Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Find EC2 Instances That Are Missing Tags

DZone's Guide to

How to Find EC2 Instances That Are Missing Tags

jq is a lightweight and flexible command-line JSON processor. Yeah, I know..another third-party tool. However, it is well worth it.

· DevOps Zone ·
Free Resource

DevOps involves integrating development, testing, deployment and release cycles into a collaborative process. Learn more about the 4 steps to an effective DevSecOps infrastructure.

The team here was trying to align AWS resources for billing by using tags. Seems easy enough. However, we were having issues trying to figure out which EC2 instances were not tagged. We also wanted to find EC2 instances that are missing a ROLE tag. We searched high and low and found that several people needed a solution. We tried to cobble something together with the AWS CLI and then Ansible. We could not come up with a viable solution. So, we did what any could DevOps team should do: We opened a ticket with AWS Support.

The response from AWS came quickly and succinctly. Here is what we came up with after their input.

Display instances that have no tags:

aws ec2 describe-instances --query "Reservations[].Instances[].[InstanceId, Tags]" --output text | grep None | awk '{print $1}'

Display instances that are missing a specific tag (defined by key):

aws ec2 describe-instances --query "Reservations[].Instances[].{ID: InstanceId, Tag: Tags[].Key}" --output text | grep -v ROLE

Voila! Problem solved, right? Not quite. We noticed that the output formats are very different based on region.

In eu-central-1, we are seeing instances in this format:

i-cd5ade70  
TAG    Name  
TAG    OWNER  
TAG    SYSTEM  

Inus-east-1, we are seeing instances in this format:

i-0d879e60cb5053af3 ['aws:autoscaling:groupName', 'Name']

We are thinking that the API versions in each region were different but aren't positive. How did we fix this? We needed a consistent format and we landed on JSON. However, now we have a screen full of JSON that while consistently formatted isn't easily editable.

Enter jq. jq is a lightweight and flexible command-line JSON processor.

Yeah, I know..another third-party tool. However, when all you have to do is pipe the AWS command to jq -c '.[]' to get a grep -v-able output, it is well worth it.

aws ec2 describe-instances --query "Reservations[].Instances[].{ID: InstanceId, Tag: Tags[].Key}" --output json | jq -c '.[]' | grep -v ROLE  

jq is available from Brew, Epel, and the jq website.

Read the 4-part DevOps testing eBook to learn how to detect problems earlier in your DevOps testing processes.

Topics:
cli ,aws ,ec2 ,devops ,jq

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}