cloud engineer
When you stand up an AWS instance, it’s only accessible via SSH key using the default user, typically ec2-user.
Add password to ec2-user, then enable password authentication to ‘yes’ in SSH.
# Add password to ec2-user sudo passwd ec2-user # edit ssh config vim /etc/ssh/sshd_config # enable password authentication PasswordAuthentication yes # save file and exit |
# Add password to ec2-user sudo passwd ec2-user # edit ssh config vim /etc/ssh/sshd_config # enable password authentication PasswordAuthentication yes # save file and exit
Restart SSH service.
systemctl restart sshd.service |
systemctl restart sshd.service
Here’s how to describe snapshots using query with tags.
aws ec2 describe-snapshots \ --owner-ids xxxxxxxxxxx \ --profile default \ --region us-east-2 \ --output text \ --query "Snapshots[*].[SnapshotId,Tags[?Key=='Name'].Value[] | [0]]" |
aws ec2 describe-snapshots \ --owner-ids xxxxxxxxxxx \ --profile default \ --region us-east-2 \ --output text \ --query "Snapshots[*].[SnapshotId,Tags[?Key=='Name'].Value[] | [0]]"
Result.
snap-xxxxxxxxxxxxxxxxx Server1 snap-xxxxxxxxxxxxxxxxx Server2 |
snap-xxxxxxxxxxxxxxxxx Server1 snap-xxxxxxxxxxxxxxxxx Server2
Here’s how to set the DeleteOnTermination setting on EBS volumes. The DeleteOnTermination flag determines if an EBS volume will be kept or deleted when an EC2 instance is terminated. The DeleteOnTermination setting can be set during EC2 instance creation, or it can be applied to an existing or a running EC2 instance. The settings can be placed in a JSON file and loaded using –block-device-mappings option upon creation.
During creation.
aws ec2 run-instances \ --count 1 \ --region us-east-2 \ --key-name tfc-ohio \ --image-id ami-xxxxxxxx \ --instance-type t2.large \ --subnet-id subnet-xxxxxxx \ --private-ip-address 10.0.4.100 \ --iam-instance-profile Name=machinerole \ --security-group-ids sg-xxxxxxxxxxxxx \ --block-device-mappings file://mapping.json |
aws ec2 run-instances \ --count 1 \ --region us-east-2 \ --key-name tfc-ohio \ --image-id ami-xxxxxxxx \ --instance-type t2.large \ --subnet-id subnet-xxxxxxx \ --private-ip-address 10.0.4.100 \ --iam-instance-profile Name=machinerole \ --security-group-ids sg-xxxxxxxxxxxxx \ --block-device-mappings file://mapping.json
Contents of mapping.json
[ { "DeviceName": "/dev/sda1", "Ebs": { "DeleteOnTermination": true, "VolumeSize": 30 "VolumeType": "gp2" } } ] |
[ { "DeviceName": "/dev/sda1", "Ebs": { "DeleteOnTermination": true, "VolumeSize": 30 "VolumeType": "gp2" } } ]
Device name is /dev/sda1. Termination is set to true. Volume size is 30GB and EBS type is gp2.
Modifying an existing EC2 instance.
aws ec2 modify-instance-attribute \ --instance-id i-xxxxxxxxxxxxx \ --block-device-mappings file://mapping.json |
aws ec2 modify-instance-attribute \ --instance-id i-xxxxxxxxxxxxx \ --block-device-mappings file://mapping.json
Here’s the mapping.json file.
[ { "DeviceName": "/dev/sda1", "Ebs": { "DeleteOnTermination": false, } } ] |
[ { "DeviceName": "/dev/sda1", "Ebs": { "DeleteOnTermination": false, } } ]
Obviously, you can’t change Volume size and type to an existing EBS volume, but you can flip the DeleteOnTermination flag and vice versa.
Boto is the Amazon Web Services (AWS) SDK for Python. It enables Python developers to create, configure, and manage AWS services, such as EC2 and S3. Boto provides an easy to use, object-oriented API, as well as low-level access to AWS services.
Here’s a quick example how to query for AWS resources.
import logging import boto3 from botocore.exceptions import ClientError # set aws profile session = boto3.Session(profile_name="default") # get buckets s3 = session.client('s3') results = s3.list_buckets() # display buckets print('Existing buckets:') for key in results['Buckets']: print(f'{key["Name"]}') # get ec2 instances. set region. ec2 = session.client('ec2', region_name='us-east-1') results = ec2.describe_instances() # display instances for key in results["Reservations"]: for instance in key["Instances"]: instance_id = instance["InstanceId"] instance_type = instance["InstanceType"] availability_zone = instance["Placement"]["AvailabilityZone"] print(instance_id + "\t" + instance_type + "\t" + availability_zone) # get list of users client = session.client('iam') results = client.list_users() # display list of users for key in results['Users']: print (key['UserName']) |
import logging import boto3 from botocore.exceptions import ClientError # set aws profile session = boto3.Session(profile_name="default") # get buckets s3 = session.client('s3') results = s3.list_buckets() # display buckets print('Existing buckets:') for key in results['Buckets']: print(f'{key["Name"]}') # get ec2 instances. set region. ec2 = session.client('ec2', region_name='us-east-1') results = ec2.describe_instances() # display instances for key in results["Reservations"]: for instance in key["Instances"]: instance_id = instance["InstanceId"] instance_type = instance["InstanceType"] availability_zone = instance["Placement"]["AvailabilityZone"] print(instance_id + "\t" + instance_type + "\t" + availability_zone) # get list of users client = session.client('iam') results = client.list_users() # display list of users for key in results['Users']: print (key['UserName'])
If you have changed instance type to either C5 or M5 and it no longer boots, it’s due to the following reasons.
You will need to run a Bash script to update the current instance to be able to support a C5 or M5 instance.
Here’s how to get a list of EC2 tags.
aws ec2 describe-tags \ --filters "Name=resource-id,Values=i-xxxxxxxxxxxxx" \ --query 'Tags[][Key,Value]' \ --profile default \ --region us-east-1 \ --output text |
aws ec2 describe-tags \ --filters "Name=resource-id,Values=i-xxxxxxxxxxxxx" \ --query 'Tags[][Key,Value]' \ --profile default \ --region us-east-1 \ --output text