Skip to content

Instantly share code, notes, and snippets.

@mgangl

mgangl/checkLatestAMICompliance.sh

Last active June 1, 2021 15:30
Show Gist options
  • Save mgangl/3678e4e153b532777134ed0deee304e7 to your computer and use it in GitHub Desktop.
Save mgangl/3678e4e153b532777134ed0deee304e7 to your computer and use it in GitHub Desktop.
Download ZIP
NGAP AMI Compliance Check
Raw
checkLatestAMICompliance.sh
#!/bin/bash
for var in "$@"
do
echo "Checking NGAP compliance for $var"
export AWS_ACCOUNT=`aws sts get-caller-identity --profile $var | jq -r .Account`
export LATEST_AMI=`aws ssm get-parameter --name image_id_amz2 --profile $var | jq -r .Parameter.Value`
export LATEST_ECS_AMI=`aws ssm get-parameter --name image_id_ecs_amz2 --profile $var | jq -r .Parameter.Value`
echo "Latest AMI: $LATEST_AMI"
echo "Latest ECS AMI: $LATEST_ECS_AMI"
echo "Account: $AWS_ACCOUNT"
echo "Non Compliant instance-Ids"
aws ec2 describe-instances --filter Name=instance-state-name,Values=running --profile $var | jq ".Reservations[] | select((.Instances[0].ImageId!=\"$LATEST_AMI\") and (.Instances[0].ImageId!=\"$LATEST_ECS_AMI\"))" | jq -r "(.Instances[0]| .InstanceId +\" \" + (.Tags | from_entries | .Name))" | sort | uniq
done
@mgangl
Copy link
Author

mgangl commented Feb 21, 2020
edited
Loading

Changed:
4/2/2020

  • Add instance Names to output of ngap check
    Before Time...
  • the or|and filtering wasn't working before, so you'd get all your instance IDs back no matter what
  • Added filter to only find 'RUNNING' instances

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment