How to find how Amazon AMI created date - amazon-web-services

Is there a way to find out Amazon EC2 AMI creation date/time from AWS Console or command line?
Note: I am not looking for instance creation, rather when was a particular AMI created?

Querying the creation date of an AMI has been a requested feature since 2006.
Back when I was creating community AMIs in 2007-2009 I started a trend of including the creation date in the AMI name/description (e.g., 20121210). This practice has been picked up by a number of popular AMI series, so you may want to check out the name and description of the AMI for a date looking string.

From AWS's 'What's New' :
AMI Creation Date is now available on the AWS Management Console. You can find this attribute by going to the EC2 console and choosing AMIs on the left navigation menu. You should see a new column on the AMIs page called "Creation Date"
You can also see this 'CreationDate' attribute with AWS EC2 CLI using:
ec2 describe-images --image-ids ami-a3e0thy0

Two alternatives:
1) You can view info about the associated snapshot from the EC2 snapshot panel, specifically the "Started" field which will tell you the time the snapshot started. I think this is very close, and worked well for AMIs my coworkers and I created - not so well for private AMIs. Simply find the snapshot ID (snapshot-1234abcd) in the AMI view in the "Block devices" field, then look up that snapshot in the Snapshots view.
2) If you are in a region which offers AWS CloudTrail, you can probably find that info in the CloudTrail logs.

This is not currently possible. The ability to better track versions of AMIs is a often requested feature though. Expect AWS to be releasing some enhancements in this area relatively soon.

If you want to use the CLI, but only want the image ID and the creation date, you can run this:
aws ec2 describe-images --image-ids ami-XXXXXXXX --query 'Images[*].[ImageId,CreationDate]'

Related

List all running EC2 instances without any snapshots

Does anyone know of an AWS CLI command that will list any running instance (run against a particular region) that doesn't have a snapshot available.
The closest command Ive found to try would be something like:
aws ec2 describe-snapshots --owner-ids self --query 'Snapshots[]' --region=us-east-1
I didn't actually get any return on it - just:
-------------------
|DescribeSnapshots|
+-----------------+
This is supposed to name every EC2 snapshot for each instance -- so I would have to subtract these ones from the entire EC2 inventory to reveal EC2 instances without.
Hence - I would like a command that would show running EC2 instances without any snapshots available -- so I can put something in place going forward.
Amazon EBS Snapshots are associated with Amazon EBS Volumes, which are associated with Amazon EC2 instances.
Therefore, you would need to write a program using an AWS SDK (I'd use Python, but there are many available) that would:
Obtain a list of all EBS Snapshots (make sure you use the equivalent to --owner-ids self), in which the return data will include the associated EBS VolumeId
Obtain a list of all EBS Volumes, in which the return data will include Attachments.InstanceId
Obtain a list of all running EC2 instances
Do a bit of looping logic to find Volumes without Snapshots, and then determine which instances are associated to those Volumes.
Note that rather than finding "instances without snapshots" it has to find "instances that have volumes without snapshots".
I don't think there is by default a CLI command that will allow you to do this. You can tag your snapshots with your instance ids for example then can query snapshots by filtering on the tags. Or you will have to use AWS SDK and create a custom script to allow you the get all instances and then check their volume ids if they have snapshots created or not.

Where does AWS Lifecycle manager save the snapshot it takes as backup

I configured a set of Lifecycle manager Policies to back-up my EC2 instances last week, but I cannot find any relevant snapshots in the EBS snapshots section. Can someone please advise if I should look for the snapshots somewhere else, or if I should review any specific parameters that regard the policy, or if even I should use another method?
Thank you.
Schedule details
Lifecycle manager will create the backup as a regular EBS snapshot, EBS snapshots are stored in S3 however you do not have access to the snapshot other than through the console/API.
Based on your configuration it will only apply to a tag of Name with the value of Graylog v3.3.2. This will happen once a week at 12:30PM UTC on a Monday.
If the snapshots are not being generated check the following:
Do the target instances have this name and value assigned to them?
Does the execution IAM role have permissions to perform this action? If it has the default permissions then it will be fine to run.
Thank you for the answer and apologies for this issue I'm kind of new to AWS and I managed to solve it.
The issue was simply in the filter applied to the snapshots tab I wasn't seeing the full name. bottom line the policy was working fine after all.

Linux commandline to share an EC2 snapshot

I would like to setup a batch process as follows on Amazon AWS:
take snapshot of volumes tagged "must_backup"
share those snapshots with account B
make a copy of those snapshots within account B
the purpose of this is to protect the backups in case the first Amazon AWS account gets compromised.
I know how to automate steps 1 & 3, however I cannot find a commandline example on how to perform step 2.
The official documentation https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
does not provide any sample and does not clearly state how to specify the target account on the commandline.
I've double checked the previous solution and it's not ok. Basically "sharing" a snapshot means allowing other accounts to create a volume from that snapshot.
This implies adding a value to the "createVolumePermission" attribute
aws ec2 modify-snapshot-attribute --snapshot-id snap-<id> --user-ids <user-id-without-hypens> --attribute createVolumePermission --operation add
the operation might take some time (minutes?) after that you'll be able to query the attribute this way:
aws ec2 describe-snapshot-attribute --snapshot-id snap-<id> --attribute createVolumePermission
PS: for the purposes mentioned in the question this is probably not enough since the 'destination' account will not be able to see any of the tags from the source account, thus it will be impossible to perform a correct backup if the source account shares multiple snapshots with the same size
Example Commands for aws cli: copy ec2 snapshot
aws ec2 modify-snapshot-attribute --snapshot-id snap-1234567890 --user-ids other-amazon-account-id

EC2 "clone" from snapshot NOT working

I wanted to take a pre-existing t2.medium EC2 instance and essentially clone it. Knowing no exact feature exists within AWS I scoured their documentation, asked people I know and came up with:
Create snapshot of said EC2 instance
Create AMI of snapshot
Build EC2 instance from AMI
When I went to build the new EC2 I was only given the option for a t1.micro OR m3.medium and above. I tried both (in and out of same region as original) and kept getting "insufficient data" under Status Checks.
Any ideas on what is going on here?
It sounds like you selected "paravirtual" as the virtualization type when you created the AMI, when you should have selected "hvm".
If you are doing this from the console you can create an AMI directly from the pre-existing EC2 instance, skipping the manual snapshot step, which should automatically use the correct settings for the AMI.

Generating configuration for an EC2 instance using Amazon AWS CLI

I have an existing EC2 instance myEC2 up and running.
How do I use the CLI to generate the configuration for this so that I can run a command in my CLI window that will create a new identical EC2 with the name myEC2_B?
Amazon documentation is a disaster as far as I can see. Seems to assume a certain level of knowledge for every topic
I'm not sure about how to do this from the command line interface, but it's certainly possible (and quite easy, I might add):
Jump over to your Instances page.
Find and select the instance that you want to duplicate:
Under the actions menu, click create image
Give the image a name, etc. in the dialog. If you are in a dev environment and can shutdown the server, you should probably tick the no reboot box. Otherwise, leave it unticked. Wait while it's created.
Head over to the AMIs option in the sidebar:
Find your newly-created image and tick it:
Click the big blue launch button at the top of the screen. You'll get to choose an instance size, etc.
Enjoy your duplicated server ;)
You would need to do at least a two step process, but lets look at how we would do it all from the console.
list our instances along with their name and instance id:
aws ec2 describe-instances --filters Name=vpc-id,Values=* --query 'Reservations[].Instances[].[PrivateIpAddress,InstanceId,Tags[?Key==`Name`].Value[]]' --output text | sed '$!N;s/\n/ /'
I get a nice spit out of my instances, IP and instance ID along with the name, take note of the instance we want and its instance-id
Now we are going to write that Instance to a new ami using the create-image ec2 sub command:
aws ec2 create-image --instance-id="MYINSTANCEID"
Now we have the AMI (image-id) we simply launch new ec2 instance with the ami id like so:
aws ec2 run-instances --image-id="ami-d13513b2" --key-name="jjs-skyramp" --security-group-ids="sg-daa5c5bf" --instance-type="t2.small"
Of course if you did this all too quickly you will get the following:
Which is telling us the AMI we created before is still pending, so might want to wait till thats finished, and I assure you the command will copy your Imaged machine :)
You can see the commands I used, what I used represents the bare minimum to launch an image as a new ec2 instance, you can see all the other options at: https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html
Its easy to get your id's for each appropriate paramater by simply running:
"aws ec2 describe-THING-I-WANT-TO-SEE
then play some with filters for the json data.
Hope this helps.