First of all I know the description from the vendor (WatchGuard in this case) of the particular AMI I am seeking (for a WatchGuard Firebox Cloud). The AMI starts with "firebox*". I can query for "firebox*" however the issue would be if someone else published an AMI with a similar name and I accidentally used an AMI that was not actually from the vendor whose AMI I was trying to use. In the past this issue existed on Amazon where people published AMIs with names similar to reputable AMIs to confuse new users as to which AMI they should actually use.
To ensure I am using an AMI that is actually from WatchGuard I can query the AMIs I know are from WatchGuard for the "Owner ID" like this:
aws ec2 describe-images --filters "Name=description,Values=firebox*" | grep Owner
I will get back a list something like this:
"ImageOwnerAlias": "aws-marketplace",
"OwnerId": "679593333241",
"ImageOwnerAlias": "aws-marketplace",
"OwnerId": "679593333241",
"ImageOwnerAlias": "aws-marketplace",
"OwnerId": "679593333241",
"ImageOwnerAlias": "aws-marketplace",
"OwnerId": "679593333241",
"ImageOwnerAlias": "aws-marketplace",
"OwnerId": "679593333241",
aws ec2 describe-images --filters "Name=description,Values=firebox*" --owners 679593333241
Oh but wait....The ImageOwnerAlias is "aws-marketplace". Does that ID truly only relate to WatchGuard AMIs? Let's query without the description. This query takes quite a while to execute:
aws ec2 describe-images --filters "Name=description,Values=firebox*" --owners 679593333241
Unfortunately this pulls back everything in the AWS Marketplace, not just my WatchGuard AMIs. Will put in a feature request to see if this can be fixed somehow. In the end, I think this is the best I can do to get the latest Firebox AMI but asking AWS support to see if they have a better answer.
amidesc=$(aws ec2 describe-images --filters "Name=description,Values=firebox*" --owners 679593333241 | grep "Description" | grep "pay" | sort -r | grep -m1 -v "rc" | cut -d ":" -f 2 | sed -e 's/^[[:space:]]*//')
imageid=$(aws ec2 describe-images --owners 679593333241 --filters "Name=description,Values=$amidesc" | grep ImageId | cut -d ":" -f 2 | sed -e 's/^[[:space:]]*//')
echo $imageid
Using the above script I can get a list of the available WatchGuard AMIs in my account and region and ask the user to select one, which will be used in the subsequent script:
aws ec2 describe-images --filters "Name=description,Values=firebox*" --owners 679593333241
Unfortunately this pulls back everything in the AWS Marketplace, not just my WatchGuard AMIs. Will put in a feature request to see if this can be fixed somehow. In the end, I think this is the best I can do to get the latest Firebox AMI but asking AWS support to see if they have a better answer.
amidesc=$(aws ec2 describe-images --filters "Name=description,Values=firebox*" --owners 679593333241 | grep "Description" | grep "pay" | sort -r | grep -m1 -v "rc" | cut -d ":" -f 2 | sed -e 's/^[[:space:]]*//')
imageid=$(aws ec2 describe-images --owners 679593333241 --filters "Name=description,Values=$amidesc" | grep ImageId | cut -d ":" -f 2 | sed -e 's/^[[:space:]]*//')
echo $imageid
Using the above script I can get a list of the available WatchGuard AMIs in my account and region and ask the user to select one, which will be used in the subsequent script:
You can see this code in action in the following file: