Krishna Ghanta Chowdary Krishna Ghanta Chowdary - 9 months ago 104
Bash Question

How to send shell script (json) output to aws sns topic?

I have a created an arn topic in AWS console, also created subscription using email and confirmed the subscription.

I have an EC2 instance running in AWS, I wrote a small script to send some details like, type of instance, Operating System used, architecture, JDK installed and formatted it to "json" using "printf" command.

I want to send that json output of the script to the topic I created. The plan is to automate the stuff in future, but for now its just a testing purpose.

Code I'm trying:

aws sns publish --topic-arn $topicARN --message-structure json --message "${json}" output:

"component": {
"component": "xyz-name",
"comp_version": "03"
"Instance": {
"Instance_Type": "t2.small",
"Instance_ID": "i-1e993001234q56789"
"operatingsystem": "rhel"
"JDK": "1.8.0_111"

But it's asking to provide AWS region and if provided complaining about credentials validity. Is a there a way to provide credentials dynamically rather setting shell to pick from ".aws/config"?

I'm planning to run it as cronjob so that the output will be sent to topic every 20 minutes.

Answer Source

From the docs:

The AWS CLI looks for credentials and configuration settings in the following order:

  • Command Line Options – region, output format and profile can be specified as command options to override default settings.
  • Environment Variables – AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.
  • The AWS credentials file – located at ~/.aws/credentials on Linux, OS X, or Unix, or at C:\Users\USERNAME \.aws\credentials on Windows. This file can contain multiple named profiles in addition to a default profile.
  • The CLI configuration file – typically located at ~/.aws/config on Linux, OS X, or Unix, or at C:\Users\USERNAME \.aws\config on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.
  • Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.

So, you can pass the credentials from the aws sns command that you invoke:

AWS_ACCESS_KEY=xUISTaZscgstTgsreTTS AWS_SECRET_KEY=8hsggTjakjst86AHGSR98agHHYI aws sns publish --topic-arn $topicARN --message-structure json --message "${json}"