1

I am trying to list all the images which has the name Ansible*.

If i can pull it off, i can use it to clean my AMI's that are created during patching activity. i am trying it via SSM Automation Document. below is the code i have.

description: This document is to remove AMI
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
mainSteps:
  - name: getImageId
    action: 'aws:executeAwsApi'
    inputs:
      Service: ec2
      Api: DescribeImages
      Filters:
        - Name: 'name'
          Values:
            - 'Ansible*'
    outputs:
      - Name: ImageId
        Selector: '$.Images[0].ImageId'
        Type: String

here, Selector: '$.Images[0].ImageId' gives only the 1st image id of the list. i can get it if i can give something like Selector: '$.Images[*].ImageId' but this is not supported by the SSM document.

could someone please help me on this. all i want is, i want to list all the images with its AMI ID.

PS: i have the shell and python script which does the job,. but i am looking for AWS SSM Automation document due to roles and policy restrictions

Raj R
  • 13
  • 3

1 Answers1

0

From some quick testing I'm not sure you can.

You can do this on the CLI though, so perhaps you can use the boto3 library and do it as a Python script via the executeScript automation?

CLI command that works:

aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn*" --query 'Images[*].Name' --output json

Update:

Here's an automation doc that runs the python script:

description: Gets all Amazon-owned AMIs.
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
mainSteps:
  - name: GetAMIs
    action: 'aws:executeScript'
    inputs:
      Runtime: python3.6
      Handler: script_handler
      Script: |-
        import boto3
        import json
        def script_handler(events, context):
          ec2_client = boto3.client('ec2', region_name='eu-west-2')
          images = ec2_client.describe_images(Owners=['amazon'],Filters=[{'Name':'name','Values':['amzn*']}])
          amis = []
          for image in images['Images']:
            amis.append(image['ImageId'])
          output = {"AMIs": amis[:10]}
          return output
    description: gets first 10 Amazon AMIs using boto3
    outputs:
      - Selector: $.Payload.AMIs
        Name: AMIs
        Type: StringList
    timeoutSeconds: 120

Be sure to change things like region, search string, etc.

shearn89
  • 3,143
  • 2
  • 14
  • 39
  • yes, i have the shell and python script which does the job,. but i am looking for AWS SSM Automation document due to roles and policy restrictions – Raj R Feb 15 '22 at 14:33
  • You can create an Automation document that runs a script in python. It's the first option for "Action Type" in the Builder view, or `aws:executeScript` in editor view. – shearn89 Feb 15 '22 at 14:42
  • No, it's running within AWS and will use the role that you assign the automation when you execute it. – shearn89 Feb 15 '22 at 15:12
  • botocore.exceptions.NoCredentialsError: Unable to locate credentials NoCredentialsError - Unable to locate credentials this is the error i am getting – Raj R Feb 15 '22 at 15:14
  • Replace the value for `assumeRole` with the ARN of your automation role from IAM. – shearn89 Feb 15 '22 at 15:21
  • thank you so much. it works. i was trying this for a week. all failed due to this IAM role. now all cleared. – Raj R Feb 15 '22 at 16:30