• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

ec2

AWS Move Instance to Another Zone

December 23, 2021

Here’s how to move an AWS instance to another zone.

Stop the instance first.

aws ec2 stop-instances --instance-ids i-1234567890abcdef0

aws ec2 stop-instances --instance-ids i-1234567890abcdef0

Create an AMI image.

aws ec2 create-image \
--instance-id i-1234567890abcdef0 \
--name "my-ami" \
--description "my-ami"

aws ec2 create-image \ --instance-id i-1234567890abcdef0 \ --name "my-ami" \ --description "my-ami"

Create EC2 instance using Terraform. The contents of main.tf.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_instance" "ulysses" {
  ami                           = "ami-1234567890abcdef0"
  key_name                      = "servers"
  iam_instance_profile          = "machine-role"
  instance_type                 = "t3.micro"
  subnet_id                     = "subnet-1234567890abcdef0"
  security_groups               = ["sg-1234567890abcdef0", "sg-1234567890abcdef1"]
  tags = {
    Name = "moving-instance"
    tag1 = "test1"
    tag2 = "test2"
  }
}

terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_instance" "ulysses" { ami = "ami-1234567890abcdef0" key_name = "servers" iam_instance_profile = "machine-role" instance_type = "t3.micro" subnet_id = "subnet-1234567890abcdef0" security_groups = ["sg-1234567890abcdef0", "sg-1234567890abcdef1"] tags = { Name = "moving-instance" tag1 = "test1" tag2 = "test2" } }

Launch it.

terraform init
terraform plan
terraform apply

terraform init terraform plan terraform apply

Filed Under: Cloud Tagged With: aws, ec2, instance, move, zone

Terraform User Data

October 26, 2021

Here’s how to add userdata in Terraform.

user_data = filebase64("${path.module}/example.sh")

user_data = filebase64("${path.module}/example.sh")

Filed Under: Cloud Tagged With: bootstrap, ec2, script, terraform, userdata

AWS EC2 ENA Support

May 7, 2021

AWS has machine types that require ENA Support. You can run AWS CLI to find out if instance is ENA enabled.

aws ec2 describe-instances \
--instance-id i-xxxxxxxxxxxxxxxxx \
--profile default \
--region us-east-1 \
--query 'Reservations[].Instances[].EnaSupport'

aws ec2 describe-instances \ --instance-id i-xxxxxxxxxxxxxxxxx \ --profile default \ --region us-east-1 \ --query 'Reservations[].Instances[].EnaSupport'

Login to the instance and verify.

sudo lspci | grep -i Amazon

sudo lspci | grep -i Amazon

List driver details.

modinfo nvme

modinfo nvme

Verify modules loaded at startup.

lsmod | grep nvme
lsmod | grep ena

lsmod | grep nvme lsmod | grep ena

If ENA drivers are missing, install them.

yum install pciutils

yum install pciutils

Filed Under: Cloud Tagged With: aws, cli, describe-instances, ec2, ena, support

AWS Copy AMI to another Region

March 2, 2021

Here’s how to copy an AMI to another region.

aws ec2 copy-image \
  --source-image-id ami-xxxxxxxxxxx \
  --source-region us-east-1 \
  --region us-east-2 \
  --name "My DR server"

aws ec2 copy-image \ --source-image-id ami-xxxxxxxxxxx \ --source-region us-east-1 \ --region us-east-2 \ --name "My DR server"

Output:

{
    "ImageId": "ami-xxxxxxxxxxx"
}

{ "ImageId": "ami-xxxxxxxxxxx" }

Filed Under: Cloud Tagged With: ami, copy, ec2, region

AWS EC2 List Firewall Rules

January 26, 2021

AWS EC2 Firewall rules are defined within security groups. Security groups are attached to an instance. An instance can have up to 5 security groups. Essentially, this script gathers all the security groups associated with an instance, loops through them, and then outputs the ingress and egress rules of each security group to a file in a text format.

#!/bin/bash
# set variables
instanceid='i-xxxxxxxxxxxxxxxx'
region='us-east-1'
profile='sample'
# log and temp files
output="ec2-sg.log"
tmpfil="ec2-sg.tmp"
# empty log at start
> $output
# get sg ids
aws ec2 describe-instances \
--instance-ids $instanceid \
--region $region \
--profile $profile \
--query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil
while read -r id; do
  echo '============================================' >> $output
  echo $id >> $output
  echo '============================================' >> $output
  echo '---------------- INGRESS -------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
  echo '---------------- EGRESS --------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
done < $tmpfil

#!/bin/bash # set variables instanceid='i-xxxxxxxxxxxxxxxx' region='us-east-1' profile='sample' # log and temp files output="ec2-sg.log" tmpfil="ec2-sg.tmp" # empty log at start > $output # get sg ids aws ec2 describe-instances \ --instance-ids $instanceid \ --region $region \ --profile $profile \ --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil while read -r id; do echo '============================================' >> $output echo $id >> $output echo '============================================' >> $output echo '---------------- INGRESS -------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output echo '---------------- EGRESS --------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output done < $tmpfil

Here’s a sample output.

============================================
sg-xxxxxxxxxxxxxxx
============================================
---------------- INGRESS -------------------
5985    5985    tcp     10.0.0.220/32
10005   10005   tcp     10.0.0.164/32
---------------- EGRESS --------------------
80      80      tcp     10.0.0.14/32
40000   65535   udp     10.0.0.0/8
3389    3389    tcp     10.0.0.96/32
9389    9389    tcp     10.0.0.0/8
5985    5986    tcp     10.0.0.96/32

============================================ sg-xxxxxxxxxxxxxxx ============================================ ---------------- INGRESS ------------------- 5985 5985 tcp 10.0.0.220/32 10005 10005 tcp 10.0.0.164/32 ---------------- EGRESS -------------------- 80 80 tcp 10.0.0.14/32 40000 65535 udp 10.0.0.0/8 3389 3389 tcp 10.0.0.96/32 9389 9389 tcp 10.0.0.0/8 5985 5986 tcp 10.0.0.96/32

Filed Under: Cloud Tagged With: aws, cli, ec2, firewall, output, security groups, text

AWS CLI Display Tags

January 2, 2021

This command lists the EC2 instance id and the tag name using query.

aws ec2 describe-instances \
--query 'Reservations[].Instances[].[InstanceId,Tags[?Key==Name]|[0].Value]' \
--profile tfc \
--region us-east-2 \
--output text

aws ec2 describe-instances \ --query 'Reservations[].Instances[].[InstanceId,Tags[?Key==Name]|[0].Value]' \ --profile tfc \ --region us-east-2 \ --output text

Output:

i-xxxxxxxxxxxxxxxxx     server-one
i-xxxxxxxxxxxxxxxxx     server-two
i-xxxxxxxxxxxxxxxxx     server-three

i-xxxxxxxxxxxxxxxxx server-one i-xxxxxxxxxxxxxxxxx server-two i-xxxxxxxxxxxxxxxxx server-three

|[0].Value insures output is one instance record per line.

Filed Under: Cloud Tagged With: aws, describe-instances, ec2, instance-id, query, tags

AWS Enable Enhance Network Support

October 13, 2020

When changing machine types, you may be asked to enable the latest ENA driver for Enhanced Network Support on an Amazon EC2 instance. There are several instructions depending on the Linux OS flavor. Here are the instructions to enable. In some cases, you may need to rebuild the kernel module. To verify that the ena module is installed, use the modinfo command as shown in the following example.

modinfo ena

modinfo ena

You also may have to enable the enhanced networking attribute on the instance.

aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

Filed Under: Cloud Tagged With: aws, ec2, ena, enable, enhanced, modinfo, network, support

EC2 Password Authentication

May 18, 2020

When you stand up an AWS instance, it’s only accessible via SSH key using the default user, typically ec2-user.

Add password to ec2-user, then enable password authentication to ‘yes’ in SSH.

# Add password to ec2-user
sudo passwd ec2-user
# edit ssh config
vim /etc/ssh/sshd_config
# enable password authentication
PasswordAuthentication yes
# save file and exit

# Add password to ec2-user sudo passwd ec2-user # edit ssh config vim /etc/ssh/sshd_config # enable password authentication PasswordAuthentication yes # save file and exit

Restart SSH service.

systemctl restart sshd.service

systemctl restart sshd.service

Filed Under: Cloud, Linux Tagged With: authentication, aws, ec2, keys, password, ssh

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023