发表新帖
发表新帖

Query EC2 tags from within instance

前端 未结
关注
14 1734
暗喜
暗喜 2020-12-02 05:57

Amazon recently added the wonderful feature of tagging EC2 instances with key-value pairs to make management of large numbers of VMs a bit easier.

Is there some way

相关标签:
14条回答
  • 予麋鹿
    2020-12-02 06:26

    Install AWS CLI:

    curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
sudo apt-get install unzip
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

    Get the tags for the current instance:

    aws ec2 describe-tags --filters "Name=resource-id,Values=`ec2metadata --instance-id`"

    Outputs:

    {
    "Tags": [
        {
            "ResourceType": "instance", 
            "ResourceId": "i-6a7e559d", 
            "Value": "Webserver", 
            "Key": "Name"
        }
    ]
}

    Use a bit of perl to extract the tags:

    aws ec2 describe-tags --filters \
"Name=resource-id,Values=`ec2metadata --instance-id`" | \
perl -ne 'print "$1\n" if /\"Value\": \"(.*?)\"/'

    Returns:

    Webserver
    0 讨论(0)
  • 滥情空心
    2020-12-02 06:27

    The following bash script returns the Name of your current ec2 instance (the value of the "Name" tag). Modify TAG_NAME to your specific case.

    TAG_NAME="Name"
INSTANCE_ID="`wget -qO- http://instance-data/latest/meta-data/instance-id`"
REGION="`wget -qO- http://instance-data/latest/meta-data/placement/availability-zone | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
TAG_VALUE="`aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=$TAG_NAME" --region $REGION --output=text | cut -f5`"

    To install the aws cli

    sudo apt-get install python-pip -y
sudo pip install awscli

    In case you use IAM instead of explicit credentials, use these IAM permissions:

    {
  "Version": "2012-10-17",
  "Statement": [
    {    
      "Effect": "Allow",
      "Action": [ "ec2:DescribeTags"],
      "Resource": ["*"]
    }
  ]
}
    0 讨论(0)
  • 小蘑菇
    2020-12-02 06:30

    If you are not in the default availability zone the results from overthink would return empty.

    ec2-describe-tags \
   --region \
     $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone  | sed -e "s/.$//") \
   --filter \
     resource-id=$(curl --silent http://169.254.169.254/latest/meta-data/instance-id)

    If you want to add a filter to get a specific tag (elasticbeanstalk:environment-name in my case) then you can do this.

    ec2-describe-tags \
   --region \
     $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone  | sed -e "s/.$//") \
   --filter \
     resource-id=$(curl --silent http://169.254.169.254/latest/meta-data/instance-id) \
   --filter \
     key=elasticbeanstalk:environment-name | cut -f5

    And to get only the value for the tag that I filtered on, we pipe to cut and get the fifth field.

    ec2-describe-tags \
  --region \
    $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone  | sed -e "s/.$//") \
  --filter \
    resource-id=$(curl --silent http://169.254.169.254/latest/meta-data/instance-id) \
  --filter \
    key=elasticbeanstalk:environment-name | cut -f5
    0 讨论(0)
  • 夕颜
    2020-12-02 06:31

    Download and run a standalone executable to do that.

    Sometimes one cannot install awscli that depends on python. docker might be out of the picture too.

    Here is my implementation in golang: https://github.com/hmalphettes/go-ec2-describe-tags

    0 讨论(0)
  • 别跟我提以往
    2020-12-02 06:32

    Using the AWS 'user data' and 'meta data' APIs its possible to write a script which wraps puppet to start a puppet run with a custom cert name.

    First start an aws instance with custom user data: 'role:webserver'

    #!/bin/bash

# Find the name from the user data passed in on instance creation
USER=$(curl -s "http://169.254.169.254/latest/user-data")
IFS=':' read -ra UDATA <<< "$USER"

# Find the instance ID from the meta data api
ID=$(curl -s "http://169.254.169.254/latest/meta-data/instance-id")
CERTNAME=${UDATA[1]}.$ID.aws

echo "Running Puppet for certname: " $CERTNAME
puppet agent -t --certname=$CERTNAME

    This calls puppet with a certname like 'webserver.i-hfg453.aws' you can then create a node manifest called 'webserver' and puppets 'fuzzy node matching' will mean it is used to provision all webservers.

    This example assumes you build on a base image with puppet installed etc.

    Benefits:

    1) You don't have to pass round your credentials

    2) You can be as granular as you like with the role configs.

    0 讨论(0)
  • 囚心锁ツ
    2020-12-02 06:38

    You can use a combination of the AWS metadata tool (to retrieve your instance ID) and the new Tag API to retrieve the tags for the current instance.

    0 讨论(0)
 看不清?
提交回复
热议问题