I would like to run an EC2 in another region without having to change aws configuration. This is a script that should run for other users as well.
I know that it is possible to create an SG in another region just by passing the argument --region us-east-2 .. but doesn't work for Runinstances api.
Another solution would be a script that runs aws configure and change ONLY the region, without any input from the user. any idea on how to implement any of these 2 ?
--region works for all aws cli commands. It is a top-level parameter documented here. If that isn't working for you, you should show the details of that in your question.
Also, aws configure only sets the default region. You can override the current region at any time by setting the AWS_REGION environment variable. You could do this inside your script before calling aws cli commands.
See the aws cli environment variable documentation.
Related
I'm new to AWS Lambda and following some tutorials to learn. But I haven't figured out if I'm able to run some shell script on EC2 instances via AWS Lambda.
I have multiple servers running on AWS EC2 24/7. Within the EC2 instance, I have a script to generate logs, package it and send it to my email. You can assume there's a shell script written in advance for me to trigger.
So far I always use session manager or ssh into each instance to execute the shell script. However, due to the secruity concerns, I'm not going to ssh anymore. As I need to execute the shell script on each server in a particular order, it's painful to open that much session manager and execute each shell scripts one by one manually.
So I wonder if I can get some help from AWS Lambda. My goal is to use AWS Lambda to ssh (or session manager or something else) to get in the EC2 instance to execute the shell script for me. As I have multiple servers, I learned that I can use scripts in AWS Lambda to do this one by one automatically, which would make things easy like triggering a AWS Lambda button to execute shell scripts in each server one by one in a particular order.
Could anyone please provide me some guidence on the AWS Lambda part or some other guidence if there's a better way in AWS to allow me execute shell scripts in multiple EC2 in a particular order automatically. I would appreciate that!
One of my developer is creating a Images and they are storing in AWS, and I can see them under Images --> AMI.
Now here my request starts -
I want to take the latest AMI and launch EC2. So how can I write JSON to call the latest AMI and launch EC2.
Can you please help me quickly. Thanks in Advance!
You have two options:
Determine the AMI to use, and then pass that value to the CloudFormation template as a Parameter. Whatever code you use to launch the template would be responsible for doing a lookup on the AMI to use, so it is happening before CloudFormation is called.
Use a Custom Resource in CloudFormation that can call a Lambda function, which would determine the AMI to use. The Lambda function would return the value to CloudFormation, which would then use that value to launch the instance.
Either way, you would need to write code to perform your logic. It cannot be done within the JSON itself.
I launched an instance with an iam role
I now want to remove the role from the instance via powershell
I must be confused about the terminology here because I'm reading this doc and I don't see how to remove a role from an instance.
I want to run this command on the EC2 instance that the role will be removed from.
There can only be one role assigned to an instance so is there a way to dynamically get the iam role that has been assigned to an instance and remove it from the instance via the powershell api?
You can do that using AWS CLI (v1.11.46 or newer). You can disassociate an IAM instance profile from a running or stopped instance using the disassociate-iam-instance-profile command.
For more details, see the disassociate-iam-instance-profile CLI command documentation.
You cannot change (add or remove) IAM Roles on an instance once it has been created. This is a limitation of the EC2 service and is the same no matter which CLI you use so it isn't just powershell that cannot do this.
You have to re-create the instance with new roles if you want to change them.
Adding and changing Roles on EC2 instances is now (early 2017) supported via the CLI or Console.
You can just remove a role via the CLI remove-role-from-instance-profile or via the console by replacing the old with the offered "No Role" option.
I wish to create the following using Cloudformation:
An autoscale group with a single spot instance, with an assigned route53 record which will always be directed to the instance, even if the instance is replaced.
I know how to do this with the Ruby API (not cloudformation).
How can I define this using Cloudformation ?
You have two options:
Option #1: Update R53 in your spot instance, after it boots:
In your Cloudformation template create an IAM role with permissions to update the appropriate R53 record
Assign that role to your spot instance
When your spot instance initializes have it update R53 directly via the REST APIs. I usually do this by setting a shell script in the UserData and have cloudinit run it on boot.
To update via Ruby you'll need the access id, access key and security token. Since you assigned an IAM role to the instance these are available via the Metadata API. Most libraries automatically pull out these values so you might not even need to do it manually. Boto and the nodejs SDK does it automatically.
Option #2: Use an ELB
In your CloudFormation create an ELB
In your CloudFormation create an R53 alias record that points at the ELB's DNS name
If cost is a factor, an ELB may be a little expensive to just add an extra layer of indirection.
I'm making a custom ami to use in CloudFormation template and hence I don't need any of cloud-init functionality except running user-data script I provide in CFN template. How do I configure cloud-init to only run that script on instance boot?
The cloud formation scripts, like cfn-init, must be called from UserData to start. If you don't want to use them, just don't call them. If you want, you can uninstall them from your image (if they're even present). AWS Reference