How to Extract VM Configuration Details from the AWS Console
Understanding what's running inside your AWS environment is essential for auditing, troubleshooting, cost management, and infrastructure documentation. Whether you're managing a handful of EC2 instances or overseeing a complex multi-region deployment, knowing exactly where to find VM configuration details — and what those details mean — saves time and prevents costly misconfigurations.
What "VM Configuration Details" Actually Means in AWS
In AWS, virtual machines are called EC2 instances (Elastic Compute Cloud). The "configuration details" attached to any instance cover a broad range of technical attributes:
- Instance type — defines the CPU, memory, and network performance tier (e.g., t3.medium, m5.large)
- AMI ID — the Amazon Machine Image used to launch the instance, which determines the base OS and pre-installed software
- Key pair — the SSH key associated with the instance for secure access
- Security groups — firewall rules controlling inbound and outbound traffic
- IAM role — permissions attached to the instance for accessing other AWS services
- Storage (EBS volumes) — attached block storage, including volume type, size, and encryption status
- Network settings — VPC, subnet, Elastic IP, private/public IP addresses, and availability zone
- Tags — metadata labels used for cost allocation and resource organization
- User data — bootstrap scripts that ran at instance launch
Each of these is independently retrievable from the AWS Console, and understanding where each lives helps you pull exactly what you need.
Navigating to EC2 Instance Details in the AWS Console 🖥️
- Sign in to the AWS Management Console and navigate to EC2 under Services or by searching the top bar.
- In the left sidebar, click Instances under the Instances section.
- You'll see a list of all EC2 instances in the currently selected region. Use the region selector (top-right) if your target instance is in a different region.
- Click on the Instance ID of the instance you want to inspect.
This opens the instance summary page — the central hub for all configuration details.
Where Each Configuration Detail Lives
Summary Tab
The default view shows the most commonly needed details at a glance:
- Instance ID, instance state, and instance type
- Public and private IPv4 addresses
- Hostname and private DNS
- AMI ID (clickable to see the full image details)
- Key pair name
- IAM role (if assigned)
- Launch time
Security Tab
Click the Security tab to see:
- Security groups and their associated inbound/outbound rules
- The IAM instance profile with its ARN and linked role policies
- Whether IMDSv2 (Instance Metadata Service version 2) is enforced — relevant for security auditing
Networking Tab
This tab surfaces:
- VPC ID and Subnet ID
- Availability Zone
- Public and Elastic IP addresses
- Network interfaces with MAC addresses, interface IDs, and associated security groups per interface
- Source/destination check status (important for NAT instances)
Storage Tab
Under Storage, you'll find:
- All attached EBS volumes with their device names (e.g., /dev/xvda)
- Volume IDs (clickable for full volume specs including size, type, IOPS, and encryption status)
- Whether Delete on termination is enabled — a critical detail for data retention planning
Tags Tab
All resource tags are listed here — useful for tracking ownership, environment (dev/staging/prod), cost center, and project associations.
Extracting User Data (Launch Scripts)
User data isn't shown on the main instance page. To access it:
- Select the instance in the EC2 console.
- Click Actions → Instance Settings → Edit User Data.
- The field will display the script (or Base64-encoded content) that ran on first boot.
Note that while you can view user data this way, the instance must be stopped to edit it. If the instance is running, you'll see a read-only view.
Using the AWS CLI for More Precise Extraction 🔧
For bulk extraction or automation, the AWS CLI gives you structured output that's easier to parse than the console:
aws ec2 describe-instances --instance-ids i-0123456789abcdef0 This returns a full JSON object with every configuration attribute in one call. You can filter with --query to isolate specific fields:
aws ec2 describe-instances --instance-ids i-0123456789abcdef0 --query "Reservations[*].Instances[*].{Type:InstanceType,AMI:ImageId,State:State.Name}" For user data specifically:
aws ec2 describe-instance-attribute --instance-id i-0123456789abcdef0 --attribute userData The output is Base64-encoded — pipe it through base64 --decode to read the raw script.
Key Variables That Affect What You'll Find
Not every instance will expose the same configuration surface. Several factors shape what's available:
| Variable | Impact on Configuration Details |
|---|---|
| Instance state (running/stopped/terminated) | Terminated instances have limited retrievable data |
| Launch method (console, CloudFormation, Terraform) | Tags and user data may vary significantly |
| IAM permissions | Your console user needs ec2:DescribeInstances and related permissions |
| Region | Instances are region-scoped; wrong region = no results |
| Shared tenancy vs. Dedicated Host | Affects hardware-level detail visibility |
The Spectrum of Use Cases
A developer auditing a single dev instance has a very different extraction workflow than a DevOps engineer documenting an entire production environment across multiple regions. For one-off checks, the console tabs are sufficient. For ongoing infrastructure documentation, teams typically combine the CLI with tools like AWS Config, AWS Systems Manager Inventory, or Infrastructure-as-Code exports from Terraform state files.
What you actually need to extract — and how granular that extraction needs to be — depends entirely on your environment's complexity, your team's documentation standards, and what problem you're trying to solve.