}
},
{
"DeviceName": "/dev/sdg",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-81c8b",
"AttachTime": "2015-07-30T16:10:43.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "apple",
"Key": "Name"
},
{
"Value": "tag",
"Key": "extra"
}
],
"AmiLaunchIndex": 0
}
]
},
{
"OwnerId": "1234",
"ReservationId": "r-2a72342",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-07-31T16:48:01.000Z",
"PrivateIpAddress": "11.123.104.83",
"ProductCodes": [],
"VpcId": "vpc-sdfsdf9109",
"StateTransitionReason": "",
"InstanceId": "i-f9271451",
"ImageId": "ami-aklasd131",
"PrivateDnsName": "private.name.here",
"KeyName": "testkey",
"SecurityGroups": [
{
"GroupName": "secur-grou",
"GroupId": "sg-a3d234a"
}
],
"ClientToken": "",
"SubnetId": "subnet-5llqjwdf",
"InstanceType": "m3.large",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "12:ea:06:8b:ff:86",
"SourceDestCheck": false,
"VpcId": "vpc-sdfsdf9109",
"Description": "",
"NetworkInterfaceId": "eni-82kjs91",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "11.123.104.13"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-35312341",
"AttachTime": "2015-07-30T17:29:00.000Z"
},
"Groups": [
{
"GroupName": "secur-grou",
"GroupId": "sg-a3d234a"
}
],
"SubnetId": "subnet-57absfsdf",
"OwnerId": "1234",
"PrivateIpAddress": "11.123.104.83"
}
],
"SourceDestCheck": false,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1c"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-ee1c21",
"AttachTime": "2015-07-30T17:29:02.000Z"
}
},
{
"DeviceName": "/dev/sdb",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-13awer",
"AttachTime": "2015-07-30T17:29:02.000Z"
}
},
{
"DeviceName": "/dev/sdg",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-3111",
"AttachTime": "2015-07-30T17:29:02.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "banana",
"Key": "Name"
},
{
"Value": "tag",
"Key": "extra"
}
],
"AmiLaunchIndex": 0
}
]
}
]
}
But for the instances that are returned I would like them to be sorted by their Tag Name. I've tried the following.
jq '.Reservations[]|=sort_by(.Instances[].Tags[.Key="Name"].Value)'
But jq complains with several error messages. Is there an easy way to sort the json by Name tag and then get the PrivateDNS entry in that sorted order?
Okay, I'm not sure if I understood what you want. This is what I think you are asking for; please correct me if I'm wrong:
In each Reservation, I want the Instances inside to be sorted by the Value of the Tag whose Key is "Name"
And this is what would solve that problem:
jq '.Reservations[].Instances |= sort_by(.Tags[] | select(.Key == "Name").Value)'
Alternatively, you may be asking for this:
I want the Reservations to be sorted by the Value of the Tag whose Key is "Name" inside the Instances.
Which would be solved by this:
jq '.Reservations |= sort_by(.Instances[].Tags[] | select(.Key == "Name").Value)'
(The behavior of this script is probably meaningless if there are several Instances in a Reservation)
As of getting the private DNS values out, just select those with something like:
.Reservations[].Instances[].PrivateDnsName
You can also pipe that after the sorting script.