By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/How to get value of the disableApiStop (stop protection) instance attribute via the AWS API/CLI/boto3?/

How to get value of the disableApiStop (stop protection) instance attribute via the AWS API/CLI/boto3?

0

Status of instance stop protection can be viewed via the AWS web console but attempting to describe-instance-attribute --attribute disableApiStop on an instance does not return the current value of this attribute. The call does not fail but the value is not returned.

In the CLI documenation this attribute is listed in the possible values under Options but not in the valid values under Description. It is a similar case in the API documentation

Is this intentional?

How is it recommended to gather this value. As far as I can tell it can't be gathered through describe-instances either.

Topics
Management & GovernanceCompute
Tags
AWS Command Line InterfaceAmazon EC2Compute
AWS-User-1977876
asked 2 months ago29 views
2 Answers
0

Hey there, I see that you are having issues getting the value of the disableApiStop.

 From what I have read you mention that the call does not fail but the value is not returned.
I tested the scenario and from what I gathered from running two commands one after the other is that the first command worked and the second did not fail but the describe value was not returned, which is similar to what you got. 

Trying to troubleshoot the issue I found a possible reason for this is Eventual consistency, this means that the command you run (initially) that affects your EC2 resources might not be immediately visible to commands you run after running the initial command. Happens when running commands directly after each other.

With that being said your environment could have also been affected by Eventual Consistency.
I have added in the references a link on Eventual Consistency and how to best manage it [1]. To add can it be possible that you did not add

aws ec2

(e.g

aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute blockDeviceMapping

) in front of the command ?

You can reach out to AWS Premium Support if you are encountering further issues and to help troubleshoot your issue in detail [2].

References :

[1] https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency

[2] https://aws.amazon.com/premiumsupport/knowledge-center/

Antonio
answered 2 months ago
  • AWS-User-1977876 2 months ago

    Hi Antonio, thank you for your comment.

    I tested the scenario and from what I gathered from running two commands one after the other is that the first command worked and the second did not fail but the describe value was not returned

    Did you run both commands against the same instance? Did you specifically check for disableApiStop? describe-instance-attribute appears to work for all other values. I have attempted to repeatedly run the command against a large collection of instances with no luck.

    With that being said your environment could have also been affected by Eventual Consistency.

    Whilst this is possible, I am talking about instances that have been up for months, and no changes have been made. I find this unlikely.

    To add can it be possible that you did not add aws ec2 in front of the command?

    The full command I have been using is the following aws ec2 describe-instance-attribute --attribute disableApiStop --instance-id i-xxxxx. As an aside, I have also tested the API via some SDKs including Boto3.

0

To anyone reading this who has a similar problem, I suggest trying to stop the instance and catching the error if the instance has disableApiStop enabled. You can then disable disableApiStop before stopping the instance.

AWS-User-1977876
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions