Python脚本未正确返回EC2实例ID

时间:2018-05-13 23:55:50

标签: python-3.x amazon-web-services amazon-ec2 boto3

我有一个python脚本试图获取我拥有的每个AWS账户中的每个EC2实例ID。我正在使用自定义库(nwmaws),它将为我列出每个帐户ID。我正在使用一个生成sts令牌的函数,并提取每个帐户ID并插入id以动态构建ARN,这样我就可以在每个帐户中担任角色并获取实例ID。我能够生成sts令牌,但我没有在响应中获取实例ID。只需一个HTTP 200状态代码。以下是我的代码和回复。

CODE: 

import boto3 
import nwmaws

client = boto3.client('ec2')
accounts = nwmaws.Accounts().list()

def get_sts_token(**kwargs):
    role_arn = kwargs['RoleArn']
    region_name = kwargs['RegionName']
    sts = boto3.client(
        'sts',
        region_name=region_name,
    )
    token = sts.assume_role(
        RoleArn=role_arn,
        RoleSessionName='GetInstances',
        DurationSeconds=900,
    )
    return token["Credentials"]

def get_all_instances():
    for i in accounts:
        account_list = i.account_id
        role_arn = "arn:aws:iam::{}:role/ADFS- 
        GlobalAdmins".format(account_list)

        get_sts_token(RoleArn=role_arn, RegionName="us-east-1")

        response = client.describe_instances()
        print(response)

get_all_instances()

RESPONSE: 

{'Reservations': [], 'ResponseMetadata': {'RequestId': '5c1e8326-5a36- 
4866-9cfd-bd83bff62d05', 'HTTPStatusCode': 200, 'HTTPHeaders': 
{'content-type': 'text/xml;charset=UTF-8', 'transfer-encoding': 
'chunked', 'vary': 'Accept-Encoding', 'date': 'Sun, 13 May 2018 
21:23:25 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}
{'Reservations': [], 'ResponseMetadata': {'RequestId': '1e165d98-0b5c- 
4172-8917-bf688afbad7c', 'HTTPStatusCode': 200, 'HTTPHeaders': 
{'content-type': 'text/xml;charset=UTF-8', 'content-length': '230', 
'date': 'Sun, 13 May 2018 21:23:25 GMT', 'server': 'AmazonEC2'}, 
'RetryAttempts': 0}}
{'Reservations': [], 'ResponseMetadata': {'RequestId': 'e18526d5-c7e9- 
465f-a1fd-87e1d652e95c', 'HTTPStatusCode': 200, 'HTTPHeaders': 
{'content-type': 'text/xml;charset=UTF-8', 'transfer-encoding': 
'chunked', 'vary': 'Accept-Encoding', 'date': 'Sun, 13 May 2018 
21:23:25 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}} etc. etc...

DESIRED RESPONSE: 

i-xxxxxx
i-xxxxxx
i-xxxxxx
i-xxxxxx
i-xxxxxx
etc etc

2 个答案:

答案 0 :(得分:1)

正如@Michael - sqlbot所提到的,您没有使用assume_role API调用生成的令牌。使用获取的凭据创建EC2客户端对象。使用以下行替换代码中的get_sts_token(RoleArn=role_arn, RegionName="us-east-1")行以检索临时凭证并使用它来列出实例:

credentials = get_sts_token(RoleArn=role_arn, RegionName="us-east-1")
access_key = credentials['AccessKeyId']
secret_key = credentials['SecretAccessKey']
token = credentials['SessionToken']
session = boto3.session.Session(
    aws_access_key_id=access_key,
    aws_secret_access_key=secret_key,
    aws_session_token=token
)
client = session.client('ec2', region_name='us-east-1')
response = client.describe_instances()
print(response)

这将返回us-east-1中的所有实例。如果您需要所有区域中的实例列表,请调用describe_regions API并遍历列表。

参考文献:

  • 可以找到有关Session对象的文档here

答案 1 :(得分:0)

print(response)的输出是正确的。

但是你可以试试这个来获得你想要的输出:

client = boto3.client('ec2')
instances = ec2.instance.filter(Filters=[{'Name': 'instance-state-name', 
'Values' ": ['running']}])
for instance in instances:
    print(instance.id, instance.instance_type)
相关问题
最新问题