get a list of instances on ec2 without termination protection?
Solution 1:
It looks to me from the docs and my testing that you are looking for:
#aws ec2 describe-instance-attribute --instance-id <instanceid> --attribute disableApiTermination
This returns
<instanceid>
DISABLEAPITERMINATION True
If termination protection is on. The documentation states, "If the value is true, you can't terminate the instance through the Amazon EC2 console, CLI, or API; otherwise, you can."
And you can modify the parameter with modify-instance-attribute. So...
#aws ec2 modify-instance-attribute --no-disable-api-termination --instance-id <instanceid>
or
#aws ec2 modify-instance-attribute --disable-api-termination --instance-id <instanceid>
Solution 2:
Here's a script that will list the termination protection for all instances in all regions. It requires the AWS CLI to be installed and in the $PATH:
#!/bin/bash
for region in $(aws ec2 describe-regions | grep RegionName | cut -d '"' -f 4 | sort); do
echo $region
for instance in $(aws ec2 describe-instances --region $region | grep InstanceId | cut -d '"' -f 4 | sort); do
echo -n $instance
aws ec2 describe-instance-attribute --region $region --instance-id $instance --attribute disableApiTermination | grep Value | cut -d : -f 2
done
done
If you're just working on one region, and the CLI is already configured for that region, you can simplify it and speed it up a bit:
#!/bin/bash
for instance in $(aws ec2 describe-instances | grep InstanceId | cut -d '"' -f 4 | sort); do
echo -n $instance
aws ec2 describe-instance-attribute --instance-id $instance --attribute disableApiTermination | grep Value | cut -d : -f 2
done
Sample output from the 2nd script showing two instances, one without termination protection and one with:
i-0123456789abcdef0 false
i-0123456789abcdef1 true