I am having three instances in AWS. I have to start each instance by logging into the account and then start it manually. I want to start it using python by just running a script so that I don't need to login to the AWS account and start the service manually. Here are my instance types.
Is there any way I could do it? I am new to AWS so not finding a way to do it.
The easiest method would be to use the AWS Command-Line Interface (CLI):
aws ec2 start-instances --instance-ids i-11111 i-2222 i-3333
If you have not previously used the AWS CLI, you will first need to run aws configure and provide your IAM User credentials (Access Key + Secret Key).
You can also use a Python script to do this, using the boto3 SDK and the start_instances() command.
Related
I'm trying to run a python script file while in the AWS CLI. Does anyone have the syntax for that please? I've tried a few variations but without success:
aws ssm send-command --document-name "AWS-RunShellScript" --parameters commands=["/Documents/aws_instances_summary.py"]
I'm not looking to connect to a particular EC2 instance as the script gathers information about all instances
aws ssm send-command runs the command on an EC2 instance, not on your local computer.
From your comments, it looks like you are actually trying to determine how to configure the AWS SDK for Python (Boto3) with AWS API credentials, so you can run the script from your local computer and get information about the AWS account.
You would not use the AWS CLI tool at all for this purpose. Instead you would simply run the Python script directly, having configured the appropriate environment variables, or ~/.aws/credentials file, on your local computer with the API credentials. Please see the official documentation for configuring AWS API credentials for Boto3.
A minimal example would look something like this:
export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
python aws_instances_summary.py
I would like to know if theirs a lamba function, or python script I can run that would turn on EBS encryption for all AWS regions instead of me having to manually enable it.
You could certainly write a Python script that could run locally, or in an AWS Lambda environment, that loops through all the AWS regions, calling the boto2 EC2 client's enable_ebs_encryption_by_default() method on each region.
My setup is: the code is in the private repository in Github which I run from AWS EC2.
I have this doubt where should I store the API and database credentials. My feeling at the moment is that no credentials should be stored in the code, instead, I should use the AWS Secret Manager to access them but then, you also connect to AWS. What is your view on it? A disclosure, I am starting with Python, so, please, be gentle.
Never store your secrets in code. In your case I would recommend AWS Secret Manager (Or secret parameters in AWS System Manager Parameter Store) and store your secrets there.
I would recommend to create an IAM role for your EC2 which has a policy which allows the role to read the correct secrets from AWS Secret Manager. Connect the role with an instance profile and the instance profile with the EC2. This is done automatically in the AWS console but not when your using CloudFormation. An instance profile is kind of a wrapper around a role that allows the role to be attached to an instance.
In this flow your EC2 instance will be allowed to read the secrets from system manager by using the instance profile and role. Roles are the recommended way to make AWS resources interact with each other because it uses temporary credentials and restricts access.
With the above setup you should be able to read the secrets from within your code like explained here. You can use boto3 (AWS SDK for Python) to interact from within the EC2 to the secrets manager.
I am looking to launch an AWS instance by deploying a script. However, I do not fully understand what this means. What should be in the script in order to launch it and how do I approach this in order to meet the following requirements?
User specifies AWS credentials in a separate key file;
User invokes termination script and pass the instance ID from
command line;
Termination script shuts down AWS instance.
Upon completion, the termination script returns message indicating
whether the termination process has been completed successfully
I would appreciate some help in understanding what exactly a deployment script it and what language I should write it in. I have been coding thus far in Python and have created a script that creates an instance. But I am not sure how this is different from deploying an instance.
The usage of the expressions "create an instance" and "deploy an instance" can mean the same thing or different things. Depends on the engineer's viewpoint.
Basically creating an EC2 instance means the AWS definition of launching an EC2 instance. Deploying an EC2 instance may include additional configuration details such as patching the OS, installing software and applications, etc. It is up to you to decide which is which and how each should be done.
When deploying an EC2 instance, I prefer to configure a machine exactly the way that I want with OS patches, software and my applications. Then I create an AMI. When I then launch a new EC2 instance, I use my hand created AMI. Then the new EC2 instance is exactly what I want. No long deployment phase.
Best practices when writing scripts. Do not store your Amazon credentials in your scripts, source code, random files, etc. Install the Amazon CLI (Command Line Internface) tool and then configure the CLI with your credentials. Now your credentials are stored in a well defined location with the added benefit that Amazon SDKs, scripts, etc. will know how to find the credentials and will automatically load and use them.
The easiest way of writing scripts to manage AWS services is to use the AWS CLI. Just about anything that you can do in the Amazon Management Console, you can do with the CLI. The CLI works on Windows, Linux and Mac OS.
AWS Command Line Interface
Here is a CLI example that will terminate an EC2 instance. Replace with your instance ID:
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
Writing your scripts in Python is another good idea. Managing AWS services with Python is very easy; there are lots of examples available on the Internet; and Python is just so easy and quick to develop Amazon apps. Use the Boto3 library and not the older Boto library. I use Python 3.x for all new development, but be aware that there is a lot of already created work on the Internet for AWS that runs under Python 2.x.
CLI EC2 Commands
I'm looking to create an AWS system with one master EC2 instance which can create other instances.
For now, I managed to create python files with boto able to create ec2 instances.
The script works fine in my computer environment but when I try to deploy it using Amazon BeanStalk with Django (Python 3.4 included) the script doesn't work. I can't configure aws cli (and so Boto) through SSL because the only user I can access is ec2-user and the web server uses another user.
I could simply handwrite my access ID key and password on the python file but that would not be secure. What can I do to solve this problem?
I also discovered AWS cloudformation today, is it a better idea to create new instances with that rather than with the boto function run?
This sounds like an AWS credentials question, not specifically a "create ec2 instances" question. The answer is to assign the appropriate AWS permissions to the EC2 instance via an IAM role. Then your boto/boto3 code and/or the AWS CLI running on that instance will have permissions to make the necessary AWS API calls without having an access key and secret key stored in your code.