Skip to content

Instantly share code, notes, and snippets.

@xuwang
Last active August 23, 2023 18:40
Show Gist options
  • Save xuwang/c42a77e9f833d263d040 to your computer and use it in GitHub Desktop.
Save xuwang/c42a77e9f833d263d040 to your computer and use it in GitHub Desktop.
Utility script to get commonly used AWS instance metadata (e.g., id, role, account, region, security credentials etc.). Just need curl.
#!/bin/bash
# Retrieve AWS instrance's commonly used metadata. Require curl.
# ./get-metadata help
# ./get-metadata id
# Input is case insensitive; format to uppper case to generate self-help page.
info=${1^^}
meta_data_url=http://169.254.169.254/latest/meta-data/
roleProfile=$(curl -s http://169.254.169.254/latest/meta-data/iam/info \
| grep -Eo 'instance-profile/([a-zA-Z.-]+)' | sed 's#instance-profile/##')
# auth values
get_sts_value() {
echo -n $(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile/ \
| grep "$1" \
| awk -F":" '{print $2}' \
| sed 's/^[ ^t]*//;s/"//g;s/,//g')
}
case $info in
ACCOUNT)
result=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -Eo '([[:digit:]]{12})')
;;
HOSTNAME)
result=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
;;
ID|INSTANCEID)
result=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
;;
PRIVATEIP)
result=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
;;
PUBLICIP)
result=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
;;
ROLE)
result=$roleProfile
;;
STSCRED)
result=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile)
;;
STSTOKEN)
result=$(get_sts_value "Token")
;;
STSKEY)
result=$(get_sts_value "AccessKeyId")
;;
S3SECRET)
result=$(get_sts_value "SecretAccessKey")
;;
ZONE)
result=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone/)
;;
*)
echo "Usage: $(basename $0) <argument>. Input is not case sensitive"
grep -Eo '([A-Z.]+\))' $0 | sed 's/)//'
;;
esac
if [ ! -z "$result" ]; then
echo "$result"
fi
@sportebois
Copy link

`roleProfile=$(curl -s http://169.254.169.254/latest/meta-data/iam/info \
    | grep -Eo 'instance-profile/([a-zA-Z.-]+)' | sed 's#instance-profile/##')

The grep should be like `grep -Eo 'instance-profile/([a-zA-Z0-9.-]+)' , otherwise you might not get the complete role name

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment