CODEWITHSUNDEEP
amazon-web-services
kamal87
kamal87

Reputation: 37

Need arn values from aws configservice

I am running

aws configservice get-compliance-details-by-config-rule --config-rule-name required-tags --compliance-types NON_COMPLIANT

with output

{
    "EvaluationResults": [
        {
            "EvaluationResultIdentifier": {
                "EvaluationResultQualifier": {
                    "ConfigRuleName": "required-tags",
                    "ResourceType": "AWS::ACM::Certificate",
                    "ResourceId": "arn:aws:acm:us-east-1:***:certificate/d9863cca-9e7b-460b-b9f8-bee23e8fb607"
                },
                "OrderingTimestamp": "2022-08-10T12:46:18.247000+05:30"
            },
            "ComplianceType": "NON_COMPLIANT",
            "ResultRecordedTime": "2022-08-10T13:12:00.037000+05:30",
            "ConfigRuleInvokedTime": "2022-08-10T13:11:59.841000+05:30"
        },
        {
            "EvaluationResultIdentifier": {
                "EvaluationResultQualifier": {
                    "ConfigRuleName": "required-tags",
                    "ResourceType": "AWS::EC2::Instance",
                    "ResourceId": "i-069c8d8c72ae8db8c"
                },
                "OrderingTimestamp": "2022-08-10T12:46:18.784000+05:30"
            },
            "ComplianceType": "NON_COMPLIANT",
            "ResultRecordedTime": "2022-08-10T13:11:54.648000+05:30",
            "ConfigRuleInvokedTime": "2022-08-10T13:11:54.449000+05:30

I need arn names of all the resources under the rule

and need to run

aws tag-resources
--resource-arn-list <value>
--tags <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

THe problem is the the aws configservice get-compliance-details-by-config-rule command doen't list the arn of the resources and i need arn of each resource to be tagged.

What can i do?

Upvotes: 0

Views: 153

Answers (1)

Mickael
Mickael

Reputation: 4558

You can construct Amazon EC2 instances ARNs using aws ec2 describe-instances command line. Please note that I used jq for that so you will need it if you want to use this method.

  1. You can aws ec2 describe-instances with a filter by instance-id. In this case the instance-id corresponds to the ResourceId in your output. It should return the all data regarding the specified instance.

Your command line should look like aws ec2 describe-instances --region eu-west-3 --instance-id i-abd123.

  1. Then you can format the result using jq.
aws ec2 describe-instances --region us-east-1 --instance-id i-abc123 | jq -r '.Reservations[] | .OwnerId as $OwnerId | ( .Instances[] | { "ARN": "arn:aws:ec2:\(.Placement.AvailabilityZone[:-1]):\($OwnerId):instance/\(.InstanceId)"} )' | jq -s .

The output should look like this:

[
  {
    "ARN": "arn:aws:ec2:us-east-1:***:instance/i-abc123"
  }
]

Upvotes: 1

Related Questions