Detecting Amazon Linux 2 Across All AWS Regions

When an EC2 instance boots, it broadcasts its kernel version and OS version to the system console. This metadata serves as a reliable way to identify the operating system. I have developed a script that leverages the AWS CloudShell and the Instance Console Output to read the boot logs just like a human would to confirm the operating system without needing SSH access or pre-installed agents on the target machines.

• Multi-Region Orchestration: Automatically iterates through every region in AWS account.
• Detection Logic: Using nested regular expression logic to differentiate between Amazon Linux 2, the newer Amazon Linux 2023, and other distributions like RHEL, Ubuntu, or SUSE. Note: If no identifying pattern are found in the console logs, the script flags the instance as "cannot determine" for manual review.
• Easy Execution: Designed for AWS CloudShell, the script inherits your existing console permissions, eliminating the need for manual aws configure or credential management. The script can be also executed using AWS CLI. Tested on AWS CloudShell and macOS Terminal.

To execute this script, ensure your IAM identity (user/role) has the following permissions:

• ec2:DescribeRegions
• ec2:DescribeInstances
• ec2:GetConsoleOutput

Note: To run the script in CloudShell ensure your IAM identity has required permissions or have managed policy AWSCloudShellFullAccess.

Users can simply upload the script to the CloudShell environment, perform chmod +x AL2_Detection.sh and run it using the command ./AL2_Detection.sh . The script logic can also be customized to achieve various use cases like pipe results into a file for migration tracking. This script retrieves the console output for all instances, which might remain available even after an instance is stopped.

#!/bin/bash

# Initialize counters for the summary report
TOTAL_AL2=0
TOTAL_NOT_AL2=0
TOTAL_UNKNOWN=0

# Get a list of all enabled regions
REGIONS=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text)

for REGION in $REGIONS; do
    echo "--- Region: $REGION ---"
    
    # Get all instance IDs in the current region
    INSTANCES=$(aws ec2 describe-instances --region "$REGION" --query "Reservations[].Instances[].InstanceId" --output text)
    
    if [ -z "$INSTANCES" ]; then
        echo "no instance found"
        continue
    fi
    
    for INSTANCE_ID in $INSTANCES; do
        echo -n "Instance $INSTANCE_ID: "
        
        # Capture console output
        OUTPUT=$(aws ec2 get-console-output --region "$REGION" --instance-id "$INSTANCE_ID" --query "Output" --output text)
        
        if [ -z "$OUTPUT" ] || [ "$OUTPUT" == "None" ]; then
            echo "cannot determine (Empty output)"
            ((TOTAL_UNKNOWN++))
            continue
        fi

        # NESTED LOGIC: Handle Amazon Linux branding overlap
        if echo "$OUTPUT" | grep -qiE "Amazon Linux|\.amzn"; then
            
            # Sub-check: Is it actually AL2023?
            if echo "$OUTPUT" | grep -qiE "Amazon Linux 2023|\.amzn2023"; then
                echo "NOT running Amazon Linux 2 (Detected AL2023)"
                ((TOTAL_NOT_AL2++))
            
            # Sub-check: Confirm it is indeed AL2
            elif echo "$OUTPUT" | grep -qiE "Amazon Linux 2|\.amzn2\."; then
                echo "RUNNING Amazon Linux 2"
                ((TOTAL_AL2++))
            
            else
                echo "cannot determine (Generic Amazon Linux string)"
                ((TOTAL_UNKNOWN++))
            fi

        # Check for other known Operating Systems
        elif echo "$OUTPUT" | grep -qiE "Red Hat|Enterprise Linux|\.el[0-9]|Ubuntu|Debian|CentOS|Fedora|SLES|SUSE"; then
            echo "NOT running Amazon Linux 2"
            ((TOTAL_NOT_AL2++))
            
        # Fallback for everything else
        else
            echo "cannot determine the operating system"
            ((TOTAL_UNKNOWN++))
        fi
    done
done

# Output the final report
echo -e "\n"
echo "========================================"
echo "      AL2 EOL MIGRATION SUMMARY         "
echo "========================================"
echo "Total AL2 Instances (Action Required): $TOTAL_AL2"
echo "Total Non-AL2 Instances (Safe):        $TOTAL_NOT_AL2"
echo "Total Unknown (Needs Review):          $TOTAL_UNKNOWN"
echo "========================================"

Limitations:

• Console output is limited to the most recent 64 KB of output and may not be available for all instance types or states.
• Instances that have never been started will not have console output.
• Windows instances will not match Linux OS patterns and will be flagged as "cannot determine."

References:

• Amazon EC2 GetConsoleOutput API
• Amazon Linux 2 FAQs
• AWS CloudShell User Guide
• EC2 DescribeRegions API