Via G. Falcone 5, Pollenza (MC), Italy
+39 0733 203595

Getting EC2 instance tags from the inside of a running instance

Getting informations on a running instance from the inside is a tedious task and it’s usually done in an insecure and error prone way.

With this article we want to show you our way to get instance tags from the inside of a running instance.

Setting up your Ec2 instance with an IAM role

Setting up an IAM role

The first step to implement a secure solution is to create an IAM role that our instance will use as an “Instance role”. The role must have the “AmazonEC2ReadOnlyAccess” policy attached. Alternatively you can create a more restricted policy with only the “Action”: “ec2:Describe*” permission. From now on we call this role “MyEC2ReadOnlyAccess”.

iam

Launch your new instance

At this point, you can run a new instance with your newly created role. The wizard let’s you specify which role to attach to an EC2 instance; alternatively, you can use Ansible or other methods to launch an instance.

wizard

Getting the instance details

Now you can ssh into your new machine and you will have access to all EC2 attributes and all tags. AWS gives an handy way to get some of the basic details of a running instance using an internal web service at the address http://169.254.169.254.

The important thing for us is getting the instance ID:

With the instance ID we can query additional attributes like tags and other details. Doing that requires using the aws cli console.

For example to have the instance “Name” you can do:

With this command instead you can explore all tags of your running instance:

We hope you enjoyed reading this article, leave a comment if you find it useful. Ciao!

Leave a reply