Новый команд экземпляра ec 2

Start an AWS access portal session

aws sso login

aws sts get-caller-identity

Note

If you already have an active AWS access portal session and run aws sso login, you
will not be required to provide credentials.

The sign-in process might prompt you to allow the AWS CLI access to your data. Because the AWS CLI is
built on top of the SDK for Python, permission messages may contain variations of the botocore
name.

Starting with version 4.1.538 of the Tools for PowerShell, the recommended method to configure SSO
credentials and start an AWS access portal session is to use the Initialize-AWSSSOConfiguration and Invoke-AWSSSOLogin cmdlets, as described in Configure tool authentication with AWS. If you don’t have access to that version of the Tools for PowerShell (or later) or
can’t use those cmdlets, you can still perform these tasks by using the AWS CLI.

In this blog post, I will show you how to update AWS Tools for PowerShell at scale within your environment by using the AWS Systems Manager Run Command.

Manually updating AWS Tools for PowerShell across multiple instances can be time-consuming, inefficient, and error prone. These manual operational efforts typically result in a logistical nightmare, especially within large enterprise environments. The AWS Tools for PowerShell are a set of PowerShell modules that are built on the functionality exposed by the AWS SDK for .NET, which enable you to script operations on your AWS resources within the PowerShell command line. And with AWS Systems Manager, you can automate operational tasks across both your AWS cloud environment and on-premises servers, simplifying resource and application management. This facilitates operation and management of your infrastructure securely at scale.

For this blog post, I will create a workflow that uses the AWS Systems Manager Run Command feature. This workflow will run a PowerShell script that captures the AWS Tools for PowerShell version across all managed Amazon Elastic Compute Cloud (Amazon EC2) instances within an AWS account and update it to the latest version, if required.

Indicates whether to assign a public IP address to an instance in a VPC.

Indicates the instance’s Capacity Reservation preferences. Possible preferences include:

• open – The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).
• none – The instance avoids running in a Capacity Reservation even if one is available. The instance runs as an On-Demand Instance.

The ID of the Capacity Reservation in which to run the instance.

The ARN of the Capacity Reservation resource group in which to run the instance.

The credit option for CPU usage of a T instance.Valid values:

standard

unlimited

If you set this parameter to

true

, you can’t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set

InstanceInitiatedShutdownBehavior

terminate

, you can terminate the instance by running the shutdown command from the instance.Default:

false

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn’t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.Default:

false

An elastic GPU to associate with the instance.Amazon Elastic Graphics reached end of life on January 8, 2024.

If you’re launching an instance into a dual-stack or IPv6-only subnet, you can enable assigning a primary IPv6 address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if an instance relies on its IPv6 address not changing. When you launch the instance, Amazon Web Services will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to

true

This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.

true

to enable your instance for hibernation.For Spot Instances, if you set

Configured

true

, either omit the

InstanceInterruptionBehavior

SpotMarketOptions

), or set it to

hibernate

Configured

• If you omit InstanceInterruptionBehavior, it defaults to hibernate.
• If you set InstanceInterruptionBehavior to a value other than hibernate, you’ll get an error.

false

The Amazon Resource Name (ARN) of the instance profile.

The name of the instance profile.

The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template.

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).Default:

stop

The market (purchasing) option for the instances.For RunInstances, persistent Spot Instance requests are only supported when InstanceInterruptionBehavior is set to either

hibernate

stop

The IPv6 addresses from the range of the subnet to associate with the primary network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you’ve specified a minimum number of instances to launch.You cannot specify this option and the network interfaces option in the same request.

The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you’ve specified a minimum number of instances to launch.You cannot specify this option and the network interfaces option in the same request.

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair.

If you do not specify a key pair, you can’t connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

The launch template. Any additional parameters that you specify for the new instance overwrite the corresponding parameters included in the launch template.

The license configurations.

Enables or disables the HTTP metadata endpoint on your instances.If you specify a value of

disabled

, you cannot access your instance metadata.Default:

enabled

Enables or disables the IPv6 endpoint for the instance metadata service.Default:

disabled

The maximum number of hops that the metadata token can travel.Possible values: Integers from 1 to 64

Indicates whether IMDSv2 is required.

• optional – IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.
• required – IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.

• If the value of ImdsSupport for the Amazon Machine Image (AMI) for your instance is v2.0 and the account level default is set to no-preference, the default is required.
• If the value of ImdsSupport for the Amazon Machine Image (AMI) for your instance is v2.0, but the account level default is set to V1 or V2, the default is optional.

Specifies whether detailed monitoring is enabled for the instance.

The network interfaces to associate with the instance.

Changes the cmdlet behavior to return the value passed to the ImageId parameter. The -PassThru parameter is deprecated, use -Select ‘^ImageId’ instead. This parameter will be removed in a future version.

The affinity setting for the instance on the Dedicated Host.This parameter is not supported for CreateFleet or ImportInstance.

The Availability Zone of the instance.If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.This parameter is not supported for CreateFleet.

The ID of the placement group that the instance is in. If you specify

GroupId

, you can’t specify

GroupName

The name of the placement group that the instance is in. If you specify

GroupName

, you can’t specify

GroupId

The ID of the Dedicated Host on which the instance resides.This parameter is not supported for CreateFleet or ImportInstance.

The ARN of the host resource group in which to launch the instances.If you specify this parameter, either omit the Tenancy parameter or set it to

host

.This parameter is not supported for CreateFleet.

The number of the partition that the instance is in. Valid only if the placement group strategy is set to

partition

.This parameter is not supported for CreateFleet.

Reserved for future use.

The tenancy of the instance. An instance with a tenancy of

dedicated

runs on single-tenant hardware.This parameter is not supported for CreateFleet. The

host

tenancy is not supported for ImportInstance or for T3 instances that are configured for the

unlimited

CPU credit option.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.

The primary IPv4 address. You must specify a value from the IPv4 address range of the subnet.Only one private IP address can be designated as primary. You can’t specify this option if you’ve specified the option to designate a private IP address as the primary IP address in a network interface specification. You cannot specify this option if you’re launching more than one instance in the request.You cannot specify this option and the network interfaces option in the same request.

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

The IDs of the security groups. You can create a security group using CreateSecurityGroup.If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.

Use the -Select parameter to control the cmdlet output. The default value is ‘Reservation’. Specifying -Select ‘*’ will result in the cmdlet returning the whole service response (Amazon.EC2.Model.RunInstancesResponse). Specifying the name of a property of type Amazon.EC2.Model.RunInstancesResponse will result in that property being returned. Specifying -Select ‘^ParameterName’ will result in the cmdlet returning the selected cmdlet parameter value.

The ID of the subnet to launch the instance into.If you specify a network interface, you must specify any subnets as part of the network interface instead of using this parameter.

• Instances
• Volumes
• Spot Instance requests
• Network interfaces

To tag a resource after it has been created, see CreateTags.

Walkthrough

1. Open the AWS Systems Manager console and select the Run Command option under Node Management (Figure 1).

   

   Figure 1 – AWS Systems Manager – Run Command

2. Within the Commands pane, choose Run command (Figure 2).

   

   Figure 2- Commands – Run command

3. Within the Command document search box, type AWS-RunPowerShellScript and select the radio button for the AWS-RunPowerShellScript command (Figure 3).

   

   Figure 3- Run Command – Select RunPowerShellScript command type

4. Under the Command parameters pane, paste the following PowerShell script, as shown in Figure 4:

   $repo = "PSGallery" # PowerShell Gallery (powershellgallery.com)
   # Validate NuGet provider is available (required to interact with PowerShell Gallery)
   if(-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) { # Install NuGet provider if not present (required to interact with PowerShell Gallery) try { Install-PackageProvider -Name NuGet -Force | Out-Null } catch { Write-Error "Failed to install NuGet provider: $($_.Exception.Message)" Exit }
   }
   # Set approved repository
   Set-PSRepository -Name $repo -InstallationPolicy Trusted
   # Retrieve installed modules
   $installedModules = Get-InstalledModule -Name AWS* -ErrorAction Stop
   # Check if AWS modules are not installed
   if(-not $installedModules) { Write-Output "No AWS modules installed." Exit
   }
   # Loop through each installed AWS module
   foreach ($module in $installedModules) { # Try to get module from repository try { $repoModule = Find-Module -Name $module.Name -Repository $repo -ErrorAction Stop } catch { Write-Error "Failed to find $($module.Name) in repository: $($_.Exception.Message)" Continue } # Check if newer version available if ($repoModule.Version -gt $module.Version) { Write-Output "$($module.Name) $($module.Version) installed. $($repoModule.Name) $($repoModule.Version) available." # Uninstall outdated version try { Uninstall-Module -Name $module.Name -AllVersions -Force -ErrorAction Stop } catch { Write-Error "Failed to uninstall $($module.Name): $($_.Exception.Message)" Continue } # Install latest version try { Install-Module -Name $module.Name -Force -ErrorAction Stop -Repository $repo Write-Output "Updated $($module.Name) to $($repoModule.Version)" } catch { Write-Error "Failed to install $($repoModule.Name): $($_.Exception.Message)" Continue } } # Latest version is already installed else { Write-Output "$($module.Name) $($module.Version) is installed and is the latest available version." }
   }

   

   Figure 4- Run Command – PowerShell command parameters

This PowerShell script will search for all installed AWS PowerShell modules within the instance it is being run on. It will then compare the installed module version to the latest version available within the PowerShell Gallery and install the latest version, if applicable.

There are three AWS Tools for PowerShell package options available for Windows-based computers:

5. Once you have pasted the script within the Command parameters pane, scroll down to the Target selection pane. There are three methods for selecting targets within AWS Systems Manager Run Command:

• • Specify instance tags – Specify one or more tag key-value pairs to select instances that share those tags.
  • Choose instances manually – Manually select the instances you want to register as targets.
  • Choose a resource group – Choose a resource group that includes the resources you want to target.

In this example, I used the Specify instance tags method. I assigned a tag key of update-pstools with a value of yes to all the targets where I wanted to update AWS Tools for PowerShell (Figure 5).

Figure 5- Run Command – Target selection

The Run Command functionality within AWS Systems Manager allows for command output to be written to an Amazon Simple Storage Service (Amazon S3) bucket. You have the ability to stream command output to Amazon CloudWatch logs as well.

6. Scroll down to the Output options section. In this example, I will disable the ability to write command output to an Amazon S3 bucket (Figure 6).

Figure 6- Run Command – Output options

When ready to proceed, scroll to the bottom of the page and click on the Run button (Figure 7).

Figure 7- Run Command – Run

Command status and output

The command will now be run on all nodes with the tags specified in the previous step. You can check on the status of the command on each node by consulting the Status column under the Targets and outputs section. The status will be In Progress and eventually change to Success once the script is run on the target nodes (Figure 8).

Figure 8- Run Command – Targets and outputs

Once the status changes to Success for a certain instance (Figure 9), you can click on the Instance ID to view the command output for that instance (Figure 10).

Figure 9- Run Command – Targets and outputs Status

Figure 10- Run Command – Command Output

Figure 10 shows that the sample instance had modularized versions of AWS Tools for PowerShell for multiple services. Each individual module was outdated and therefore updated to the most recent available version available when I ran the script.

Additional information

• To learn about other credential providers, see Standardized credential providers
  in the AWS SDKs and Tools Reference Guide.

Example

Install-Module AWS.Tools.Installer
Install-AWSToolsModule S3
# And if using an older version of the AWS Tools for PowerShell:
Install-AWSToolsModule SSO, SSOOIDC
# In older versions of the AWS Tools for PowerShell, we're not invoking a cmdlet from these modules directly,
# so we must import them explicitly:
Import-Module AWS.Tools.SSO
Import-Module AWS.Tools.SSOOIDC
# Older versions of the AWS Tools for PowerShell don't support the SSO login flow, so login with the CLI
aws sso login
# Now we can invoke cmdlets using the SSO profile
Get-S3Bucket

Configure the Tools for PowerShell to use IAM Identity Center through the AWS CLI.

If you haven’t already done so, be sure to Enable and configure IAM
Identity Center before you proceed.

• The AWS CLI, which you use to start an AWS access portal session before you run your
  application.

• [default]
  sso_session = my-sso
  sso_account_id = 111122223333sso_role_name = SampleRoleregion = us-east-1
  output = json
  [sso-session my-sso]
  sso_region = us-east-1
  sso_start_url = https://provided-domain.awsapps.com/startsso_registration_scopes = sso:account:access

Important

Prerequisites

• Basic knowledge of the AWS Systems Manager service. For more information refer to the AWS Systems Manager User Guide and introduction videos at Getting Started with AWS Systems Manager.
• The nodes that have AWS Tools for PowerShell installed must be set up as managed nodes. A managed node is an Amazon EC2 instance or non-EC2 machine in your hybrid environment that has been configured for AWS Systems Manager.
• AWS Identity and Access Management (IAM) permissions to utilize the Run Command functionality within AWS Systems Manager. For more information, refer to How AWS Systems Manager works with IAM.

Conclusion

Похожее:

Windows 10 1080P, 2K, 4K, 5K HD wallpapers free download | Wallpaper Flare Топ-3 модуля power shell Создание модуля power shell Как вызовать объект класса в powershell jobs