Health uses invalid endpoints when region is set about aws-cli HOT 2 OPEN

Hi @bryanhiestand, thanks for reaching out. This behavior makes sense; AWS Health only has two endpoints as you mentioned, and you should make requests to those endpoints. What behavior were you anticipating in the event of a request being sent to an endpoint that isn't supported?

Hi @RyanFitzSimmonsAK, thank you for taking a look!

I agree that it's a bit silly to expect aws health describe-events --region nope to work, and I would expect passing an invalid --endpoint-url to break things.

Since Health appears to be a global service, I would actually expect to not have to specify a region, similar to the way IAM works. So I would expect to be able to have the AWS_DEFAULT_REGION environment variable set and still be able to access health. I would also expect to be able to access health while having region environment variables set or after defining a non-us-east region in aws configure.

This isn't quite what I am trying to do, but perhaps this untested script will illustrate what I am getting at. If one wanted to see if any of their instances tagged environment=production had health events, they might try a script like this, running it with the AWS_REGION environment variable for each of their regions:

# List EC2 instances tagged with "environment=production"
INSTANCE_IDS=$(aws ec2 describe-instances  --filter "Name=tag:environment,Values=production" --query 'Reservations[*].Instances[*].[InstanceId]' --output json | jq -r '.[][]')

# Get all upcoming AWS health events
EVENTS=$(aws health describe-events --filter eventStatusCodes=upcoming,eventTypeCodes=AWS_EC2_INSTANCE_MAINTENANCE_SCHEDULED --query 'events[*].arn' --output json | jq -r '.[]')

for event in $EVENTS
do
  # Get details for each event
  EVENT_DETAILS=$(aws health describe-event-details --filter eventArns=$event --query 'successfulSet[*].eventDescription.latestDescription' --output text)

  for id in $INSTANCE_IDS
  do
    # Check if the event details contain the instance ID
    if echo "$EVENT_DETAILS" | grep -q "$id"; then
      echo "Scheduled events for instance $id: $EVENT_DETAILS"
    fi
  done
done

However, the above will only work in us-east-1 or us-east-2. For any other region, we must override the region only when calling health. This seems like either a burdensome design or a bug:

export AWS_REGION=us-west-2
# List EC2 instances tagged with "environment=production"
INSTANCE_IDS=$(aws ec2 describe-instances  --filter "Name=tag:environment,Values=production" --query 'Reservations[*].Instances[*].[InstanceId]' --output json | jq -r '.[][]')

# some more regional commands

# Health is only available in us-east-1
aws health describe-event-details --region us-east-1 ...

With IAM, this would not be required:

export AWS_REGION='us-west-2'

# Get all IAM instance profiles
ALL_ROLES=$(aws iam list-instance-profiles --query 'InstanceProfiles[*].Roles[*].RoleName' --output json | jq -r '.[][]')

# Get roles used by EC2 instances in the specified region
USED_ROLES=$(aws ec2 describe-instances --query 'Reservations[*].Instances[*].IamInstanceProfile.Arn' --output json | jq -r '.[][]' | awk -F '/' '{print $2}')

I hope this helps clarify. Thanks again for looking.

from aws-cli.

Hi @bryanhiestand, thanks for reaching out. This behavior makes sense; AWS Health only has two endpoints as you mentioned, and you should make requests to those endpoints. What behavior were you anticipating in the event of a request being sent to an endpoint that isn't supported?

from aws-cli.