Load EC2 Tags as Environment Variables in sixty seconds or less

Have you ever wanted to control your EC2 environment variables from AWS console? Well in a weird way you can. With a little scripting, you can load your EC2 tags as environment variables. This makes it pretty easy to control the configuration of your EC2 instance and the applications used.

The goal is to take all the tag name/value pairs and create export statements to load them as environment variables. So a tag with a name of "Environment" and value of "dev", would be parsed and made into

export Environement=dev

With the following script you can read in all of your EC2 tags and export them as environment variables automagically!

NOTE: Your EC2 instance will need the correct permissions to read the tags, so be sure to add the permissions to the role bound to your EC2. See the permissions required in the script.

#!/bin/bash -ex

################################################################################################################################
# Requirements

# AWS Permissions
# {
#   "Version": "2012-10-17",
#   "Statement": [
#     {    
#       "Effect": "Allow",
#       "Action": [ "ec2:DescribeTags"],
#       "Resource": ["*"]
#     }
#   ]
# }




################################################################################################################################
# log this process to /var/log/user-data.log
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1

################################################################################################################################
# package manager update
sudo yum update -y
# / package manager update
################################################################################################################################


################################################################################################################################
# load tags as environment variables
sudo yum install -y jq

# add boot script which loads environment variables for all users
cat > /etc/profile.d/export_instance_tags.sh << 'EOF'
#!/bin/bash
# fetch instance info
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

# export instance tags
export_statement=$(aws ec2 describe-tags --region "$REGION" \
                        --filters "Name=resource-id,Values=$INSTANCE_ID" \
                        --query 'Tags[?!contains(Key, `:`)].[Key,Value]' \
                        --output text | \
                        sed -E 's/^([^\s\t]+)[\s\t]+([^\n]+)$/export \1="\2"/g')
eval $export_statement



EOF

# run the script
sudo chmod +x /etc/profile.d/export_instance_tags.sh

# reload the profile so that the environment variables are available here
source ~/.bash_profile


# / load tags as environment variables
################################################################################################################################

This script worked fine (at first), however, I had some issues when there were spaces in the value field. It essentially only grabbed the value up to the first space. For example, a tag with the name of "Company" value of "Geek Cafe" would create an export of:

export Company=Geek

That's not the desired outcome.

So I modified the script to use awk. I'll be the first to admit that I'm not an awk expert, so if you see a better way to do this please let me know.

#####################################################################################################################################################
# scripts to export EC2 instance tags to environment variables

# using jq for parsing
sudo yum install -y jq

# add boot script which loads environment variables
cat > /etc/profile.d/export_instance_tags.sh << 'EOF'
#!/bin/bash
# fetch instance info
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
# export instance tags
export_statement=$(aws ec2 describe-tags --region "$REGION" \
                        --filters "Name=resource-id,Values=$INSTANCE_ID" \
                        --query 'Tags[?!contains(Key, `:`)].[Key,Value]' \
                        --output text | \
                        awk  '{ 
                              x=""
                              for(i=1;i<=NF;i++) { 
                                if(i==1) {
                                  x="export " toupper($i)"=""\"";
                                }else {
                                  # add the space
                                  if(i>2) x=x" ";
                                  x=x$i;
                                } 
                                # close it off and print it
                                if(i==NF) { x=x"\""; print x; }      
                              }; 
                          }' 
                        )
eval $export_statement
# export instance info
export INSTANCE_ID
export REGION
EOF



# run the script
sudo chmod +x /etc/profile.d/export_instance_tags.sh

# reload the profile so that the environment variables are available here
source ~/.bash_profile

# test it with some known tag names
echo "Environment: ${ENVIRONMENT}"
echo "Bucket Name: ${BUCKET_NAME}"
echo "Project: ${PROJECT}"

# / scripts to export EC2 instance tags to environment variables
#####################################################################################################################################################

Image Credit Wengang Zhai on Unsplash