I am going to automate AWS EC2 instance creation. I have a yaml file which built using cloud formation template. I want to know how do i run this using command line interface.
first you have to upload your template to S3.
create bucket
aws s3api create-bucket --bucket cloud-formation-stacks --region us-east-1
upload to S3
aws s3 sync --delete <template> s3://cloud-formation-stacks
create stack
aws cloudformation create-stack --stack-name mystack
--template-url <template url>
--parameters ParameterKey=KeyName,ParameterValue=YOUR_KEY_NAME
add your parameters as shown. (vpc, security group, subnet id, tags etc etc)
OR. you can do this viva AWS management console, Services->Cloudformation and upload your template.
Related
When starting EC2 instances via aws cli I can specify a KmsKeyId for BlockDevices.
When starting an EC2 instance via Cloudformation (either directly or via ASG/LaunchConfiguration) this option does not exist.
How can I encrypt the block devices of my EC2 instances started via Cloudformation with a specific KMS Key?
It looks like the chain is:
Instance > [ BlockDeviceMapping ] > Ebs > KmsKeyId
We have our VPCs not directly connected to internet. So we need CLI --endpoint-url option to send commands to the custom VPC endpoints instead of standard AWS service endpoints
e.g.
aws sns publish --message $MESSAGE --target-arn $SNSTARGET --region $REGION --endpoint-url 'https://vpce-xxxx-xxxxx.sns.ap-southeast-1.vpce.amazonaws.com/'
For autoscaling though:
I can't find any vpc endpoint interface option and the EC2 endpoint is not accepted.
aws autoscaling complete-lifecycle-action --lifecycle-hook-name $LIFECYCLEHOOKNAME --auto-scaling-group-name $ASGNAME --lifecycle-action-result $HOOKRESULT --instance-id $INSTANCEID --region $REGION
Could not connect to the endpoint URL: https://autoscaling.ap-southeast-1.amazonaws.com/
If I try to use the closest endpoint i.e. EC2
aws autoscaling complete-lifecycle-action --lifecycle-hook-name $LIFECYCLEHOOKNAME --auto-scaling-group-name $ASGNAME --lifecycle-action-result $HOOKRESULT --instance-id $INSTANCEID --region $REGION --endpoint-url 'https://vpce-xxxx-xxx.ec2.ap-southeast-1.vpce.amazonaws.com/'
An error occurred (InvalidAction) when calling the CompleteLifecycleAction operation: The action CompleteLifecycleAction is not valid for this web service.
AWS will be adding EC2 autoscaling VPC endpoint in the coming weeks, the rumor is before Re:Invent.
I am a newbie trying to get a Docker image into an AWS container registry. According to the AWS documentation, I enter credentials into the AWS CLI and then issue the command aws ecr get-login.
This results in the following:
C:\Users\xxx\Desktop>aws ecr get-login --region us-east-1
An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation:
User: arn:aws:iam::847077264418:user/xxx
is not authorized to perform: ecr:GetAuthorizationToken on resource: *
Clearly this is something in the AWS IAM. How do I fix it?
By default, IAM users don't have permission to create or modify Amazon
ECR resources, or perform tasks using the Amazon ECR API. (This means
that they also can't do so using the Amazon ECR console or the AWS
CLI.) To allow IAM users to create or modify resources and perform
tasks, you must create IAM policies that grant IAM users permission to
use the specific resources and API operations they'll need, and then
attach those policies to the IAM users or groups that require those
permissions.
from http://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_IAM_policies.html
I am using the below Script to attach and detach the server from load balancer
#!/bin/bash
aws elb register-instances-with-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e
aws elb deregister-instances-from-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e
When I am running the script I am getting the error as below
Service elasticloadbalancing not available in region ap-southeast-1b
Service elasticloadbalancing not available in region ap-southeast-1b
Is there any changes I want to make the script working or Is there any alternate script to do the work.
The error says region ap-southeast-1b, but ap-southeast-1b is an Availability Zone, not a Region.
The Region should be ap-southeast-1.
Run aws configure and confirm that your Region is set correctly.
Seems your ELB is set in other regions, add --region in your command, for example, if the ELB is created at us-east-1:
aws elb register-instances-with-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e --region us-east-1
aws elb deregister-instances-from-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e --region us-east-1
I'm using the following command to set up the AWS launch config:
as-create-launch-config test1autoscale --image-id ami-xxxx --instance-type m1.small
where ami-xxxx is the image id that I got from my instance via the web console. I get the following error:
Malformed input-AMI ami-xxxx is invalid: The AMI ID 'ami-xxxx' does not exist
I have triple checked that the image id matches the instance image id. My availability zone is ap-southeast-1a. I am not clear on what image is being asked for if it will not accept the image of the instance I wish to add to the autoscale group
Try adding the region endpoint (because by default it's looking into us-east-1 enpoint) to your config command, then it should work:
as-create-launch-config test1autoscale --region ap-southeast-1 --image-id ami-xxxx --instance-type m1.small
Also take a look at this: Regions and Endpoints - Amazon Web Services Glossary