Score:1

Not able to list all the images

cn flag

I am trying to list all the images which has the name Ansible*.

If i can pull it off, i can use it to clean my AMI's that are created during patching activity. i am trying it via SSM Automation Document. below is the code i have.

description: This document is to remove AMI
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
mainSteps:
  - name: getImageId
    action: 'aws:executeAwsApi'
    inputs:
      Service: ec2
      Api: DescribeImages
      Filters:
        - Name: 'name'
          Values:
            - 'Ansible*'
    outputs:
      - Name: ImageId
        Selector: '$.Images[0].ImageId'
        Type: String

here, Selector: '$.Images[0].ImageId' gives only the 1st image id of the list. i can get it if i can give something like Selector: '$.Images[*].ImageId' but this is not supported by the SSM document.

could someone please help me on this. all i want is, i want to list all the images with its AMI ID.

PS: i have the shell and python script which does the job,. but i am looking for AWS SSM Automation document due to roles and policy restrictions

Score:0
cn flag

From some quick testing I'm not sure you can.

You can do this on the CLI though, so perhaps you can use the boto3 library and do it as a Python script via the executeScript automation?

CLI command that works:

aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn*" --query 'Images[*].Name' --output json

Update:

Here's an automation doc that runs the python script:

description: Gets all Amazon-owned AMIs.
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
mainSteps:
  - name: GetAMIs
    action: 'aws:executeScript'
    inputs:
      Runtime: python3.6
      Handler: script_handler
      Script: |-
        import boto3
        import json
        def script_handler(events, context):
          ec2_client = boto3.client('ec2', region_name='eu-west-2')
          images = ec2_client.describe_images(Owners=['amazon'],Filters=[{'Name':'name','Values':['amzn*']}])
          amis = []
          for image in images['Images']:
            amis.append(image['ImageId'])
          output = {"AMIs": amis[:10]}
          return output
    description: gets first 10 Amazon AMIs using boto3
    outputs:
      - Selector: $.Payload.AMIs
        Name: AMIs
        Type: StringList
    timeoutSeconds: 120

Be sure to change things like region, search string, etc.

Raj R avatar
cn flag
yes, i have the shell and python script which does the job,. but i am looking for AWS SSM Automation document due to roles and policy restrictions
cn flag
You can create an Automation document that runs a script in python. It's the first option for "Action Type" in the Builder view, or `aws:executeScript` in editor view.
cn flag
No, it's running within AWS and will use the role that you assign the automation when you execute it.
Raj R avatar
cn flag
botocore.exceptions.NoCredentialsError: Unable to locate credentials NoCredentialsError - Unable to locate credentials this is the error i am getting
cn flag
Replace the value for `assumeRole` with the ARN of your automation role from IAM.
Raj R avatar
cn flag
thank you so much. it works. i was trying this for a week. all failed due to this IAM role. now all cleared.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.