aws-cli should set default region to EC2 instance region #486
Recently we provisioned an EC2 instance with the aws-cli installed that is using IAM roles. We forgot to set the AWS_DEFAULT_REGION environment variable and got an error stating that the default region was not specified.
I am proposing that aws-cli should be able to assume the given region of the EC2 instance. This would eliminate one step of adding the environment variable to the system. If the aws-cli needs to talk to a different region, it can always use a different profile or override the region.
I am sure there are implications to this that need to be thought about.
It seems to me that this would require aws-cli to query every region out there to find the specified instance id. This would be slower and more expensive. Plus, instance-ids are not guaranteed to be unique between regions, so there is an (admittedly small) risk that the wrong instance could be acted on.
It is completely standard with most AWS services to have to pick which region you want to interact with and I'm not sure this should be hidden in the cli.
As @jamesls has found, we can get the region itself from the instance metadata:
So, we can discover the region in which an EC2 instance is running quickly and efficiently.
If a customer ran
However, what if they are using an IAM Role rather than traditional credentials. In this case they probably wouldn't run
I misread the original question. I was thinking that an "aws ec2 ... --instance-ids X" command was being run outside of EC2 and there was an expectation that the command should find the region for the specified instance before operating on it.
Now I see the question is really about running aws-cli inside an EC2 instance which has an IAM role.
+1 for defaulting the aws-cli region to the region of the current instance running aws-cli if IAM roles are being used.
This is going to correctly reduce work for the vast majority of IAM role users and is easy to override for anybody who wants a different behavior (which they would have had to do anyway even without a default).
The only other possible options are defaulting to "us-east-1" (almost certainly not what they wanted) and an error message.
Anybody who is using multiple regions should be used to specifying --region or configuring aws-cli with a region.
This is a great idea. If it's an instance and then the region is easily accessible by the metadata. If the host has something to stop access to the metadata (eg host firewall) then it can just fail as it does now. It would remove one step from my bootstrap process which currently sets the default region based on the metadata.
1 similar comment
2 similar comments
2 similar comments
This still isn't a thing? Its super annoying....
I currently get around it by:
It would be so useful to have it default to the region that the instance is spawned in...
1 similar comment
We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.
This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.
We’ve imported existing feature requests from GitHub - Search for this issue there!
And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs.
Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface
-The AWS SDKs & Tools Team
This entry can specifically be found on UserVoice at: https://aws.uservoice.com/forums/598381-aws-command-line-interface/suggestions/33168346-aws-cli-should-set-default-region-to-ec2-instance
referenced this issue
Aug 10, 2018
Upvote for this feature request.
I have a case when instances in China (cn-north-1) using IAM Roles fail to query a s3 bucket just because the region is not specified. Meanwhile instances in Ireland (eu-west-1) with the same IAM Role can run the same command without errors.
The error is:
The EC2 Instance, the IAM Role and their association to one another is performed by terraform, so there are no disparities in privileges.
When I run
And to finish, if I run