-
Notifications
You must be signed in to change notification settings - Fork 0
aws_faffing
Ian Ellis edited this page Mar 5, 2025
·
5 revisions
Strictly that's:
aws ec2 describe-instances |
jq '.Reservations[].Instances[] |
{InstanceId: .InstanceId, Name: (.Tags[] | select(.Key == "Name") | .Value)}'
or allowing for no Name tags, and including the instance statuses:
aws ec2 describe-instances |
jq '.Reservations[].Instances[] |
{InstanceId: .InstanceId,
Name: (if .Tags then (.Tags[] |
select(.Key == "Name") | .Value)
else
"No Name"
end),
State: .State.Name
}'
or another one:
aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | "\(.KeyName) \(.State.Name) \(.InstanceId)"'
Note: aws ec2 describe instances has --max-items arg to only get spec number.
Run an instance like this:
aws ec2 run-instances \
--image-id ami-050fc1d55b4f14ed9 \
--instance-type t2.nano \
--count 1 \
--subnet-id subnet-0e59071ee2e89f5ad \
--credit-specification CpuCredits=unlimited \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Application,Value="My_Application"},{Key=Git_repo,Value="project/path"},{Key=Environment,Value="Dev"},{Key=Name,Value="Bastion"}]' \
--tag-specifications 'ResourceType=volume,Tags=[{Key=Application,Value="My_Application"},{Key=Git_repo,Value="project/path"},{Key=Environment,Value="Dev"},{Key=Name,Value="Bastion"}]'
those tag specifications do not seem to take effect?
aws ec2 create-tags \
--resources i-08483a0bc72cc74d0 \
--tags Key=Application,Value="My_Application" \
Key=Git_repo,Value="project/path" \
Key=Environment,Value="Dev" \
Key=Name,Value="Bastion"
Command to start the troubleshooting automation
aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootManagedInstance" --parameters "InstanceId=i-0709f181a4016ad84"
returns JSON like this:
{
"AutomationExecutionId": "bc708106-d4de-4191-94b6-e1bdfd299975"
}
To check its progress:
aws ssm describe-automation-executions --filters Key=ExecutionId,Values=bc708106-d4de-4191-94b6-e1bdfd299975
should start off with AutomationExecutionStatus as InProgress. Get to CurrentStepName of FinalOutput before returning JSON like this:
{
"AutomationExecutionMetadataList": [
{
"AutomationExecutionId": "bc708106-d4de-4191-94b6-e1bdfd299975",
"DocumentName": "AWSSupport-TroubleshootManagedInstance",
"DocumentVersion": "10",
"AutomationExecutionStatus": "Success",
"ExecutionStartTime": "2025-02-21T11:13:42.854000+00:00",
"ExecutionEndTime": "2025-02-21T11:15:05.337000+00:00",
"ExecutedBy": "arn:aws:sts::438465125612:assumed-role/AWSReservedSSO_SeniorDevOps_5b18cc8ddb94b2c7/IANELLIS3.devt@dwpgovuk.onmicrosoft.com",
"LogFile": "",
"Outputs": {
"FinalOutput.Message": [
"1. Checks for Amazon VPC Systems Manager VPC Endpoint 'com.amazonaws.eu-west-2.ssm':\n- [OK] VPC endpoint 'vpce-057463b3dec02f266' for Systems Manager found on the EC2 instance's VPC: vpc-0986fa2a36ebc89d3.\n- [OK] Subnets configured for the VPC endpoint found: subnet-00d7376e0939bb88a.\n- [OK] Private DNS is enabled on the VPC endpoint.\n- [INFO] Security groups attached to the VPC endpoints: sg-08b5451c21d9ca82e.\n- [ERROR] VPC endpoint security groups 'sg-08b5451c21d9ca82e' do not allow traffic on port '443' from the instance security group(s) 'sg-09f6da9c017bf5920' or private IP '10.78.225.49'.\n\nFor more information see 'Configure an interface endpoint' in https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html.\n\n2. Checks for the VPC route table entries of the instance's subnet 'subnet-00d7376e0939bb88a:'\n- [INFO] VPC route table found: rtb-0d5f7da6418a43a6f.\n- [INFO] VPC local route (default route) available for 10.78.225.0/24.\n- [OK] The local route (default route) is used to communicate with the Systems Manager VPC endpoint interface 'vpce-057463b3dec02f266'.\n- [OK] A public route is not required to communicate with the Systems Manager VPC endpoint interface 'vpce-057463b3dec02f266'.\n- For more information about routing options see https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-vpc-peering\n- For more information about route tables see https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-vpc-peering\n\n3. Checks for NACL rules of the instance subnet 'subnet-00d7376e0939bb88a':\n- [SKIPPED] VPC endpoint for Systems Manager is present and in the same subnet as the EC2 instance.\n\n4. Checks EC2 instance 'i-0709f181a4016ad84' security groups outbound traffic:\n- Check outbound traffic to the public Systems Manager endpoint:\n- [INFO] Instance security group 'sg-09f6da9c017bf5920' allows outbound traffic on port '443' to '0.0.0.0/0'.\n- [OK] Instance security group 'sg-09f6da9c017bf5920' allows outbound traffic on port '443' to '0.0.0.0/0'.\n\n5. Checks EC2 instance IAM profile and required permissions:\n- Check Default Host Management Configuration:\n- [INFO] Default Host Management Configuration is Default.\n- Check for AWS managed policies attached to the instance profile 'mock_cia-ec2_ssm':\n- [OK] Found an AWS managed policy attached to the instance profile 'mock_cia-ec2_ssm' with required permissions.\n\n6. Additional Troubleshooting:\n- Starting with the SSM Agent version 3.1.501.0, you can use the 'ssm-cli' tool to diagnose issues at the operating system level.\n- Troubleshooting managed node availability using ssm-cli:\n- https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-cli.html\n- Troubleshooting reference:\n- https://repost.aws/knowledge-center/systems-manager-ec2-instance-not-appear\n- https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html"
]
},
"Mode": "Auto",
"Targets": [],
"ResolvedTargets": {
"ParameterValues": [],
"Truncated": false
},
"AutomationType": "Local"
}
]
}
aws ssm send-command --instance-ids "i-0640df3d461bd14f0" --document-name "AWS-RunShellScript" --comment "Running a custom command" --parameters 'commands=["sudo ls -l /"]'
aws ssm send-command --instance-ids "i-0e2986fce3661cdd4" --document-name "AWS-RunShellScript" --comment "Run ip a show" --parameters '{"commands":["ip a show"]}'
aws ssm list-command-invocations --command-id "25330bb6-28e3-4b0b-b505-f87dcb1fba71" --details
aws ssm list-commands --command-id "c9cbef98-c18e-41cf-ba2d-ae1fa1fbb383"
aws ssm get-command-invocation --command-id "c9cbef98-c18e-41cf-ba2d-ae1fa1fbb383" --instance-id "i-0e2986fce3661cdd4"
aws ec2 describe-subnets | jq '.Subnets[] | {SubnetId: .SubnetId, Name: (if .Tags then (.Tags[] | select(.Key == "Name") | .Value) else "No Name" end)}'
aws ec2 describe-instances --instance-ids <InstanceID> --query 'Reservations[*].Instances[*].SubnetId' --output text
aws ec2 describe-network-acls --filter Name=association.subnet-id,Values=<SubnetID>
aws ec2 describe-vpc-endpoints | jq '.VpcEndpoints[].Groups[].GroupName'
aws logs get-log-events \
--log-group-name /ec2/var/log \
--log-stream-name test-stream
aws logs put-log-events \
--log-group-name /ec2/var/log \
--log-stream-name test-stream \
--log-events "[{\"timestamp\":$(($(date +%s) * 1000)),\"message\":\"Test_log_message1\"}]"