ec2

For instances which use version 2 of instance metadata, IMDSv2, run the following 2 commands: [ec2-user@ip-172-31-45-35 ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` [ec2-user@ip-172-31-45-35 ~]$ curl -w "\n" -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id i-04bd6066612345678 If you use IMDsv1, then there is no need generate the TOKEN value first, just query the instance-id directly: [ec2-user@ip-172-31-45-35 ~]$ curl -w "\n" http://169.254.169.254/latest/meta-data/instance-id In my case, it returned nothing as my EC2 instances uses IMDsV2....

Tonight I want to connect to an EC2 instance that resides in a private subnet. I currently don’t have a bastion host I can use as an intermediary to jump to this instance. Well, as you might have guessed from this post’s title, the AWS Session Manager is something that might be helpful in this case. So, join me in this journey to configure and set up the Session Manager, using AWS CLI only....

I kept forgetting about the AWS CLI which is quite handy to quickly check if SSM is working on an EC2 instance. So here it is again for my future-self. Use get-connection-status to return the connection status of the specified managed instance. $ aws ssm get-connection-status --target i-092af3b3c1234567 { "Status": "connected", "Target": "i-092af3b3c1234567" } Reference: get-connection-status

So I want to clean up Elastic Network Interfaces (ENIs) that were created for testing and no longer needed, and I want to use AWS CLI to do that. For me, I know that all unused ENIs will have their status as “available”. So I will find all those ENIs and will delete them. ➜ aws ec2 describe-network-interfaces --filters Name=status,Values=available \ --query 'NetworkInterfaces[].{NetworkInterfaceId:NetworkInterfaceId,Description:Description}' [ { "NetworkInterfaceId": "eni-0dc616df583312345", "Description": "2nd nic in 2b az" }, { "NetworkInterfaceId": "eni-0bf98b53cf1b12345", "Description": "2nd nic" }, { "NetworkInterfaceId": "eni-034bcff8ceef12345", "Description": "test-eni" }, { "NetworkInterfaceId": "eni-09adbc3a20c912345", "Description": "Test 2nd eni on custom subnet 2a AZ" } ] Next, I need to feed each of the values of “NetworkInterfaceId” to the delete command aws ec2 delete-network-interface, which takes only 1 NetworkInterfaceId at a time....

This is a quick note to remind me on how to attach or associate an instance profile (IAM role) to an EC2 instance using AWS CLI. There is a bonus section at the end to show how to replace one IAM role with another one directly. In this example, I already have a running EC2 instance i-0357ecc1111111111 running. I want to attach a new instance profile called SSMInstanceProfile to this instance....