Uly.me

cloud engineer

tags

AWS Create Volume From Snapshot with Tags

Here’s another script that creates a volume from a snapshot, but also add the tags.

#!/bin/bash
read -p "server     : " server
read -p "volumeId   : " volume
read -p "snapshotId : " snapshot
read -p "region     : " region
read -p "zone       : " zone
read -p "profile    : " profile
# get tags
tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile)
# remove quotes
tags2=$(echo "$tags1" | tr -d '"')
# remove spaces
tags3=$(echo $tags2 | sed 's/ //g')
# replace : with =
tags4=$(echo $tags3 | sed 's/:/=/g')
# if empty value replace with quotes
tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g')
# create volume
aws ec2 create-volume \
--availability-zone $zone \
--encrypted \
--iops 3000 \
--volume-type gp3 \
--snapshot-id $snapshot \
--tag-specifications 'ResourceType=volume,Tags='$tags5'' \
--region $region \
--profile $profile

AWS Spot Instances Running Docker

I have an AMI with docker installed. Here’s how I launch a spot instance using Terraform.

Here’s my Terraform script.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_spot_instance_request" "docker" {
  ami                           = "ami-xxxxxxxxxxxxxxxx"
  spot_price                    = "0.0031"
  wait_for_fulfillment          = "true"
  key_name                      = "servers"
  instance_type                 = "t3.micro"
  subnet_id                     = "subnet-xxxxxxxxxxxxxxxx"
  security_groups               = ["sg-xxxxxxxxxxxxxxxxxx"]
  associate_public_ip_address   = "true"
  user_data = <<-EOF
              #!/bin/bash
              hostnamectl set-hostname docker
              EOF
  tags = {
        Name = "docker-0.1"
  }
}
resource "aws_ec2_tag" "tagging" {
  resource_id                   = aws_spot_instance_request.docker.spot_instance_id
  key                           = "Name"
  value                         = "docker-0.1"
}

I use “aws_ec2_tag” resource to tag the instance properly.

In addition, I use user_data to run a script, to set the hostname.

To launch via Terraform, I run the following commands.

terraform init
terraform apply

When done, I could stop the instance to stop incurring charges. Or just simply destroy it via Terraform.

terraform destroy

It’s not bad deal for an instance that costs only $0.0031 per hour.

EFS Tags Auto Assign Backup Tags

Here’s a script that scans all EFS systems in several AWS accounts and regions and randomly assigns backup tags to EFS systems that are missing backup tags. This is assuming EFS is using AWS Backup service using tags to apply backup policies. If there are no backup tags, an EFS gets assigned a randomly picked backup policy.

#!/bin/bash
# log file
output="test.log"
tmpfil="temp.txt"
# empty file
> $output
# set random array
arr[0]="efs-0000"
arr[1]="efs-0400"
arr[2]="efs-0800"
arr[3]="efs-1200"
arr[4]="efs-1600"
arr[5]="efs-2000"
rand=$[ $RANDOM %6 ]
backup=${arr[$rand]}
# set accounts and regions
declare -a account=("default" "one" "two" "three" "four" "five")
declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2")
for i in "${account[@]}"; do
  echo "===================" >> $output
  echo $i >> $output
  echo "===================" >> $output
  for j in "${region[@]}"; do
    echo $j >> $output
        aws efs describe-file-systems \
        --query "FileSystems[*].[FileSystemId,Tags[?Key=='aws-backup']|[0].Value]" \
        --profile $i \
        --region $j \
        --output text > $tmpfil
        while read -r id tag; do
      if [[ $tag == "" ]]; then
        aws efs tag-resource \
        --resource-id $id \
        --tags Key="aws-backup",Value=${arr[$rand]} \
        --profile $i \
        --region $j >> $output
        echo "Added backup tag $backup to $id" >> $output
      elif [[ $tag == "no-backup" ]]; then
        echo "Backup tag is already set to no-backup on $id." >> $output
      else
        echo "No backup tag changes applied to $id." >> $output
      fi
    done < $tmpfil
  done
done
rm $tmpfil

AWS EFS Tags

This script add new tags if they are missing.

#!/bin/bash
log="log.txt"
id=$(aws efs describe-file-systems --query "FileSystems[*].[FileSystemId]" --output text --region us-east-1)
tag=$(aws efs describe-file-systems --query "FileSystems[*].Tags[?Key=='aws-backup'].Value" --output text --region us-east-1 )
 
arr[0]="efs-0000"
arr[1]="efs-0400"
arr[2]="efs-0800"
arr[3]="efs-1200"
arr[4]="efs-1600"
arr[5]="efs-2000"
 
rand=$[ $RANDOM %6 ]
backup=${arr[$rand]}
 
if [[ $tag == "" ]]; then
  aws efs tag-resource --resource-id $id --tags Key="aws-backup",Value=${arr[$rand]} --profile default --region us-east-1
  echo "Added backup tag $backup to $id" 
elif [[ $tag == "no-backup" ]]; then
  echo "No backup on $id."
else
  echo "No changes done to $id."
fi

AWS CLI Display Tags

This command lists the EC2 instance id and the tag name using query.

aws ec2 describe-instances \
--query 'Reservations[].Instances[].[InstanceId,Tags[?Key==Name]|[0].Value]' \
--profile tfc \
--region us-east-2 \
--output text

Output:

i-xxxxxxxxxxxxxxxxx     server-one
i-xxxxxxxxxxxxxxxxx     server-two
i-xxxxxxxxxxxxxxxxx     server-three

|[0].Value insures output is one instance record per line.