venkatesh gunda:
Hii, I want to update the EC2 tag metadata to enable state in multiple EC2 accounts. I need to create jenkins pipeline to do this task .Can anyone guide me to do this ?
Michael Forrester:
venkatesh, you probably want to create a series of steps in your pipeline using shell scripting or some other program code to pull down a list of untagged resources and then tag them.
Since you are using multiple accounts you may need to create an IAM Role in each account with tagging permissions to EC2 and then a service account/IAM user with credentials for the Jenkins instance depending on where it lives (in cloud or in a datacenter outside of cloud). You would then have the Jenkins instance assume a Role inside the other accounts when running the “aws ec2 create-tags xxxx” command. Some things that may help. https://repost.aws/knowledge-center/iam-assume-role-cli
venkatesh gunda:
I don’t want to create new tags. I just want to enable the allow tags metadata
Michael Forrester:
Venkatesh… sorry missed that important key word…https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS
Michael Forrester:
i.e. this section Work with instance tags in instance metadata
You can access an instance’s tags from the instance metadata. By accessing tags from the instance metadata, you no longer need to use the DescribeInstances or DescribeTags API calls to retrieve tag information, which reduces your API transactions per second, and lets your tag retrievals scale with the number of instances that you control. Furthermore, local processes that are running on an instance can view the instance’s tag information directly from the instance metadata.
By default, tags are not available from the instance metadata; you must explicitly allow access. You can allow access at instance launch, or after launch on a running or stopped instance. You can also allow access to tags by specifying this in a launch template. Instances that are launched by using the template allow access to tags in the instance metadata.
If you add or remove an instance tag, the instance metadata is updated while the instance is running for <Instance types - Amazon Elastic Compute Cloud built on the Nitro System>, without needing to stop and then start the instance. For all other instances, to update the tags in the instance metadata, you must stop and then start the instance.
Michael Forrester:
aws ec2 modify-instance-metadata-options
–instance-id i-123456789example
–instance-metadata-tags enabled