I have a python script that is trying to get every EC2
instance ID in every AWS account that I own. I am using a custom library ( nwmaws
) that will list every account ID for me. I am using a function that generates an sts
token and pulls each account id and interpolates the id to dynamically build the ARN
so I can assume a role in each account and get the instance IDs. I am able to generate the sts
tokens, but I am not getting the instance IDs in the response. Just an HTTP 200
status code. Below is my code and the response.
CODE:
import boto3
import nwmaws
client = boto3.client('ec2')
accounts = nwmaws.Accounts().list()
def get_sts_token(**kwargs):
role_arn = kwargs['RoleArn']
region_name = kwargs['RegionName']
sts = boto3.client(
'sts',
region_name=region_name,
)
token = sts.assume_role(
RoleArn=role_arn,
RoleSessionName='GetInstances',
DurationSeconds=900,
)
return token["Credentials"]
def get_all_instances():
for i in accounts:
account_list = i.account_id
role_arn = "arn:aws:iam::{}:role/ADFS-
GlobalAdmins".format(account_list)
get_sts_token(RoleArn=role_arn, RegionName="us-east-1")
response = client.describe_instances()
print(response)
get_all_instances()
RESPONSE:
{'Reservations': [], 'ResponseMetadata': {'RequestId': '5c1e8326-5a36-
4866-9cfd-bd83bff62d05', 'HTTPStatusCode': 200, 'HTTPHeaders':
{'content-type': 'text/xml;charset=UTF-8', 'transfer-encoding':
'chunked', 'vary': 'Accept-Encoding', 'date': 'Sun, 13 May 2018
21:23:25 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}
{'Reservations': [], 'ResponseMetadata': {'RequestId': '1e165d98-0b5c-
4172-8917-bf688afbad7c', 'HTTPStatusCode': 200, 'HTTPHeaders':
{'content-type': 'text/xml;charset=UTF-8', 'content-length': '230',
'date': 'Sun, 13 May 2018 21:23:25 GMT', 'server': 'AmazonEC2'},
'RetryAttempts': 0}}
{'Reservations': [], 'ResponseMetadata': {'RequestId': 'e18526d5-c7e9-
465f-a1fd-87e1d652e95c', 'HTTPStatusCode': 200, 'HTTPHeaders':
{'content-type': 'text/xml;charset=UTF-8', 'transfer-encoding':
'chunked', 'vary': 'Accept-Encoding', 'date': 'Sun, 13 May 2018
21:23:25 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}} etc. etc...
DESIRED RESPONSE:
i-xxxxxx
i-xxxxxx
i-xxxxxx
i-xxxxxx
i-xxxxxx
etc etc
As @Michael - sqlbot mentioned, you are not using the token generated by the assume_role API call. Create your EC2 client object using the credentials obtained. Replace get_sts_token(RoleArn=role_arn, RegionName="us-east-1")
line in your code with the following lines to retrieve the temporary credentials and use it to list the instances:
credentials = get_sts_token(RoleArn=role_arn, RegionName="us-east-1")
access_key = credentials['AccessKeyId']
secret_key = credentials['SecretAccessKey']
token = credentials['SessionToken']
session = boto3.session.Session(
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=token
)
client = session.client('ec2', region_name='us-east-1')
response = client.describe_instances()
print(response)
This will return all the instances in us-east-1. If you need the list of instances in all regions, call describe_regions API and iterate through the list.
References:
The output of print(response)
is correct.
However you can try this to get your desired output:
client = boto3.client('ec2')
instances = ec2.instance.filter(Filters=[{'Name': 'instance-state-name',
'Values' ": ['running']}])
for instance in instances:
print(instance.id, instance.instance_type)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.