"MetricAlarms": [
{
"AlarmName": "AWS_CPUUtilisation_Alarm",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Dimensions": [
{
"Name": "InstanceId",
"Value": "i-XXXXXXXXX"
}
],
"Period": 300,
"EvaluationPeriods": 1,
},
From the above data how can i get only instance id by using below command I am getting name and value:
aws cloudwatch describe-alarms --query "MetricAlarms[*].{Instanceid:Dimensions}" --output table
You're almost there:
aws cloudwatch describe-alarms --query "MetricAlarms[*].{Instanceid:Dimensions}[*].Instanceid[*].Value"
You might find it useful to play around with a tool like jmespath terminal or jmespath tutorial.
Related
I need to list all owner's aws ami and any details about it.
The following line returns the image_id, CreationDate, Name and organized by CreationDate:
aws ec2 describe-images --owners --query 'Images[*].[ImageId, CreationDate, Name]' | sort_by(#, &[1])' --output text
But, i need any information about BlockDevicesMapping like an Ebs volume [snapshot id, Volume size e etc...]
I did the following line aws ec2 describe-images --owners --query 'Images[*].[ImageId, CreationDate, Name, BlockDeviceMappings:[Ebs:{SnapshotID}]] --output text. But, the search on terminal stopped.
I tried a lot of ways.
Thank's for help-me.
The output from describe-images is as follows.
{
"Images": [
{
"VirtualizationType": "hvm",
"Description": "Provided by Red Hat, Inc.",
"PlatformDetails": "Red Hat Enterprise Linux",
"EnaSupport": true,
"Hypervisor": "xen",
"State": "available",
"SriovNetSupport": "simple",
"ImageId": "ami-1234567890EXAMPLE",
"UsageOperation": "RunInstances:0010",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-111222333444aaabb",
"DeleteOnTermination": true,
"VolumeType": "gp2",
"VolumeSize": 10,
"Encrypted": false
}
}
],
"Architecture": "x86_64",
"ImageLocation": "123456789012/RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2",
"RootDeviceType": "ebs",
"OwnerId": "123456789012",
"RootDeviceName": "/dev/sda1",
"CreationDate": "2019-05-10T13:17:12.000Z",
"Public": true,
"ImageType": "machine",
"Name": "RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2"
}
]
}
As you see, BlockDeviceMappings is an array, so you should flatten it first before you attempt to access its objects.
I would suggest specifying --owners 12347989. If you attempt to get all amis of all owners, terminal will hang. I ran the below command with my accountId and got the desired output, but if I don't specify owner, my terminal just hangs.
Try this:
aws ec2 describe-images --owners amazon --query 'Images[*].[ImageId, CreationDate, Name, BlockDeviceMappings[0].DeviceName, BlockDeviceMapping[0].VolumeSize, BlockDeviceMappings[0].SnapshotId]' --output text
I'm using gitlab pipelines to update configuration and code of my AWS Lambda functions. I noticed that when you perform AWS cli requests to update the Lambda like:
aws lambda update-function-configuration --region $your_region --function-name $your_lambda_arn --handler $your_lambda_handler --runtime $your_lambda_runtime
OR
aws lambda update-function-code --region $your_region --function-name $your_lambda_arn --s3-bucket $your_s3_bucket --s3-key $your_project_name.zip
Both requests responses in gitlab console reveals the environment variables (like db connection string) and I would like to keep it secret. Is there any way, any flag or whatsoever to keep these values hidden in response?
Regards
Could perhaps use jq to exclude the output? Otherwise use an SDK (e.g. boto3 or aws-sdk-go) and don't print the entire response.
$ cat ~/Desktop/Me.json
{
"FunctionName": "my-function",
"LastModified": "2019-09-26T20:28:40.438+0000",
"RevisionId": "e52502d4-9320-4688-9cd6-152a6ab7490d",
"MemorySize": 256,
"Version": "$LATEST",
"Role": "arn:aws:iam::123456789012:role/service-role/my-function-role-uy3l9qyq",
"Timeout": 3,
"Runtime": "nodejs10.x",
"TracingConfig": {
"Mode": "PassThrough"
},
"Environment": {
"foo": "bar"
},
"CodeSha256": "5tT2qgzYUHaqwR716pZ2dpkn/0J1FrzJmlKidWoaCgk=",
"Description": "",
"VpcConfig": {
"SubnetIds": [],
"VpcId": "",
"SecurityGroupIds": []
},
"CodeSize": 304,
"FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"Handler": "index.handler"
}
# no Environment key
$ cat ~/Desktop/Me.json | jq 'del(.Environment)'
{
"FunctionName": "my-function",
"LastModified": "2019-09-26T20:28:40.438+0000",
"RevisionId": "e52502d4-9320-4688-9cd6-152a6ab7490d",
"MemorySize": 256,
"Version": "$LATEST",
"Role": "arn:aws:iam::123456789012:role/service-role/my-function-role-uy3l9qyq",
"Timeout": 3,
"Runtime": "nodejs10.x",
"TracingConfig": {
"Mode": "PassThrough"
},
"CodeSha256": "5tT2qgzYUHaqwR716pZ2dpkn/0J1FrzJmlKidWoaCgk=",
"Description": "",
"VpcConfig": {
"SubnetIds": [],
"VpcId": "",
"SecurityGroupIds": []
},
"CodeSize": 304,
"FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"Handler": "index.handler"
}
I've found two additional solutions for that case:
Gitlab itself has mechanism of hiding secrets, to achieve that you can setup environment variable in gitlab cicd settings as protected, in that case console output should be hidden where needed
You can filter out the aws cli response
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html
Regards
I am wanting to run an SSM Document on my EC2 instance, AWSFIS-Run-CPU-Stress.
It is being executed via AWS Fault Injection Simulator (FIS), which requires a documentARN to be specified, specifically in format:
arn:aws:ssm:us-east-1::document/AWSFIS-Run-CPU-Stress.
I have also tried arn:aws:ssm:us-west-2:aws-account-ID:document/AWSFIS-Run-CPU-Stress, replacing 'aws-account-ID' with my AWS account ID.
Here is the AWS FIS documentation that states that you must provide an SSM Document ARN: https://docs.aws.amazon.com/fis/latest/userguide/actions-ssm-agent.html#awsfis-run-cpu-stress
However, when I try to run my Fault Injection experiment with the above ARN (I've tried many different regions), the Document can not be found.
Furthermore, I have tried to use aws ssm describe-document on the Document, but ARN is not returned, so I have no idea what I need to use. It doesn't even look like SSM Documents are region specific.
Here is what is returned by aws ssm describe-document:
{
"Document": {
"Hash": "f2b00b4471e7236ddb11654c4e076473f5e493e916f09840abb229d5a07822b1",
"HashType": "Sha256",
"Name": "Test-AWSFIS-Run-CPU-Stress",
"Owner": "703381282345",
"CreatedDate": "2021-05-10T21:08:14.781000+01:00",
"Status": "Active",
"DocumentVersion": "1",
"Description": "Command Document Example JSON Template",
"Parameters": [
{
"Name": "Message",
"Type": "String",
"Description": "Example",
"DefaultValue": "Hello World"
}
],
"PlatformTypes": [
"Windows",
"Linux",
"MacOS"
],
"DocumentType": "Command",
"SchemaVersion": "2.2",
"LatestVersion": "1",
"DefaultVersion": "1",
"DocumentFormat": "JSON",
"Tags": []
}
}
Where can I find the Document ARN?
Apparently Systems Manager console does not show the document ARN. In the meantime you can construct the ARN following this format:
"arn:<partition>:ssm:<region>:<account_id>:document/<document_name>"
This is a valid example of a public FIS SSM "run command" document (available from any account in us-east-1 region), not sure why it failed in your case. No account id is expected because it's a public document:
"arn:aws:ssm:us-east-1::document/AWSFIS-Run-CPU-Stress"
And this is an example of a private document (i.e. you own it), note that this does have account id:
"arn:aws:ssm:us-east-1:012345678912:document/MyFISFaultDocument"
You can execute the specified document using the following aws ssm send-command --document-name "AWSFIS-Run-CPU-Stress" --document-version "4" --parameters '{"CPU":["0"],"InstallDependencies":["True"]}' --timeout-seconds 600 --max-concurrency "50" --max-errors "0" --region us-east-1
You can obtain the above command line by filling in the parameters from this link https://console.aws.amazon.com/systems-manager/run-command/send-command?region=us-east-1#
I'm trying to display "Dependency duration" from Azure Monitor (Application Insights) in Grafana. I want to exclude "Azure Service Bus" from "dependency/type" dimension.
When I do this in Azure Monitor I get all dependencies as single value:
When I try to apply same filter in Grafana, all dimensions get split:
How can I avoid splitting dimensions, or alternatively how can I combine them back into one? Relevant part of code below. I tried removing "dimensionFilter": "*" but it did not change anything.
{
"azureMonitor": {
"dimensionFilter": "*",
"dimensionFilters": [
{
"dimension": "dependency/type",
"filter": "Azure Service Bus",
"operator": "ne"
}
],
"dimensions": [
{
"text": "Dependency type",
"value": "dependency/type"
}
],
"metricDefinition": "Microsoft.Insights/components",
"metricName": "dependencies/duration",
"metricNamespace": "microsoft.insights/components",
"resourceGroup": "$resources_rg",
"resourceName": "$app_insights"
]
}
}
During the cleanup process of Azure VM. I am trying to identify all resources associated with Deallocated VM, Like network, storage and nic.
I ran below query to get details, but unable to write a query to get other details in the same query parameter to get a result of nic, storge in table format.
az vm list -d --query "[?powerState=='VM deallocated']" -o table
qa-automation-10 TEST-QA-AUTOMATION
qa-automation-11 TEST-QA-AUTOMATION
qa-automation-12 TEST-QA-AUTOMATION
qa-automation-13 TEST-QA-AUTOMATION
qa-automation-14 TEST-QA-AUTOMATIO
Any help will be appreciable, I am especially looking for az client query. As VM deallocated list is big so I will run through gitlab pipeline.
},
"id": "/subscriptions/xxxxxxxx/resourceGroups/xxxx/providers/Microsoft.Compute/virtualMachines/x023901",
"identity": null,
"licenseType": null,
"location": "x",
"macAddresses": "",
"name": "x023901",
"networkProfile": {
"networkInterfaces": [
{
"id": "/subscriptions/x/resourceGroups/rGroup-ENV0239/providers/Microsoft.Network/networkInterfaces/x023901nic",
"primary": null,
"resourceGroup": "rGroup-ENV0239"
}
]
},
"osProfile": null,
"plan": null,
"powerState": "VM deallocated",
"privateIps": "x.x.x.x",
"provisioningState": "Succeeded",
"publicIps": "",
"resourceGroup": "RGROUP-ENV0239",
"resources": [
{
"autoUpgradeMinorVersion": true,
"forceUpdateTag": null,
"id": "/subscriptions/xxxxxxx/resourceGroups/RGROUP-ENV0239/providers/Microsoft.Compute/virtualMachines/x023901/extensions/OmsAgentForLinux",
"instanceView": null,
"location": "x",
"name": "OmsAgentForLinux",
"protectedSettings": null,
"provisioningState": "Succeeded",
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"resourceGroup": "RGROUP-ENV0239",
"settings": {
"stopOnMultipleConnections": true,
"workspaceId": "xx"
},
"tags": null,
"type": "Microsoft.Compute/virtualMachines/extensions",
"typeHandlerVersion": "1.0",
"virtualMachineExtensionType": "OmsAgentForLinux"
}
],
"storageProfile": {
"dataDisks": [
{
"caching": "None",
"createOption": "Attach",
"diskSizeGb": 20,
"image": null,
"lun": 0,
"managedDisk": null,
"name": "x-data1.vhd",
"vhd": {
"uri": "https://x.core.windows.net/vhds/x-data1.vhd"
},
"writeAcceleratorEnabled": null
}
],
"imageReference": null,
"osDisk": {
"caching": "ReadWrite",
"createOption": "Attach",
"diffDiskSettings": null,
"diskSizeGb": 30,
"encryptionSettings": null,
"image": null,
"managedDisk": null,
"name": "xosDisk",
"osType": "Linux",
"vhd": {
"uri": "https://xblob.core.windows.net/vhds/x.vhd"
},
"writeAcceleratorEnabled": null
}
},
"tags": null,
"type": "Microsoft.Compute/virtualMachines",
"vmId": "x",
"zones": null
},
The VMs in Azure has two types, one is the managed VM while the other is unmanaged VM. When you want to show the details of all the VMs, you should pay attention to this.
In addition, there no property about the storage account. You can store the files in the storage account and do not associate to the VM. So you just get a little info about the storage account if the VM is unmanaged.
Get a list of the VM with some resources just like vmName, NIC, osDisk or osDiskURI, the CLI command here:
az vm list --query "[].{VMName:name, nicId:networkProfile.networkInterfaces[0].id, managedDiskId:storageProfile.osDisk.managedDisk.id, UnmanagedDiskURL:storageProfile.osDisk.vhd.uri}" -o table
You can change the info that you want if you can find it in the VM details through the CLI command az vm show. Hope this will help. Any more question you can give me the message.
You will need to use a query like below:
az vm show -g RG-DemoAutomation -n DemoVM101 --query "{VMName:name, admin:osProfile.adminUsername,nicId:networkProfile.networkInterfaces[0].id, osDiskId:storageProfile.osDisk.managedDisk.id}" -o table
As you mentioned you will need to iterate through the output of the az vm list and then for each VM you will need to run az vm show as I showed in the sample above.
You can have filter and data selection in one query as "[?query here].{customColName1:value1, customColName2:value2}" but the problem is that az vm list does not have the details that you are looking for. That detail is available with az vm show command.
For values in the above syntax, the query uses JMESPATH and you can find the exact value by using a neat utility available here: JMESPath Terminal
Also, try using the output as json (-o json) as that will be much more readable unless you want to dump the output into an excel sheet.