tags

AWS Create Volume From Snapshot with Tags

January 19, 2023

Here’s another script that creates a volume from a snapshot, but also add the tags.

#!/bin/bash
read -p "server     : " server
read -p "volumeId   : " volume
read -p "snapshotId : " snapshot
read -p "region     : " region
read -p "zone       : " zone
read -p "profile    : " profile
# get tags
tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile)
# remove quotes
tags2=$(echo "$tags1" | tr -d '"')
# remove spaces
tags3=$(echo $tags2 | sed 's/ //g')
# replace : with =
tags4=$(echo $tags3 | sed 's/:/=/g')
# if empty value replace with quotes
tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g')
# create volume
aws ec2 create-volume \
--availability-zone $zone \
--encrypted \
--iops 3000 \
--volume-type gp3 \
--snapshot-id $snapshot \
--tag-specifications 'ResourceType=volume,Tags='$tags5'' \
--region $region \
--profile $profile

AWS Spot Instances Running Docker

February 14, 2021

I have an AMI with docker installed. Here’s how I launch a spot instance using Terraform.

Here’s my Terraform script.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_spot_instance_request" "docker" {
  ami                           = "ami-xxxxxxxxxxxxxxxx"
  spot_price                    = "0.0031"
  wait_for_fulfillment          = "true"
  key_name                      = "servers"
  instance_type                 = "t3.micro"
  subnet_id                     = "subnet-xxxxxxxxxxxxxxxx"
  security_groups               = ["sg-xxxxxxxxxxxxxxxxxx"]
  associate_public_ip_address   = "true"
  user_data = <<-EOF
              #!/bin/bash
              hostnamectl set-hostname docker
              EOF
  tags = {
        Name = "docker-0.1"
  }
}
resource "aws_ec2_tag" "tagging" {
  resource_id                   = aws_spot_instance_request.docker.spot_instance_id
  key                           = "Name"
  value                         = "docker-0.1"
}

I use “aws_ec2_tag” resource to tag the instance properly.

In addition, I use user_data to run a script, to set the hostname.

To launch via Terraform, I run the following commands.

terraform init
terraform apply

When done, I could stop the instance to stop incurring charges. Or just simply destroy it via Terraform.

terraform destroy

It’s not bad deal for an instance that costs only $0.0031 per hour.

EFS Tags Auto Assign Backup Tags

January 17, 2021

Here’s a script that scans all EFS systems in several AWS accounts and regions and randomly assigns backup tags to EFS systems that are missing backup tags. This is assuming EFS is using AWS Backup service using tags to apply backup policies. If there are no backup tags, an EFS gets assigned a randomly picked backup policy.

#!/bin/bash
# log file
output="test.log"
tmpfil="temp.txt"
# empty file
> $output
# set random array
arr[0]="efs-0000"
arr[1]="efs-0400"
arr[2]="efs-0800"
arr[3]="efs-1200"
arr[4]="efs-1600"
arr[5]="efs-2000"
rand=$[ $RANDOM %6 ]
backup=${arr[$rand]}
# set accounts and regions
declare -a account=("default" "one" "two" "three" "four" "five")
declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2")
for i in "${account[@]}"; do
  echo "===================" >> $output
  echo $i >> $output
  echo "===================" >> $output
  for j in "${region[@]}"; do
    echo $j >> $output
        aws efs describe-file-systems \
        --query "FileSystems[*].[FileSystemId,Tags[?Key=='aws-backup']|[0].Value]" \
        --profile $i \
        --region $j \
        --output text > $tmpfil
        while read -r id tag; do
      if [[ $tag == "" ]]; then
        aws efs tag-resource \
        --resource-id $id \
        --tags Key="aws-backup",Value=${arr[$rand]} \
        --profile $i \
        --region $j >> $output
        echo "Added backup tag $backup to $id" >> $output
      elif [[ $tag == "no-backup" ]]; then
        echo "Backup tag is already set to no-backup on $id." >> $output
      else
        echo "No backup tag changes applied to $id." >> $output
      fi
    done < $tmpfil
  done
done
rm $tmpfil

AWS EFS Tags

January 4, 2021

This script add new tags if they are missing.

#!/bin/bash
log="log.txt"
id=$(aws efs describe-file-systems --query "FileSystems[*].[FileSystemId]" --output text --region us-east-1)
tag=$(aws efs describe-file-systems --query "FileSystems[*].Tags[?Key=='aws-backup'].Value" --output text --region us-east-1 )
 
arr[0]="efs-0000"
arr[1]="efs-0400"
arr[2]="efs-0800"
arr[3]="efs-1200"
arr[4]="efs-1600"
arr[5]="efs-2000"
 
rand=$[ $RANDOM %6 ]
backup=${arr[$rand]}
 
if [[ $tag == "" ]]; then
  aws efs tag-resource --resource-id $id --tags Key="aws-backup",Value=${arr[$rand]} --profile default --region us-east-1
  echo "Added backup tag $backup to $id" 
elif [[ $tag == "no-backup" ]]; then
  echo "No backup on $id."
else
  echo "No changes done to $id."
fi

AWS CLI Display Tags

January 2, 2021

This command lists the EC2 instance id and the tag name using query.

aws ec2 describe-instances \
--query 'Reservations[].Instances[].[InstanceId,Tags[?Key==Name]|[0].Value]' \
--profile tfc \
--region us-east-2 \
--output text

Output:

i-xxxxxxxxxxxxxxxxx     server-one
i-xxxxxxxxxxxxxxxxx     server-two
i-xxxxxxxxxxxxxxxxx     server-three

|[0].Value insures output is one instance record per line.

GCP Create Firewall with Tags

May 28, 2020

Here’s another way to create a firewall in GCP using network tag as targets.

gcloud compute firewall-rules create "firewall-name" \
    --description="egress rule to allow port 8000 to destination" \
    --priority "1000" \
    --direction EGRESS \
    --action allow \
    --network "your-network" \
    --target-tags="your-network-tag" \
    --destination-ranges="10.0.0.1/32" \
    --rules tcp:8000

AWS EC2 Describe Snapshots

May 7, 2020

Here’s how to describe snapshots using query with tags.

aws ec2 describe-snapshots \
--owner-ids xxxxxxxxxxx \
--profile default \
--region us-east-2 \
--output text \
--query "Snapshots[*].[SnapshotId,Tags[?Key=='Name'].Value[] | [0]]"

Result.

snap-xxxxxxxxxxxxxxxxx	Server1
snap-xxxxxxxxxxxxxxxxx	Server2

AWS IAM Tag User

January 15, 2020

Here’s how to add tags to an existing user.

aws iam tag-user \
--user-name ulysses \
--tags "Key"="dept","Value"="it" "Key"="role","Value"="admin"

Tags with identical keys are overwritten. New keys are added.