New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws-cli should set default region to EC2 instance region #486

Open
mveitas opened this Issue Nov 14, 2013 · 28 comments

Comments

Projects
None yet
@mveitas

mveitas commented Nov 14, 2013

Recently we provisioned an EC2 instance with the aws-cli installed that is using IAM roles. We forgot to set the AWS_DEFAULT_REGION environment variable and got an error stating that the default region was not specified.

I am proposing that aws-cli should be able to assume the given region of the EC2 instance. This would eliminate one step of adding the environment variable to the system. If the aws-cli needs to talk to a different region, it can always use a different profile or override the region.

I am sure there are implications to this that need to be thought about.

@ehammond

This comment has been minimized.

Show comment
Hide comment
@ehammond

ehammond Nov 14, 2013

It seems to me that this would require aws-cli to query every region out there to find the specified instance id. This would be slower and more expensive. Plus, instance-ids are not guaranteed to be unique between regions, so there is an (admittedly small) risk that the wrong instance could be acted on.

It is completely standard with most AWS services to have to pick which region you want to interact with and I'm not sure this should be hidden in the cli.

ehammond commented Nov 14, 2013

It seems to me that this would require aws-cli to query every region out there to find the specified instance id. This would be slower and more expensive. Plus, instance-ids are not guaranteed to be unique between regions, so there is an (admittedly small) risk that the wrong instance could be acted on.

It is completely standard with most AWS services to have to pick which region you want to interact with and I'm not sure this should be hidden in the cli.

@mveitas

This comment has been minimized.

Show comment
Hide comment
@mveitas

mveitas Nov 15, 2013

An alternative would be to potentially look at storing the region information into the metadata server which I believe the cli uses to get some of it's information.

mveitas commented Nov 15, 2013

An alternative would be to potentially look at storing the region information into the metadata server which I believe the cli uses to get some of it's information.

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Nov 22, 2013

Contributor

As @jamesls has found, we can get the region itself from the instance metadata:

$ curl http://169.254.169.254/latest/dynamic/instance-identity/document
{
  "version" : "2010-08-31",
  "architecture" : "x86_64",
  "instanceType" : "t1.micro",
  ...
  "region" : "us-west-2",
  "availabilityZone" : "us-west-2b",
  ...
}

So, we can discover the region in which an EC2 instance is running quickly and efficiently.

If a customer ran aws configure on an EC2 instance, it would seem reasonably to offer the region in which they are currently running as the default value to place in their config file. I think this makes a lot of sense.

However, what if they are using an IAM Role rather than traditional credentials. In this case they probably wouldn't run aws configure. Should we still just automatically assume that they want to use the region of the instance as the default region? I'm not so sure about that. Sometimes it will be exactly what they want and in other situations it may be confusing.

Comments?

Contributor

garnaat commented Nov 22, 2013

As @jamesls has found, we can get the region itself from the instance metadata:

$ curl http://169.254.169.254/latest/dynamic/instance-identity/document
{
  "version" : "2010-08-31",
  "architecture" : "x86_64",
  "instanceType" : "t1.micro",
  ...
  "region" : "us-west-2",
  "availabilityZone" : "us-west-2b",
  ...
}

So, we can discover the region in which an EC2 instance is running quickly and efficiently.

If a customer ran aws configure on an EC2 instance, it would seem reasonably to offer the region in which they are currently running as the default value to place in their config file. I think this makes a lot of sense.

However, what if they are using an IAM Role rather than traditional credentials. In this case they probably wouldn't run aws configure. Should we still just automatically assume that they want to use the region of the instance as the default region? I'm not so sure about that. Sometimes it will be exactly what they want and in other situations it may be confusing.

Comments?

@ehammond

This comment has been minimized.

Show comment
Hide comment
@ehammond

ehammond Nov 22, 2013

I misread the original question. I was thinking that an "aws ec2 ... --instance-ids X" command was being run outside of EC2 and there was an expectation that the command should find the region for the specified instance before operating on it.

Now I see the question is really about running aws-cli inside an EC2 instance which has an IAM role.

+1 for defaulting the aws-cli region to the region of the current instance running aws-cli if IAM roles are being used.

This is going to correctly reduce work for the vast majority of IAM role users and is easy to override for anybody who wants a different behavior (which they would have had to do anyway even without a default).

The only other possible options are defaulting to "us-east-1" (almost certainly not what they wanted) and an error message.

Anybody who is using multiple regions should be used to specifying --region or configuring aws-cli with a region.

ehammond commented Nov 22, 2013

I misread the original question. I was thinking that an "aws ec2 ... --instance-ids X" command was being run outside of EC2 and there was an expectation that the command should find the region for the specified instance before operating on it.

Now I see the question is really about running aws-cli inside an EC2 instance which has an IAM role.

+1 for defaulting the aws-cli region to the region of the current instance running aws-cli if IAM roles are being used.

This is going to correctly reduce work for the vast majority of IAM role users and is easy to override for anybody who wants a different behavior (which they would have had to do anyway even without a default).

The only other possible options are defaulting to "us-east-1" (almost certainly not what they wanted) and an error message.

Anybody who is using multiple regions should be used to specifying --region or configuring aws-cli with a region.

@Iamrodos

This comment has been minimized.

Show comment
Hide comment
@Iamrodos

Iamrodos Nov 28, 2013

This is a great idea. If it's an instance and then the region is easily accessible by the metadata. If the host has something to stop access to the metadata (eg host firewall) then it can just fail as it does now. It would remove one step from my bootstrap process which currently sets the default region based on the metadata.

Iamrodos commented Nov 28, 2013

This is a great idea. If it's an instance and then the region is easily accessible by the metadata. If the host has something to stop access to the metadata (eg host firewall) then it can just fail as it does now. It would remove one step from my bootstrap process which currently sets the default region based on the metadata.

@mveitas

This comment has been minimized.

Show comment
Hide comment
@mveitas

mveitas Mar 17, 2014

Any updates about potentially implementing this?

mveitas commented Mar 17, 2014

Any updates about potentially implementing this?

@albertoconnor

This comment has been minimized.

Show comment
Hide comment
@albertoconnor

albertoconnor commented Jun 25, 2014

+1

@fadeddata

This comment has been minimized.

Show comment
Hide comment
@fadeddata

fadeddata commented Oct 29, 2014

+1

@shlomoswidler

This comment has been minimized.

Show comment
Hide comment
@shlomoswidler

shlomoswidler Oct 29, 2014

And aws opsworks should ignore the region specification, since it always
uses us-east-1.
On Oct 29, 2014 10:20 PM, "Dustin Withers" notifications@github.com wrote:

+1


Reply to this email directly or view it on GitHub
#486 (comment).

shlomoswidler commented Oct 29, 2014

And aws opsworks should ignore the region specification, since it always
uses us-east-1.
On Oct 29, 2014 10:20 PM, "Dustin Withers" notifications@github.com wrote:

+1


Reply to this email directly or view it on GitHub
#486 (comment).

@aalbertson

This comment has been minimized.

Show comment
Hide comment
@aalbertson

aalbertson commented Jun 23, 2015

+1

@dmulter

This comment has been minimized.

Show comment
Hide comment
@dmulter

dmulter commented Sep 1, 2015

+1

@nonbeing

This comment has been minimized.

Show comment
Hide comment
@nonbeing

nonbeing commented Nov 2, 2015

+1

@npinchot

This comment has been minimized.

Show comment
Hide comment
@npinchot

npinchot Aug 16, 2016

+1
I think this would be great, even if I had to pass a param like --use-instance-region. Right now I have to parse the region from ec2metadata and a regex and then pass it as --region.

npinchot commented Aug 16, 2016

+1
I think this would be great, even if I had to pass a param like --use-instance-region. Right now I have to parse the region from ec2metadata and a regex and then pass it as --region.

@georgealton

This comment has been minimized.

Show comment
Hide comment
@georgealton

georgealton commented Sep 6, 2016

+1

@vpal

This comment has been minimized.

Show comment
Hide comment
@vpal

vpal commented Sep 14, 2016

+1

@cosmok

This comment has been minimized.

Show comment
Hide comment
@cosmok

cosmok commented Nov 10, 2016

+1

@BradErz

This comment has been minimized.

Show comment
Hide comment
@BradErz

BradErz Nov 15, 2016

This still isn't a thing? Its super annoying....

I currently get around it by:

region=$(curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}')
echo "[default]" > /root/.aws/config
echo "region = ${region}" >> /root/.aws/config

It would be so useful to have it default to the region that the instance is spawned in...

BradErz commented Nov 15, 2016

This still isn't a thing? Its super annoying....

I currently get around it by:

region=$(curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}')
echo "[default]" > /root/.aws/config
echo "region = ${region}" >> /root/.aws/config

It would be so useful to have it default to the region that the instance is spawned in...

@WhileLoop

This comment has been minimized.

Show comment
Hide comment
@WhileLoop

WhileLoop commented Feb 15, 2017

+1

@maslakov

This comment has been minimized.

Show comment
Hide comment
@maslakov

maslakov commented Apr 4, 2017

+1

@szotrj

This comment has been minimized.

Show comment
Hide comment
@szotrj

szotrj Jun 8, 2017

+1
When using an IAM EC2 Role, I don't want to have to specify region in all my CLI commands when there is only 1 region in GovCloud (us-gov-west-1). When a second region is added, just default to the region that the instance is running in.

szotrj commented Jun 8, 2017

+1
When using an IAM EC2 Role, I don't want to have to specify region in all my CLI commands when there is only 1 region in GovCloud (us-gov-west-1). When a second region is added, just default to the region that the instance is running in.

@Daxito

This comment has been minimized.

Show comment
Hide comment
@Daxito

Daxito commented Jun 11, 2017

+1

@qwrrty

This comment has been minimized.

Show comment
Hide comment
@qwrrty

qwrrty Aug 15, 2017

Why has this not yet been implemented?

+1

qwrrty commented Aug 15, 2017

Why has this not yet been implemented?

+1

@ededdneddyfan

This comment has been minimized.

Show comment
Hide comment
@ededdneddyfan

ededdneddyfan Oct 11, 2017

+1, ran into the same issue myself trying to run something on Boto3

ededdneddyfan commented Oct 11, 2017

+1, ran into the same issue myself trying to run something on Boto3

@jaymecd

This comment has been minimized.

Show comment
Hide comment
@jaymecd

jaymecd Dec 5, 2017

any progress here? plz

jaymecd commented Dec 5, 2017

any progress here? plz

@spektom

This comment has been minimized.

Show comment
Hide comment
@spektom

spektom Dec 20, 2017

As a workaround we run the following before any aws cli command:

export AWS_DEFAULT_REGION=$(curl -m5 -sS http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/.$//')

spektom commented Dec 20, 2017

As a workaround we run the following before any aws cli command:

export AWS_DEFAULT_REGION=$(curl -m5 -sS http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/.$//')
@ASayre

This comment has been minimized.

Show comment
Hide comment
@ASayre

ASayre Feb 6, 2018

Contributor

Good Morning!

We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.

This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.

As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.

We’ve imported existing feature requests from GitHub - Search for this issue there!

And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.

GitHub will remain the channel for reporting bugs.

Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface

-The AWS SDKs & Tools Team

This entry can specifically be found on UserVoice at: https://aws.uservoice.com/forums/598381-aws-command-line-interface/suggestions/33168346-aws-cli-should-set-default-region-to-ec2-instance

Contributor

ASayre commented Feb 6, 2018

Good Morning!

We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.

This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.

As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.

We’ve imported existing feature requests from GitHub - Search for this issue there!

And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.

GitHub will remain the channel for reporting bugs.

Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface

-The AWS SDKs & Tools Team

This entry can specifically be found on UserVoice at: https://aws.uservoice.com/forums/598381-aws-command-line-interface/suggestions/33168346-aws-cli-should-set-default-region-to-ec2-instance

@ASayre ASayre closed this Feb 6, 2018

@jamesls jamesls reopened this Apr 6, 2018

@jamesls

This comment has been minimized.

Show comment
Hide comment
@jamesls

jamesls Apr 6, 2018

Member

Based on community feedback, we have decided to return feature requests to GitHub issues.

Member

jamesls commented Apr 6, 2018

Based on community feedback, we have decided to return feature requests to GitHub issues.

@georgeludwig

This comment has been minimized.

Show comment
Hide comment
@georgeludwig

georgeludwig Jun 12, 2018

All right then, +1 on the feature request, why in god's name has this not been implemented yet???

georgeludwig commented Jun 12, 2018

All right then, +1 on the feature request, why in god's name has this not been implemented yet???

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment