When I run the following command, this is what I get.
$ aws ec2 get-ebs-default-kms-key-id --region us-west-2
{
"KmsKeyId": "alias/aws/ebs"
}
But what I really want is the key id under "(default) aws/ebs" (shown below).
You can use this command to get the key ids for all the keys in your account.
aws kms list-aliases --query 'Aliases[*].TargetKeyId'
Related
Hi I would like to use AWS CLI fillters to find the security group. I found in tutorial command i should use, but it doesn't work.
aws ec2 describe-security-groups --filters Name=key,Values="xxx" --profile dev
I have a few security groups with tags with schema like this:
tags:
- Key : aws-security-group05
Value : 1.0.1.1
And I want to find ID of security group by fillterring by tags and values.
You have to provide correct syntax like below-
For example, if you want to list down all security groups which are having a tag named as Department and the value of that tag is HR,
aws ec2 describe-security-groups --filters Name=tag:Department,Values=HR
for your case it would be -
aws ec2 describe-security-groups --filters Name=tag:aws-security-group05,Values=1.0.1.1
above command will display all the details about security group, if you just want to see id of the security group, pls use --query parameter
example-
aws ec2 describe-security-groups --filters Name=tag:aws-security-group05,Values=1.0.1.1 --query 'SecurityGroups[].GroupId' --out text
I have following requirements to store multiple Secret/Key value (around 200 secrets) in AWS Secrets Manager and I do not want to enter each and every secret key/value manually from AWS Secrets Manager console. Although I have researched a bit and found from AWS docs that I can create a JSON file where I can write all Secret Key/Value and then pass that file to AWS Secrets manager command:
aws secretsmanager create-secret --name MyTestDatabaseSecret \
--description "My test database secret created with the CLI" \
--secret-string file://mycreds.json
Is this a good way of doing this or can there be any other better way to store all these secrets all at once?
testing in my AWS account this works like a charm:
aws secretsmanager create-secret --name TestMultiplesValues4 --description "Mytest with multiples values" --secret-string file://secretmanagervalues.json
Then the json file will be:
{"Juan":"1","Pedro":"2","Pipe":"3"}
where Juan is the key #1 and 1 the secret value of that key...
It is very simple and easy,
Note: this is to create one secret manager with multiples key/Value pair, not to create multiples secret managers with one Key/Value each one. Be careful with this concept.
Hope this help you more.
We have ElasticSearch domain created in one of the AWS account.
We are trying to use AWS cli command to "describe" this domain.
aws es describe-elasticsearch-domain --domain-name <domain-name>
But receiving error:
An error occurred (ResourceNotFoundException) when calling the
DescribeElasticsearchDomain operation: Domain not found:
We than used list-domain command:
aws es list-domain-names
But received empty response:
{
"DomainNames": [] }
We double checked account info. and credentials in .aws folder and we are pointing to correct aws account also able to view other resources in that account except ElasticSearch.
Any help is appreciated.
It's not the permission issue, It can be profile issue may be command run in other account but I am sure your Elastic search cluster is in a different region and you set the different region in aws configure
All you need to pass region to the aws command
aws es list-domain-names --region DOMAIN_REGION
or
aws es list-domain-names --region us-west-1
The exception clearly said the resources not found in the region by default which specified in aws configure using aws-cli.
aws es describe-elasticsearch-domain --domain-name youdomain domain_region
I'm trying to compile a full list of EC2 instances in my AWS account via the aws-cli. I'm successfully querying everything except the associated security groups for each instance. When I try pulling the security group name it comes through as None. Below is the command I've run. I've also tried 'Groups'.
aws ec2 describe-instances --region=us-west-2 --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value|[0],InstanceId,Placement.AvailabilityZone,State.Name,KeyName,SecurityGroups.GroupName]' --output table
That's because each instance might have multiple security groups assigned to it, so SecurityGroups is an array. you can access the first element in the array if instead of doing:
SecurityGroups.GroupName
you'll do:
SecurityGroups[0].GroupName
but that will show you only the first security group in the list. If you want to see the whole list you'll have to change your query to something like:
aws ec2 describe-instances --region "us-west-2" --query 'Reservations[*].Instances[*].[InstanceId,SecurityGroups[].GroupName |[*]]' --output text
I tried to find set aws-cli locally using IAM role & without using access key/secret access key. But unable to get information from meta url[http://169.256.169.256/latest/meta-data].
I am running Ec2 instance with Ubuntu Server 16.04 LTS (HVM), SSD Volume Type - ami-f3e5aa9c.I have tried to configure aws-cli on that instance.I am not sure what type of role/policy/user needed to get aws-cli configured in my Ec2 instance.
Please provide me step by step guide to achieve that.I just need direction.So useful link also appreciated.
To read Instance Metadata, you dont need to configure the AWS CLI. The problem in your case, is you are using a wrong URL to read the Instance Metadata. The correct URL to use is http://169.254.169.254/ . For example, if you want to read the AMI id of the Instance, you can use the follow command.
curl http://169.254.169.254/latest/meta-data/ami-id
However, if you would like to configure the AWS cli without using the Access/Secret Keys. Follow the below steps.
Create an IAM instance profile and Attach it to the EC2 instance
Open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Roles, Create role.
On the Select role type page, choose EC2 and the EC2 use case. Choose Next: Permissions.
On the Attach permissions policy page, select an AWS managed policy that
grants your instances access to the resources that they need.
On the Review page, type a name for the role and choose Create role.
Install the AWS CLI(Ubuntu).
Install pip if it is not installed already.
`sudo apt-get install python-pip`
Install AWS CLI.
`pip install awscli --upgrade --user`
Configure the AWS CLI. Leave AWS Access Key ID and AWS Secret Access
Key as blank as we want to use a Role.
$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: us-west-2
Default output format [None]: json
Modify the Region and Output Format values if required.
I hope this Helps you!
AWS Documentation on how to setup an IAM role for EC2
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html