Last active
August 23, 2023 18:40
-
-
Save xuwang/c42a77e9f833d263d040 to your computer and use it in GitHub Desktop.
Utility script to get commonly used AWS instance metadata (e.g., id, role, account, region, security credentials etc.). Just need curl.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Retrieve AWS instrance's commonly used metadata. Require curl. | |
| # ./get-metadata help | |
| # ./get-metadata id | |
| # Input is case insensitive; format to uppper case to generate self-help page. | |
| info=${1^^} | |
| meta_data_url=http://169.254.169.254/latest/meta-data/ | |
| roleProfile=$(curl -s http://169.254.169.254/latest/meta-data/iam/info \ | |
| | grep -Eo 'instance-profile/([a-zA-Z.-]+)' | sed 's#instance-profile/##') | |
| # auth values | |
| get_sts_value() { | |
| echo -n $(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile/ \ | |
| | grep "$1" \ | |
| | awk -F":" '{print $2}' \ | |
| | sed 's/^[ ^t]*//;s/"//g;s/,//g') | |
| } | |
| case $info in | |
| ACCOUNT) | |
| result=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -Eo '([[:digit:]]{12})') | |
| ;; | |
| HOSTNAME) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname) | |
| ;; | |
| ID|INSTANCEID) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) | |
| ;; | |
| PRIVATEIP) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) | |
| ;; | |
| PUBLICIP) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) | |
| ;; | |
| ROLE) | |
| result=$roleProfile | |
| ;; | |
| STSCRED) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile) | |
| ;; | |
| STSTOKEN) | |
| result=$(get_sts_value "Token") | |
| ;; | |
| STSKEY) | |
| result=$(get_sts_value "AccessKeyId") | |
| ;; | |
| S3SECRET) | |
| result=$(get_sts_value "SecretAccessKey") | |
| ;; | |
| ZONE) | |
| result=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone/) | |
| ;; | |
| *) | |
| echo "Usage: $(basename $0) <argument>. Input is not case sensitive" | |
| grep -Eo '([A-Z.]+\))' $0 | sed 's/)//' | |
| ;; | |
| esac | |
| if [ ! -z "$result" ]; then | |
| echo "$result" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The grep should be like `grep -Eo 'instance-profile/([a-zA-Z0-9.-]+)' , otherwise you might not get the complete role name