-->

Tuesday, August 19, 2014

Switch your EC2 instance from command line with python and BOTO

First thing first: security. Even before starting messing around with your AWS credentials make yourself sure to get the required precautions.

You dont want to wake up and find that someone has launched 60 c3.x8 servers across 5 regions using the credentials that you left in a backed up directory...

First thing create a user if you dont have yet:  go in the IAM console, create new user and that's it ..

Then the more interesting part: associate a user policy to that user. This will limit the amount of messing that the user can do into your AWS account.


  1. click on the user -> in users policies -> click on "Attach User Policy"
  2. Click on custom policy generator
  3. give your policy a name (e.g. 'my-restricted-policy')
  4. copy and paste the following policy 
{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances", "ec2:DescribeImages",
        "ec2:DescribeAvailabilityZones",
        "ec2:StopInstances", "ec2:StartInstances"
      ],
      "Resource": "*"
    }
   ]
}

You are almost done: you just need to generate your security credentials for the user with the limited policy generator. 

So click on the user -> select Security Credentials, click on Manage Access Keys and then Create access key. 

At this point you should have something that looks like the following

aws_access_key_id        = 'DSFSDFSDFWEFEWF'
aws_secret_access_key  = 'ldfjjs8wnoliencdnscdmsfkmsdkfml32'


First part is done, now a few more lines of python and that 's it : 
import boto.ec2


name_of_the_instance = 'put-here-the-name-of-your-instance'
name_of_the_region ='put-here-the-name-of-the-region-where-the-machine-is-located-eg-eu-west-1' 

# access key only for on / off
aws_access_key_id_     = 'DSFSDFSDFWEFEWF'
aws_secret_access_key_ = 'ldfjjs8wnoliencdnscdmsfkmsdkfml32'


conn = boto.ec2.connect_to_region(region_name, 
                                  aws_access_key_id     = aws_access_key_id_,
                                  aws_secret_access_key = aws_secret_access_key_ )

inst = conn.get_all_instances(filters={'tag:Name': name_of_the_instance})[0].instances[0]
print inst.stop()

No comments:

Post a Comment