brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(aws): revise and improve commands, add ecs

Browse Source
This commit is contained in:
Michele Cereda
2024-05-02 02:01:38 +02:00
parent 3f3733d42d
commit 9be6d5f1e1
13 changed files with 179 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored
View File

@@ -67,6 +67,8 @@
"autoscaler", "autoscaler",
"autoscalers", "autoscalers",
"awscli", "awscli",
"awscurl",
"awskms",
"bitwarden", "bitwarden",
"boinc", "boinc",
"boinccmd", "boinccmd",
@@ -196,6 +198,7 @@
"polkit", "polkit",
"portsnap", "portsnap",
"posix", "posix",
"postgis",
"poweroff", "poweroff",
"powersave", "powersave",
"psql", "psql",

5
knowledge base/cloud computing/aws/README.md
View File

@@ -53,6 +53,7 @@ One can can rapidly remapping addresses to other instances in one's account and
| [Detective] | FIXME | | [Detective] | FIXME |
| [EC2] | Virtual machines | | [EC2] | Virtual machines |
| [ECR] | Container registry | | [ECR] | Container registry |
| [ECS] | Containers as a service |
| [EKS] | Kubernetes clusters | | [EKS] | Kubernetes clusters |
| [EventBridge] | FIXME | | [EventBridge] | FIXME |
| [GuardDuty] | Threat detection | | [GuardDuty] | Threat detection |
@@ -265,6 +266,7 @@ Examples:
- [Best Practices for Tagging AWS Resources] - [Best Practices for Tagging AWS Resources]
- [Automating DNS-challenge based LetsEncrypt certificates with AWS Route 53] - [Automating DNS-challenge based LetsEncrypt certificates with AWS Route 53]
- [Working with DB instance read replicas] - [Working with DB instance read replicas]
- AWS' [CLI]
### Sources ### Sources
@@ -291,11 +293,14 @@ Examples:
[eventbridge]: #eventbridge [eventbridge]: #eventbridge
[guardduty]: #guardduty [guardduty]: #guardduty
[inspector]: #inspector [inspector]: #inspector
[rds]: #rds
[security hub]: #security-hub [security hub]: #security-hub
<!-- Knowledge base --> <!-- Knowledge base -->
[cli]: cli.md
[ec2]: ec2.md [ec2]: ec2.md
[ecr]: ecr.md [ecr]: ecr.md
[ecs]: ecs.md
[eks]: eks.md [eks]: eks.md
[s3]: s3.md [s3]: s3.md
[sagemaker]: sagemaker.md [sagemaker]: sagemaker.md

4
knowledge base/cloud computing/aws/awscurl.md
View File

@@ -1,4 +1,4 @@
# awscurl # `awscurl`
[`curl`][curl]-like tool with AWS Signature Version 4 request signing. [`curl`][curl]-like tool with AWS Signature Version 4 request signing.
@@ -45,6 +45,7 @@ docker run --rm -it 'okigan/awscurl' \
## Further readings ## Further readings
- [Amazon Web Services]
- [Github] - [Github]
### Sources ### Sources
@@ -56,6 +57,7 @@ docker run --rm -it 'okigan/awscurl' \
--> -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[curl]: ../../curl.md [curl]: ../../curl.md
<!-- Upstream --> <!-- Upstream -->

10
knowledge base/cloud computing/aws/cli.md
View File

@@ -53,12 +53,6 @@ aws deploy get-deployment-group --application-name 'batman' \
--deployment-group-name 'production' --deployment-group-name 'production'
# Access shells on containers in ECS.
aws ecs execute-command \
--cluster 'clusterName' --task 'taskId' --container 'containerName' \
--interactive --command '/bin/bash'
# Get information about the current user. # Get information about the current user.
aws sts get-caller-identity aws sts get-caller-identity
@@ -228,7 +222,7 @@ aws ssm start-session --target 'i-0123456789abcdef0'
## Further readings ## Further readings
- [AWS] - [Amazon Web Services]
- CLI [quickstart] - CLI [quickstart]
- [Configure profiles] in the CLI - [Configure profiles] in the CLI
- [How do I assume an IAM role using the AWS CLI?] - [How do I assume an IAM role using the AWS CLI?]
@@ -244,7 +238,7 @@ aws ssm start-session --target 'i-0123456789abcdef0'
--> -->
<!-- Knowledge base --> <!-- Knowledge base -->
[aws]: README.md [amazon web services]: README.md
[ebs tldr]: ebs.md#tldr [ebs tldr]: ebs.md#tldr
[ec2 tldr]: ec2.md#tldr [ec2 tldr]: ec2.md#tldr
[ecr tldr]: ecr.md#tldr [ecr tldr]: ecr.md#tldr

4
knowledge base/cloud computing/aws/ebs.md
View File

@@ -22,7 +22,9 @@ aws ec2 describe-volumes --output 'text' \
## Further readings ## Further readings
- [Amazon Web Services]
- [What is block storage?] - [What is block storage?]
- AWS' [CLI]
### Sources ### Sources
@@ -36,6 +38,8 @@ aws ec2 describe-volumes --output 'text' \
--> -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md
[ec2]: ec2.md [ec2]: ec2.md
<!-- Upstream --> <!-- Upstream -->

14
knowledge base/cloud computing/aws/ec2.md
View File

@@ -1,4 +1,4 @@
# Title # Elastic Compute Cloud
1. [TL;DR](#tldr) 1. [TL;DR](#tldr)
1. [Disks](#disks) 1. [Disks](#disks)
@@ -36,6 +36,14 @@ aws ec2 describe-images --filters \
'Name=owner-alias,Values=["amazon"]' \ 'Name=owner-alias,Values=["amazon"]' \
'Name=architecture,Values=["arm64","x86_64"]' \ 'Name=architecture,Values=["arm64","x86_64"]' \
'Name=block-device-mapping.volume-type,Values=["gp3"]' 'Name=block-device-mapping.volume-type,Values=["gp3"]'
# Describe security groups.
aws ec2 describe-security-groups --group-names 'pulumi-workshop'
# Delete security groups.
aws ec2 delete-security-group --group-name 'pulumi-workshop'
aws ec2 delete-security-group --group-id 'sg-0773aa724d0c2dd51'
``` ```
</details> </details>
@@ -46,8 +54,10 @@ See [EBS].
## Further readings ## Further readings
- [Amazon Web Services]
- [AWS EC2 Instance pricing comparison] - [AWS EC2 Instance pricing comparison]
- [EC2Instances.info on vantage.sh] - [EC2Instances.info on vantage.sh]
- AWS' [CLI]
- [SSM] - [SSM]
- [Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint] - [Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint]
@@ -63,6 +73,8 @@ See [EBS].
<!-- In-article sections --> <!-- In-article sections -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md
[ebs]: ebs.md [ebs]: ebs.md
[ssm]: ssm.md [ssm]: ssm.md

2
knowledge base/cloud computing/aws/ecr.md
View File

@@ -69,6 +69,7 @@ aws ecr describe-repositories --repository-names 'docker-tools/image-builder' \
## Further readings ## Further readings
- [Amazon Web Services]
- AWS' [CLI] - AWS' [CLI]
### Sources ### Sources
@@ -83,6 +84,7 @@ aws ecr describe-repositories --repository-names 'docker-tools/image-builder' \
<!-- In-article sections --> <!-- In-article sections -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md [cli]: cli.md
<!-- Files --> <!-- Files -->

114
knowledge base/cloud computing/aws/ecs.md Normal file
View File

@@ -0,0 +1,114 @@
# Elastic Container Service
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
<details>
<summary>Usage</summary>
```sh
# List services.
aws ecs list-services --cluster 'clusterName'
# Scale services.
aws ecs update-service --cluster 'clusterName' --service 'serviceName' --desired-count '0'
aws ecs update-service --cluster 'clusterName' --service 'serviceName' --desired-count '10'
# Wait for services to be running.
aws ecs wait services-stable --cluster 'clusterName' --services 'serviceName'
# Delete services.
# Cannot really be deleted if scaled above 0.
aws ecs delete-service --cluster 'clusterName' --service 'serviceName'
aws ecs delete-service --cluster 'clusterName' --service 'serviceName' --force
# List task definitions.
aws ecs list-task-definitions --family-prefix 'familyPrefix'
# Deregister task definitions.
aws ecs deregister-task-definition --task-definition 'taskDefinitionArn'
# Delete task definitions.
# The task definition must be deregistered.
aws ecs delete-task-definitions --task-definitions 'taskDefinitionArn'
# List tasks.
aws ecs list-tasks --cluster 'clusterName'
aws ecs list-tasks --cluster 'clusterName' --service-name 'serviceName'
# Get information about tasks.
aws ecs describe-tasks --cluster 'clusterName' --tasks 'taskIdOrArn'
# Wait for tasks to be running.
aws ecs wait tasks-running --cluster 'clusterName' --tasks 'taskIdOrArn'
# Access shells on containers in ECS.
aws ecs execute-command \
--cluster 'clusterName' --task 'taskId' --container 'containerName' \
--interactive --command '/bin/bash'
```
</details>
<details>
<summary>Real world use cases</summary>
```sh
# Get the ARNs of tasks for specific services.
aws ecs list-tasks --cluster 'testCluster' --service-name 'testService' --query 'taskArns' --output 'text'
# Get the private IP Address of containers.
aws ecs describe-tasks --output 'text' \
--cluster 'testCluster' --tasks 'testTask' \
--query "tasks[].attachments[].details[?(name=='privateDnsName')].value"
# Connect to the private DNS name of containers in ECS.
curl -fs "http://$(\
aws ecs describe-tasks --cluster 'testCluster' --tasks "$(\
aws ecs list-tasks --cluster 'testCluster' --service-name 'testService' --query 'taskArns' --output 'text' \
)" --query "tasks[].attachments[].details[?(name=='privateDnsName')].value" --output 'text' \
):8080"
# Delete services.
aws ecs delete-service --cluster 'testCluster' --service 'testService' --force
# Delete task definitions.
aws ecs list-task-definitions --family-prefix 'testService' --output 'text' --query 'taskDefinitionArns' \
| xargs -n '1' aws ecs deregister-task-definition --task-definition
# Wait for tasks to be running.
aws ecs list-tasks --cluster 'testCluster' --family 'testService' --output 'text' --query 'taskArns' \
| xargs -p aws ecs wait tasks-running --cluster 'testCluster' --tasks
while [[ $(aws ecs list-tasks --query 'taskArns' --output 'text' --cluster 'testCluster' --service-name 'testService') == "" ]]; do sleep 1; done
```
</details>
## Further readings
- [Amazon Web Services]
- [Amazon ECS task lifecycle]
- AWS' [CLI]
- [Troubleshoot Amazon ECS deployment issues]
### Sources
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md
<!-- Files -->
<!-- Upstream -->
[amazon ecs task lifecycle]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-lifecycle-explanation.html
[troubleshoot amazon ecs deployment issues]: https://docs.aws.amazon.com/codedeploy/latest/userguide/troubleshooting-ecs.html
<!-- Others -->

4
knowledge base/cloud computing/aws/eks.md
View File

@@ -678,10 +678,12 @@ Debug: see [Identify common issues].
## Further readings ## Further readings
- [Amazon Web Services]
- [Kubernetes] - [Kubernetes]
- [EKS Workshop] - [EKS Workshop]
- [Pulumi] - [Pulumi]
- [Terraform] - [Terraform]
- AWS' [CLI]
- [How can I get my worker nodes to join my Amazon EKS cluster?] - [How can I get my worker nodes to join my Amazon EKS cluster?]
- [Enabling IAM principal access to your cluster] - [Enabling IAM principal access to your cluster]
- [Allowing IAM roles or users access to Kubernetes objects on your Amazon EKS cluster] - [Allowing IAM roles or users access to Kubernetes objects on your Amazon EKS cluster]
@@ -721,6 +723,8 @@ Debug: see [Identify common issues].
[secrets encryption through kms]: #secrets-encryption-through-kms [secrets encryption through kms]: #secrets-encryption-through-kms
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md
[kubernetes]: ../../kubernetes/README.md [kubernetes]: ../../kubernetes/README.md
[pulumi]: ../../pulumi.md [pulumi]: ../../pulumi.md
[terraform]: ../../pulumi.md [terraform]: ../../pulumi.md

5
knowledge base/cloud computing/aws/s3.md
View File

@@ -52,6 +52,9 @@ aws s3 cp - 's3://my-bucket/stream.txt'
aws s3 cp - 's3://my-bucket/stream.txt' --expected-size '54760833024' aws s3 cp - 's3://my-bucket/stream.txt' --expected-size '54760833024'
aws s3 cp 's3://my-bucket/stream.txt' - aws s3 cp 's3://my-bucket/stream.txt' -
# Remove objects.
aws s3 rm 's3://my-bucket/prefix-name' --recursive --dryrun
# Sync buckets. # Sync buckets.
aws s3 sync '.' 's3://my-bucket' aws s3 sync '.' 's3://my-bucket'
aws s3 sync 's3://my-bucket' '.' --delete aws s3 sync 's3://my-bucket' '.' --delete
@@ -122,6 +125,7 @@ Examples: [1][lifecycle configuration examples], [2][s3 lifecycle rules example
## Further readings ## Further readings
- [Amazon Web Services]
- [Configure notification for lifecycle rules][lifecycle configure notification] - [Configure notification for lifecycle rules][lifecycle configure notification]
- AWS' [CLI] - AWS' [CLI]
- [Expiring Amazon S3 objects based on last accessed date to decrease costs] - [Expiring Amazon S3 objects based on last accessed date to decrease costs]
@@ -140,6 +144,7 @@ Examples: [1][lifecycle configuration examples], [2][s3 lifecycle rules example
<!-- In-article sections --> <!-- In-article sections -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
[cli]: cli.md [cli]: cli.md
<!-- Files --> <!-- Files -->

4
knowledge base/cloud computing/aws/sagemaker.md
View File

@@ -13,6 +13,8 @@
## Further readings ## Further readings
- [Amazon Web Services]
### Sources ### Sources
<!-- <!--
@@ -21,6 +23,8 @@
<!-- In-article sections --> <!-- In-article sections -->
<!-- Knowledge base --> <!-- Knowledge base -->
[amazon web services]: README.md
<!-- Files --> <!-- Files -->
<!-- Upstream --> <!-- Upstream -->
<!-- Others --> <!-- Others -->

6
knowledge base/cloud computing/aws/ssm.md
View File

@@ -1,4 +1,4 @@
# SSM # AWS Systems Manager
1. [TL;DR](#tldr) 1. [TL;DR](#tldr)
1. [Requirements](#requirements) 1. [Requirements](#requirements)
@@ -238,6 +238,8 @@ $ sudo ssm-cli get-diagnostics --output 'table'
## Further readings ## Further readings
- [Amazon Web Services]
- AWS' [CLI]
- [Ansible] - [Ansible]
- [EC2] - [EC2]
@@ -261,6 +263,8 @@ $ sudo ssm-cli get-diagnostics --output 'table'
<!-- Knowledge base --> <!-- Knowledge base -->
[ansible]: ../../ansible.md [ansible]: ../../ansible.md
[amazon web services]: README.md
[cli]: cli.md
[ec2]: ec2.md [ec2]: ec2.md
<!-- Upstream --> <!-- Upstream -->

15
snippets/aws.fish
View File

@@ -25,3 +25,18 @@ alias aws-ssm-gitlabAutoscalingManager-ita-b "aws ec2 describe-instances --outpu
'Name=tag:Name,Values=Gitlab Autoscaling Manager' \ 'Name=tag:Name,Values=Gitlab Autoscaling Manager' \
--query 'Reservations[].Instances[0].InstanceId' \ --query 'Reservations[].Instances[0].InstanceId' \
| xargs -ot aws ssm start-session --target" | xargs -ot aws ssm start-session --target"
aws s3 rm 's3://bucket-name/prefix' --recursive --dry-run
aws ecs list-tasks --cluster 'testCluster' --family 'testService' --output 'text' --query 'taskArns' \
| xargs -p aws ecs wait tasks-running --cluster 'testCluster' --tasks
while [[ $$(aws ecs list-tasks --query 'taskArns' --output 'text' --cluster 'testCluster' --service-name 'testService') == "" ]]; do sleep 1; done
@aws ecs list-task-definitions --family-prefix 'testService' --output 'text' --query 'taskDefinitionArns' \
| xargs -pn '1' aws ecs deregister-task-definition --task-definition
aws ecs list-tasks --query 'taskArns' --output 'text' --cluster 'testCluster' --service-name 'testService' \
| tee \
| xargs -t aws ecs describe-tasks --query "tasks[].attachments[].details[?(name=='privateIPv4Address')].value" --output 'text' --cluster 'testCluster' --tasks \
| tee \
| xargs -I{} curl -fs "http://{}:8080"