stackoom
  简体   繁体   中英

Adding an environment variable to an ec2 instance with boto

 原文  2015-01-07 21:44:20       python/ amazon-web-services/ amazon-ec2/ environment-variables/ boto

Question

Pretty simple question, but I can't find anyone addressing it, or really any mention of the problem. Basically I'm looking to add a small amount of information to a remote ec2 box by associating an environment variable with the box when I'm spinning it up.

I've seen some mention of the concept of tags , but I'm looking for something that I can naively check and access from within the instance, and it's not clear if tags provide that functionality.

Ideally the interface to add these environment variables would also not be accessible by any external party after the instance has been instantiated.

I realize I could achieve a similar effect by setting up a secure database, but that seems overly involved for just trying to add a couple pieces of metadata to the instance.

Not looking for a handout, but any link to some documentation on this would be much appreciated. I'm currently using boto (code below), so something that fits into the boto framework would be ideal, but if I have to drop down to amazon's REST api it wouldn't be the end of the world. 

def create_instances(connection, type, number, **kwargs):
    kwargs.update({
        'min_count': number,
        'max_count': number
    })
    return connection.run_instances(**kwargs).instances  # maybe if kwargs had an environment variable?

1 answers

solution1
 3 ACCPTED  2015-01-08 01:36:05

There are several ways to pass information to an Amazon EC2 instance, but not all of them would necessarily meet your requirement for it not being accessible after launch.

User Data

When launching an Amazon EC2 instance, User Data can be specified. The contents of the User Data is accessible from within the instance by accessing the URL: 

http://169.254.169.254/latest/user-data/

Your code on the instance could query this URL (which is intercepted by the hypervisor, and viewable only from the instance itself) to access the information.

Another use for User Data is that it can execute as a script . The script could set an environment variable that your code can then access.

However, the User Data can be viewed via the EC2 Management Console or via a DescribeInstanceAttribute call, so this might not meet your requirement for security.

Tags

Another option is to use Tags. These are Name-Value pairs associated with an EC2 instance (or other objects within AWS). Tags can be retrieved via a call to 'DescribeTags', but boto has some shortcuts to access them.

Tags are a great way to associate information with an instance, and tags can also be used to identify specific instances (eg by environment, project, owner...).

However, the values stored in Tags are viewable in the EC2 Management Console and via API calls.

Other options

  • Retrieving values from a database (but then you have the problem of how to authenticate against the database)
  • Storing data on an AMI (but this doesn't make it easy to modify values on a per-instance basis)
  • Storing data in Amazon S3 and using an IAM role assigned to the instance to provide credentials to retrieve the data from S3
  • Retrieving data from a code repository (but, again, security concerns)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run Python code on EC2 instance with Boto Polling a stopping or starting EC2 instance with Boto Displaying EC2 Instance name using Boto 3 boto error to launch ec2 instance Boto Execute shell command on ec2 instance Boto EC2: Create an instance with tags Starting a stopped EC2 instance with Boto Pagination in boto3 ec2 describe instance Using boto3 to check if you can reach one ec2 instance from another ec2 instance How to run python script on EC2 instance by boto3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM