I have a client aws account i cannot get access to and he cannot access gmail to change password. He owns an ec2 instance. I have ssh access. If i go in and shut down the server, not able to terminate, what will my monthly charges be. We have the 30g storage im sure is ebs. Owner says its either micro or medium i assume I can figure that out myself with free command
Firstly - if neither of you have access to the account, who does? As suggested in the comments you should contact AWS support to gain access to the account based on your account information.
Secondly, to your question, if the only thing running on the account is one instance with attached EBS that doesn't get any traffic, no snapshots, and no other services deployed, you would only pay for the EBS volume.
Please note that if you have programmatic access with the right privileges you can use the AWS CLI (or SDK) to terminate the instance and the EBS:
terminate-instances
--instance-ids <value>
[--dry-run | --no-dry-run]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html
Related
I'm having a hard time understanding why I am being charged on a EC2 instance I'm not running.
I'm using a IAM account, I have an RDS t3.medium up on the master account where the RDS cost is charged, but it appears I'm being charged as my IAM account for a EC2 I dont' use.
So what may be causing this ec2 charging?
You are being charged for a t2.micro Amazon EC2 instance in the Ohio region because such an instance is/was running.
If you are still in the first 12 months of your AWS Account, there will be no charge for this instance because the AWS Free Tier includes 750 hours per month of a t2.micro instance.
You should look in the EC2 management console for Ohio, just to check whether the instance is still running.
The problem here is I have a s3 bucket (cross account). I only want the application I deployed to the ec2 instance to access the bucket (through ec2 instance role). But I still want, says User A (without any role to access the s3 bucket) to ssh to the instance to perform some debugging. I definitely don't want User A who can ssh to ec2 to access that S3 bucket. Is there a way to prevent this?
Pretty sure an ec2 role applies to the entire machine, so any user that has login rights would be able to execute requests using the role.
To avoid having to debug locally from the instance, you could setup log shipping and export metric data to cloudwatch logs/metrics. You can also setup AWS SSM Run command to allow execution of specific commands/scripts against the instances. Both CloudWatch and the Run command can be secured with IAM policies to control who has access to what.
I have an existing Windows EC2 instance and I'd like to enable custom metrics to Cloudwatch and forward logs to Cloudwatch Logs. I understand that I need to install EC2Config agent to do this. Since this is an already provisioned instance I'm unable to use an IAM role for passing credentials. Will I be able to use an IAM User with the correct policy to do this i.e can I hardcode the access key and secret key in EC2config somewhere?
Also for enabling Cloudwatch Custom Metrics + Logs is it simply a tick box that enables it?
Will EC2Config have any undesired impact on the OS, I can see many options around password changes and formatting EBS volumes - I assume if i leave those options alone it enable itself, since I'm only interested in forwarding logs to cloudwatch.
Thanks
You asked several questions, i will try to address them.
You cannot assign an IAM role to an instance after it has been created.
I would try to install the AWS cli tools and use aws configure to check if the EC2Config agent can use it
The agent sends the logs to CloudWatch. As it is an Agent running it does consume system resources but it should be minimal.
Currently we are hosting a customer's instance in our Amazon EC2 Account. We would like to move this to the customer's account so that the billing is transferred.
Is there an easy way to simply migrate an instance to a different Amazon Cloud account?
No, you cannot move an running instance from one account to another.
You can however create an AMI of that instance and share the AMI with the other account. Take note of "Sharing an AMI with Specific Users":
http://aws.amazon.com/articles/530
Do I need to create an EC2 instance in order to remotely connect to my Amazon RDS instance?
I understand that setting up an Amazon RDS instance automagically creates an EC2 instance 'in the background'. But when looking into my EC2 console I don't see that hidden instance so I can't find the details for the public DNS or Elastic IP, neither the EC2 instance key that I need to connect through SSH.
Yes, an RDS instance creates an EC2 instance to run the database but you don't have direct access to it via ssh, which is kind of the point.
RDS is a service that is managed for you and the idea is to hide the implementation details and simply provide an endpoint to connect to from another EC2 instance. You can find the endpoint name in the EC2 console - just use this as the hostname to connect to from your application and you can treat RDS just like any other database.
Amazon need to maintain a level of control over the server in order to provide it as a service and ssh access would interfere with that. There are a few things you miss out on because of this (e.g. direct access to DB files) but these are far outweighed by having Amazon manage upgrades, backups and replication for you.