Created
August 18, 2014 12:41
-
-
Save codeinthehole/ab9a8dc30917c5705846 to your computer and use it in GitHub Desktop.
Get the value of an EC2 instance's tag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Get the value of a tag for a running EC2 instance. | |
| # | |
| # This can be useful within bootstrapping scripts ("user-data"). | |
| # | |
| # Note the EC3 instance needs to have an IAM role that lets it read tags. The policy | |
| # JSON for this looks like: | |
| # | |
| # { | |
| # "Version": "2012-10-17", | |
| # "Statement": [ | |
| # { | |
| # "Effect": "Allow", | |
| # "Action": "ec2:DescribeTags", | |
| # "Resource": "*" | |
| # } | |
| # ] | |
| # } | |
| # Define the tag you want to get the value for | |
| KEY=bucket | |
| # Install AWS CLI (you could just do 'apt-get install awscli' although you'll | |
| # get an older version). | |
| apt-get update | |
| apt-get install -y python-pip | |
| pip install -U pip | |
| pip install awscli | |
| # Grab instance ID and region as the 'describe-tags' action below requires them. Getting the region | |
| # is a pain (see http://stackoverflow.com/questions/4249488/find-region-from-within-ec2-instance) | |
| INSTANCE_ID=$(ec2metadata --instance-id) | |
| REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}') | |
| # Grab tag value | |
| TAG_VALUE=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=$KEY" --region=$REGION --output=text | cut -f5) |
There's an error getting the region.
You can fix it with
INSTANCE_ID=$(ec2-metadata --instance-id | awk '{print $2}')
TOOOOOOOOP
like a charm !!!!
If you know what Tag you are looking for you can query it directly like
--query 'Tags[?Key==`Name`].Value'And yes those are backticks around the tag Key that you are looking for, in this cameName.
Finally found the working syntax. Thanks @espoelstra
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DescribeTagsaction does not allow any Resource limitation (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html#amazonec2-policy-keys ), the Policy Visual Editor image above also tells so.Anyway, even if it supports resource limiting, a condition using
aws:SourceArnand${ec2:SourceInstanceARN}is always true in a petition from an Instance Role as both values will be the same, and as the documentation said you can not use${ec2:SourceInstanceARN}on theResourcepart of the policy, hence you're not limiting by resource.Conclusion: don't lose time trying to make this work (as I already did)