-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8653 from elysahall/awsdocs-04-29-24
CLI examples for ec2, eks, ivs, kendra, kms, networkmonitor, rds
- Loading branch information
Showing
72 changed files
with
3,471 additions
and
128 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| **To associate a resource discovery with an IPAM** | ||
|
|
||
| In this example, you are an IPAM delegated admin and a resource discovery has been created and shared with you by another AWS account so that you can use IPAM to manage and monitor resource CIDRs owned by the other account. | ||
|
|
||
| Note | ||
|
|
||
| * To complete this request, you'll need the resource discovery ID which you can get with `describe-ipam-resource-discoveries <https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-ipam-resource-discoveries.html>`__ and the IPAM ID which you can get with `describe-ipams <https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-ipams.html>`__. | ||
| * The resource discovery that you are associating must have first been shared with your account using AWS RAM. | ||
| * The ``--region`` you enter must match the home Region of the IPAM you are associating it with. | ||
|
|
||
| The following ``associate-ipam-resource-discovery`` example associates a resource discovery with an IPAM. :: | ||
|
|
||
| aws ec2 associate-ipam-resource-discovery \ | ||
| --ipam-id ipam-005f921c17ebd5107 \ | ||
| --ipam-resource-discovery-id ipam-res-disco-03e0406de76a044ee \ | ||
| --tag-specifications 'ResourceType=ipam-resource-discovery,Tags=[{Key=cost-center,Value=cc123}]' \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| { | ||
| "IpamResourceDiscoveryAssociation": { | ||
| "OwnerId": "320805250157", | ||
| "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-04382a6346357cf82", | ||
| "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::320805250157:ipam-resource-discovery-association/ipam-res-disco-assoc-04382a6346357cf82", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0365d2977fc1672fe", | ||
| "IpamId": "ipam-005f921c17ebd5107", | ||
| "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", | ||
| "IpamRegion": "us-east-1", | ||
| "IsDefault": false, | ||
| "ResourceDiscoveryStatus": "active", | ||
| "State": "associate-in-progress", | ||
| "Tags": [] | ||
| } | ||
| } | ||
| } | ||
|
|
||
| Once you associate a resource discovery, you can monitor and/or manage the IP addresses of resources created by the other accounts. For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| **To create a resource discovery** | ||
|
|
||
| In this example, you're a delegated IPAM admin who wants to create and share a resource discovery with the IPAM admin in another AWS Organization so that the admin in the other organization can manage and monitor the IP addresses of resources in your organization. | ||
|
|
||
| Important | ||
|
|
||
| * This example includes both the ``--region`` and ``--operating-regions`` options because, while they are optional, they must be configured in a particular way to successfully integrate a resource discovery with an IPAM. | ||
| * ``--operating-regions`` must match the Regions where you have resources that you want IPAM to discover. If there are Regions where you do not want IPAM to manage the IP addresses (for example for compliance reasons), do not include them. | ||
| * ``--region`` must match the home Region of the IPAM you want to associate it with. You must create the resource discovery in the same Region that the IPAM was created in. For example, if the IPAM you are associating with was created in us-east-1, include ``--region us-east-1`` in the request. | ||
| * Both the ``--region`` and ``--operating-regions`` options default to the Region you're running the command in if you don't specify them. | ||
|
|
||
| In this example, the operating Regions of the IPAM we're integrating with include ``us-west-1``, ``us-west-2``, and ``ap-south-1``. When we create the resource discovery, we want IPAM to discover the resource IP addresses in ``us-west-1`` and ``us-west-2`` but not ``ap-south-1``. So we are including only ``--operating-regions RegionName='us-west-1' RegionName='us-west-2'`` in the request. | ||
|
|
||
| The following ``create-ipam-resource-discovery`` example creates an IPAM resource discovery. :: | ||
|
|
||
| aws ec2 create-ipam-resource-discovery \ | ||
| --description 'Example-resource-discovery' \ | ||
| --tag-specifications 'ResourceType=ipam-resource-discovery,Tags=[{Key=cost-center,Value=cc123}]' \ | ||
| --operating-regions RegionName='us-west-1' RegionName='us-west-2' \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamResourceDiscovery":{ | ||
| "OwnerId": "149977607591", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0257046d8aa78b8bc", | ||
| "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0257046d8aa78b8bc", | ||
| "IpamResourceDiscoveryRegion": "us-east-1", | ||
| "Description": "'Example-resource-discovery'", | ||
| "OperatingRegions":[ | ||
| {"RegionName": "us-west-1"}, | ||
| {"RegionName": "us-west-2"}, | ||
| {"RegionName": "us-east-1"} | ||
| ], | ||
| "IsDefault": false, | ||
| "State": "create-in-progress", | ||
| "Tags": [ | ||
| { | ||
| "Key": "cost-center", | ||
| "Value": "cc123" | ||
| } | ||
| ] | ||
| } | ||
|
|
||
| Once you create a resource discovery, you may want to share it with another IPAM delegated admin, which you can do with `create-resource-share <https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-resource-share.html>`__. For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| **To delete an IPAM pool** | ||
|
|
||
| In this example, you're a IPAM delegated admin who wants to delete an IPAM pool that you no longer need, but the pool has a CIDR provisioned to it. You cannot delete a pool if it has CIDRs provisioned to it unless you use the ``--cascade`` option, so you'll use ``--cascade``. | ||
|
|
||
| To complete this request: | ||
|
|
||
| * You'll need the IPAM pool ID which you can get with `describe-ipam-pools <https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-ipam-pools.html>`__. | ||
| * The ``--region`` must be the IPAM home Region. | ||
|
|
||
| The following ``delete-ipam-pool`` example deletes an IPAM pool in your AWS account. :: | ||
|
|
||
| aws ec2 delete-ipam-pool \ | ||
| --ipam-pool-id ipam-pool-050c886a3ca41cd5b \ | ||
| --cascade \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamPool": { | ||
| "OwnerId": "320805250157", | ||
| "IpamPoolId": "ipam-pool-050c886a3ca41cd5b", | ||
| "IpamPoolArn": "arn:aws:ec2::320805250157:ipam-pool/ipam-pool-050c886a3ca41cd5b", | ||
| "IpamScopeArn": "arn:aws:ec2::320805250157:ipam-scope/ipam-scope-0a158dde35c51107b", | ||
| "IpamScopeType": "private", | ||
| "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", | ||
| "IpamRegion": "us-east-1", | ||
| "Locale": "None", | ||
| "PoolDepth": 1, | ||
| "State": "delete-in-progress", | ||
| "Description": "example", | ||
| "AutoImport": false, | ||
| "AddressFamily": "ipv4", | ||
| "AllocationMinNetmaskLength": 0, | ||
| "AllocationMaxNetmaskLength": 32 | ||
| } | ||
| } | ||
|
|
||
| For more information, see `Delete a pool <https://docs.aws.amazon.com/vpc/latest/ipam/delete-pool-ipam.html>`__ in the *Amazon VPC IPAM User Guide*. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| **To delete a resource discovery** | ||
|
|
||
| In this example, you're a IPAM delegated admin who wants to delete a non-default resource discovery that you created to share with another IPAM admin during the process of integrating IPAM with accounts outside of your organization. | ||
|
|
||
| To complete this request: | ||
|
|
||
| * The ``--region`` must be the Region where you created the resource discovery. | ||
| * You cannot delete a default resource discovery if ``"IsDefault": true``. A default resource discovery is one that is created automatically in the account that creates an IPAM. To delete a default resource discovery, you have to delete the IPAM. | ||
|
|
||
| The following ``delete-ipam-resource-discovery`` example deletes a resource discovery. :: | ||
|
|
||
| aws ec2 delete-ipam-resource-discovery \ | ||
| --ipam-resource-discovery-id ipam-res-disco-0e39761475298ee0f \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamResourceDiscovery": { | ||
| "OwnerId": "149977607591", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0e39761475298ee0f", | ||
| "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0e39761475298ee0f", | ||
| "IpamResourceDiscoveryRegion": "us-east-1", | ||
| "OperatingRegions": [ | ||
| { | ||
| "RegionName": "us-east-1" | ||
| } | ||
| ], | ||
| "IsDefault": false, | ||
| "State": "delete-in-progress" | ||
| } | ||
| } | ||
|
|
||
| For more information about resource discoveries, see `Work with resource discoveries <https://docs.aws.amazon.com/vpc/latest/ipam/res-disc-work-with.html>`__ in the *Amazon VPC IPAM User Guide*. |
50 changes: 50 additions & 0 deletions
50
awscli/examples/ec2/describe-ipam-resource-discoveries.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| **Example 1: View complete details of resource discoveries** | ||
|
|
||
| In this example, you're a delegated IPAM admin who wants to create and share a resource discovery with the IPAM admin in another AWS Organization so that the admin can manage and monitor the IP addresses of resources in your organization. | ||
|
|
||
| This example may be useful if: | ||
|
|
||
| * You tried to create a resource discovery, but you got an error that you've reached your limit of 1. You realize that you may have already created a resource discovery and you want to view it in your account. | ||
| * You have resources in a Region that are not being discovered by the IPAM. You want to view the ``--operating-regions`` defined for the resource and ensure that you've added the right Region as an operating Region so that the resources there can be discovered. | ||
|
|
||
| The following ``describe-ipam-resource-discoveries`` example lists the details of the resource discovery in your AWS account. You can have one resource discovery per AWS Region. :: | ||
|
|
||
| aws ec2 describe-ipam-resource-discoveries \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamResourceDiscoveries": [ | ||
| { | ||
| "OwnerId": "149977607591", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0f8bdee9067137c0d", | ||
| "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0f8bdee9067137c0d", | ||
| "IpamResourceDiscoveryRegion": "us-east-1", | ||
| "OperatingRegions": [ | ||
| { | ||
| "RegionName": "us-east-1" | ||
| } | ||
| ], | ||
| "IsDefault": false, | ||
| "State": "create-complete", | ||
| "Tags": [] | ||
| } | ||
| ] | ||
| } | ||
|
|
||
| For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. | ||
|
|
||
| **Example 2: View only resource discovery IDs** | ||
|
|
||
| The following ``describe-ipam-resource-discoveries`` example lists the ID of the resource discovery in your AWS account. You can have one resource discovery per AWS Region. :: | ||
|
|
||
| aws ec2 describe-ipam-resource-discoveries \ | ||
| --query "IpamResourceDiscoveries[*].IpamResourceDiscoveryId" \ | ||
| --output text | ||
|
|
||
| Output:: | ||
|
|
||
| ipam-res-disco-0481e39b242860333 | ||
|
|
||
| For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
50 changes: 50 additions & 0 deletions
50
awscli/examples/ec2/describe-ipam-resource-discovery-associations.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| **To view all resource discovery associations with your IPAM** | ||
|
|
||
| In this example, you're a IPAM delegated admin who has associated resource discoveries with your IPAM to integrate other accounts with your IPAM. You've noticed that your IPAM is not discovering the resources in the operating Regions of the resource discovery as expected. You want to check the status and state of the resource discovery to ensure that the account that created it is still active and the resource discovery is still being shared. | ||
|
|
||
| The ``--region`` must be the home Region of your IPAM. | ||
|
|
||
| The following ``describe-ipam-resource-discovery-associations`` example lists the resource discovery associations in your AWS account. :: | ||
|
|
||
| aws ec2 describe-ipam-resource-discovery-associations \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamResourceDiscoveryAssociations": [ | ||
| { | ||
| "OwnerId": "320805250157", | ||
| "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-05e6b45eca5bf5cf7", | ||
| "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::320805250157:ipam-resource-discovery-association/ipam-res-disco-assoc-05e6b45eca5bf5cf7", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0f4ef577a9f37a162", | ||
| "IpamId": "ipam-005f921c17ebd5107", | ||
| "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", | ||
| "IpamRegion": "us-east-1", | ||
| "IsDefault": true, | ||
| "ResourceDiscoveryStatus": "active", | ||
| "State": "associate-complete", | ||
| "Tags": [] | ||
| }, | ||
| { | ||
| "OwnerId": "149977607591", | ||
| "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-0dfd21ae189ab5f62", | ||
| "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::149977607591:ipam-resource-discovery-association/ipam-res-disco-assoc-0dfd21ae189ab5f62", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0365d2977fc1672fe", | ||
| "IpamId": "ipam-005f921c17ebd5107", | ||
| "IpamArn": "arn:aws:ec2::149977607591:ipam/ipam-005f921c17ebd5107", | ||
| "IpamRegion": "us-east-1", | ||
| "IsDefault": false, | ||
| "ResourceDiscoveryStatus": "active", | ||
| "State": "create-complete", | ||
| "Tags": [] | ||
| } | ||
| ] | ||
| } | ||
|
|
||
| In this example, after running this command, you notice that you have one non-default resource discovery (``"IsDefault": false ``) that is ``"ResourceDiscoveryStatus": "not-found"`` and ``"State": "create-complete"``. The resource discovery owner's account has been closed. If, in another case, you notice that is ``"ResourceDiscoveryStatus": "not-found"`` and ``"State": "associate-complete"``, this indicates that one of the following has happened: | ||
|
|
||
| * The resource discovery was deleted by the resource discovery owner. | ||
| * The resource discovery owner unshared the resource discovery. | ||
|
|
||
| For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
21 changes: 21 additions & 0 deletions
21
awscli/examples/ec2/disable-ipam-organization-admin-account.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| **To disable the delegated IPAM admin** | ||
|
|
||
| In certain scenarios, you'll integrate IPAM with AWS Organizations. When you do that, the AWS Organizations management account delegates an AWS Organizations member account as the IPAM admin. | ||
|
|
||
| In this example, you are the AWS Organizations management account that delegated the IPAM admin account and you want to disable that account from being the IPAM admin. | ||
|
|
||
| You can use any AWS Region for ``--region`` when making this request. You don't have to use the Region where you originally delegated the admin, where the IPAM was created, or an IPAM operating Region. If you disable the delegated admin account, you can re-enable it at any time or delegate a new account as IPAM admin. | ||
|
|
||
| The following ``disable-ipam-organization-admin-account`` example disables the delegated IPAM admin in your AWS account. :: | ||
|
|
||
| aws ec2 disable-ipam-organization-admin-account \ | ||
| --delegated-admin-account-id 320805250157 \ | ||
| --region ap-south-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "Success": true | ||
| } | ||
|
|
||
| For more information, see `Integrate IPAM with accounts in an AWS Organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam.html>`__ in the *Amazon VPC IPAM User Guide*. |
28 changes: 28 additions & 0 deletions
28
awscli/examples/ec2/disassociate-ipam-resource-discovery.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| **To disassociate a resource discovery from an IPAM** | ||
|
|
||
| In this example, you are an IPAM delegated admin account and you want to disassociate an IPAM resource discovery from your IPAM. You ran the describe command and noticed that the ``"ResourceDiscoveryStatus": "not-found"`` and you want to disassociate it from your IPAM to make room for other associations. | ||
|
|
||
| The following ``disassociate-ipam-resource-discovery`` example disassociates an IPAM resource discovery in your AWS account. :: | ||
|
|
||
| aws ec2 disassociate-ipam-resource-discovery \ | ||
| --ipam-resource-discovery-association-id ipam-res-disco-assoc-04382a6346357cf82 \ | ||
| --region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamResourceDiscoveryAssociation": { | ||
| "OwnerId": "320805250157", | ||
| "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-04382a6346357cf82", | ||
| "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::320805250157:ipam-resource-discovery-association/ipam-res-disco-assoc-04382a6346357cf82", | ||
| "IpamResourceDiscoveryId": "ipam-res-disco-0365d2977fc1672fe", | ||
| "IpamId": "ipam-005f921c17ebd5107", | ||
| "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", | ||
| "IpamRegion": "us-east-1", | ||
| "IsDefault": false, | ||
| "ResourceDiscoveryStatus": "not-found", | ||
| "State": "disassociate-in-progress" | ||
| } | ||
| } | ||
|
|
||
| For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| **To view the accounts discovered by an IPAM** | ||
|
|
||
| In this scenario, you're a IPAM delegated admin who wants to view the AWS accounts that own resources that the IPAM is discovering. | ||
|
|
||
| The ``--discovery-region`` is the IPAM operating Region you want to view the monitored account statuses in. For example, if you have three IPAM operating Regions, you may want to make this request three times to view the timestamps specific to discovery in each of those particular Regions. | ||
|
|
||
| The following ``get-ipam-discovered-accounts`` example lists the AWS accounts that own resources that the IPAM is discovering. :: | ||
|
|
||
| aws ec2 get-ipam-discovered-accounts \ | ||
| --ipam-resource-discovery-id ipam-res-disco-0365d2977fc1672fe \ | ||
| --discovery-region us-east-1 | ||
|
|
||
| Output:: | ||
|
|
||
| { | ||
| "IpamDiscoveredAccounts": [ | ||
| { | ||
| "AccountId": "149977607591", | ||
| "DiscoveryRegion": "us-east-1", | ||
| "LastAttemptedDiscoveryTime": "2024-02-09T19:04:31.379000+00:00", | ||
| "LastSuccessfulDiscoveryTime": "2024-02-09T19:04:31.379000+00:00" | ||
| } | ||
| ] | ||
| } | ||
|
|
||
| For more information, see `Integrate IPAM with accounts outside of your organization <https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam-outside-org.html>`__ in the *Amazon VPC IPAM User Guide*. |
Oops, something went wrong.