Add instance-stop-protection functions

rnhurt · rnhurt · commit 8b80bc3f1ea7 · 2022-08-10T03:16:12.000-04:00
On May 24,2022 AWS announced the ability to protect instances from unintentional stop actions[0]. This PR adds that ability to bash-my-aws. [0]https://aws.amazon.com/about-aws/whats-new/2022/05/amazon-ec2-enables-protect-instances-unintentional-stop-actions/
diff --git a/aliases b/aliases
@@ -84,6 +84,9 @@ alias instance-stack='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stack'
 alias instance-start='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-start'
 alias instance-state='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-state'
 alias instance-stop='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stop'
+alias instance-stop-protection='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stop-protection'
+alias instance-stop-protection-disable='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stop-protection-disable'
+alias instance-stop-protection-enable='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stop-protection-enable'
 alias instance-tags='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-tags'
 alias instance-terminate='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-terminate'
 alias instance-termination-protection='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-termination-protection'
diff --git a/bash_completion.sh b/bash_completion.sh
@@ -180,6 +180,9 @@ complete -F _bma_instances_completion instance-stack
 complete -F _bma_instances_completion instance-start
 complete -F _bma_instances_completion instance-state
 complete -F _bma_instances_completion instance-stop
+complete -F _bma_instances_completion instance-stop-protection
+complete -F _bma_instances_completion instance-stop-protection-disable
+complete -F _bma_instances_completion instance-stop-protection-enable
 complete -F _bma_instances_completion instance-tags
 complete -F _bma_instances_completion instance-terminate
 complete -F _bma_instances_completion instance-termination-protection
diff --git a/docs/command-reference.md b/docs/command-reference.md
@@ -652,6 +652,33 @@ Stop EC2 Instance(s)
     i-5d74753e210bfe04d  PreviousState=running  CurrentState=stopping
 
 
+### instance-stop-protection
+
+List current state of stop Protection for EC2 Instance(s)
+
+    USAGE: instance-stop-protection instance-id [instance-id]
+
+    $ instances | instance-stop-protection
+    i-4e15ece1de1a3f869 DisableApiStop=true
+    i-89cefa9403373d7a5 DisableApiStop=false
+    i-806d8f1592e2a2efd DisableApiStop=false
+    i-61e86ac6be1e2c193 DisableApiStop=false
+
+
+### instance-stop-protection-disable
+
+Disable EC2 Instance stop protection
+
+    USAGE: instance-stop-protection-disable instance-id [instance-id]
+
+
+### instance-stop-protection-enable
+
+Enable EC2 Instance stop protection
+
+    USAGE: instance-stop-protection-enable instance-id [instance-id]
+
+
 ### instance-tags
 
 List tags applied EC2 Instance(s)
diff --git a/lib/instance-functions b/lib/instance-functions
@@ -423,6 +423,91 @@ instance-stop() {
 }
 
 
+instance-stop-protection() {
+
+  # List current state of Stop Protection for EC2 Instance(s)
+  #
+  #     USAGE: instance-stop-protection instance-id [instance-id]
+  #
+  #     $ instances | instance-termination-protection
+  #     i-4e15ece1de1a3f869 DisableApiStop=true
+  #     i-89cefa9403373d7a5 DisableApiStop=false
+  #     i-806d8f1592e2a2efd DisableApiStop=false
+  #     i-61e86ac6be1e2c193 DisableApiStop=false
+
+  local instance_ids=$(skim-stdin "$@")
+  [[ -z $instance_ids ]] && __bma_usage "instance-id [instance-id]" && return 1
+
+  for instance_id in $instance_ids; do
+    aws ec2 describe-instance-attribute \
+      --attribute disableApiStop        \
+      --instance-id "$instance_id"      \
+      --output text                     \
+      --query "[
+        InstanceId,
+        join('=', [
+          'DisableApiStop',
+          to_string(DisableApiStop.Value)
+        ])
+      ]"
+  done
+}
+
+
+instance-stop-protection-disable() {
+
+  # Disable EC2 Instance stop protection
+  #
+  #     USAGE: instance-stop-protection-disable instance-id [instance-id]
+
+  local instance_ids=$(skim-stdin "$@")
+  [[ -z $instance_ids ]] && __bma_usage "instance-id [instance-id]" && return 1
+
+  echo "You are about to disable stop protection on the following instances:"
+  echo "$instance_ids" | tr ' ' "\n" | instances
+  [ -t 0 ] || exec </dev/tty # reattach keyboard to STDIN
+  local regex_yes="^[Yy]$"
+  read -p "Are you sure you want to continue? " -n 1 -r
+  echo
+  if [[ $REPLY =~ $regex_yes ]]
+  then
+    for instance_id in $instance_ids; do
+      aws ec2 modify-instance-attribute   \
+        --attribute disableApiStop        \
+        --value false                     \
+        --instance-id "$instance_id"
+    done
+  fi
+}
+
+
+instance-stop-protection-enable() {
+
+  # Enable EC2 Instance stop protection
+  #
+  #     USAGE: instance-stop-protection-enable instance-id [instance-id]
+
+  local instance_ids=$(skim-stdin "$@")
+  [[ -z $instance_ids ]] && __bma_usage "instance-id [instance-id]" && return 1
+
+  echo "You are about to enable stop protection on the following instances:"
+  echo "$instance_ids" | tr ' ' "\n" | instances
+  [ -t 0 ] || exec </dev/tty # reattach keyboard to STDIN
+  local regex_yes="^[Yy]$"
+  read -p "Are you sure you want to continue? " -n 1 -r
+  echo
+  if [[ $REPLY =~ $regex_yes ]]
+  then
+    for instance_id in $instance_ids; do
+      aws ec2 modify-instance-attribute   \
+        --attribute disableApiStop        \
+        --value true                      \
+        --instance-id "$instance_id"
+    done
+  fi
+}
+
+
 instance-tags() {
 
   # List tags applied EC2 Instance(s)
