brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ab53bfb44efd0beca0fc5a2f89a02f2c84bfd7b9
oam/snippets/aws/other commands.fish
Michele Cereda ab53bfb44e refactor(aws/rds/snippets): give rds its own file
2026-01-28 17:36:42 +01:00

480 lines
18 KiB
Fish
Raw Blame History

#!/usr/bin/env fish
###
# Account
# ------------------
###
aws account enable-region --account-id '012345678901' --region-name 'af-south-1'
aws account get-region-opt-status --region-name 'af-south-1'
aws account disable-region --region-name 'af-south-1'
###
# Autoscaling Groups
# ------------------
###
aws autoscaling describe-auto-scaling-groups
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names 'ProductionServers'
aws autoscaling start-instance-refresh --auto-scaling-group-name 'ProductionServers'
aws autoscaling describe-instance-refreshes \
--auto-scaling-group-name 'ProductionServers' --instance-refresh-ids '01234567-89ab-cdef-0123-456789abcdef'
aws autoscaling cancel-instance-refresh --auto-scaling-group-name 'ProductionServers'
aws autoscaling rollback-instance-refresh --auto-scaling-group-name 'ProductionServers'
###
# CloudFront
# ------------------
###
aws cloudfront get-distribution --id 'E123456ABCDEFG'
aws cloudfront get-cache-policy --id '01234567-89ab-cdef-0123-456789abcdef'
###
# CloudTrail
# ------------------
###
aws cloudtrail list-trails --query 'Trails[]'
aws cloudtrail describe-trails --trail-name-list 'ManagementEvents' --query 'trailList[0]'
###
# CloudWatch
# ------------------
###
# List available metrics
aws cloudwatch list-metrics --namespace 'AWS/EC2'
aws cloudwatch list-metrics --namespace 'AWS/EC2' --metric-name 'CPUUtilization'
aws cloudwatch list-metrics --namespace 'AWS/EC2' --dimensions 'Name=InstanceId,Value=i-1234567890abcdef0' \
--query 'Metrics[].MetricName'
# Show alarms information
aws cloudwatch describe-alarms-for-metric --metric-name 'CPUUtilization' --namespace 'AWS/EC2' \
--dimensions 'Name=InstanceId,Value=i-1234567890abcdef0'
###
# Cognito
# ------------------
###
# List user pools
# '--max-results' is required (ノಠ益ಠ)ノ彡┻━━┻
aws cognito-idp list-user-pools --max-results '10' --query 'UserPools'
# List users in pools
aws cognito-idp list-users --user-pool-id 'eu-west-1_lrDF9T78a' --query "Users[?Username=='john']"
###
# ECR
# ------------------
###
aws ecr describe-repositories
aws ecr create-repository --repository-name 'bananaslug' --registry-id '012345678901'
aws ecr delete-repository --repository-name 'bananaslug'
aws ecr get-login-password \
| docker login --username AWS --password-stdin '012345678901.dkr.ecr.eu-west-1.amazonaws.com'
aws ecr describe-pull-through-cache-rules --registry-id '012345678901'
aws ecr validate-pull-through-cache-rule --ecr-repository-prefix 'ecr-public'
docker pull '012345678901.dkr.ecr.eu-west-1.amazonaws.com/ecr-public/repository_name/image_name:tag'
docker pull '012345678901.dkr.ecr.eu-west-1.amazonaws.com/quay/repository_name/image_name:tag'
docker pull 'quay.io/argoproj/argocd:v2.10.0'
docker pull '012345678901.dkr.ecr.eu-west-1.amazonaws.com/me/argoproj/argocd:v2.10.0'
aws ecr create-pull-through-cache-rule --registry-id '012345678901' \
--ecr-repository-prefix 'cache/docker-hub' \
--upstream-registry 'docker-hub' --upstream-registry-url 'registry-1.docker.io' \
--credential-arn "$(\
aws secretsmanager describe-secret --secret-id 'ecr-pullthroughcache/docker-hub' --query 'ARN' --output 'text' \
)"
aws ecr describe-pull-through-cache-rules --registry-id '012345678901' --ecr-repository-prefixes 'cache/docker-hub'
aws ecr list-images --registry-id '012345678901' --repository-name 'cache/docker-hub'
# Check images exist in the ECR.
[[ $(
aws ecr list-images --repository-name 'repository' \
--query "length(imageIds[?@.imageTag=='latest'])" --output 'text' \
) -le 0 \
]] && echo "image 'repository:latest' exists" || echo "image 'repository:latest' does not exist"
###
# EFS
# ------------------
###
# Get filesystems' information.
aws efs describe-file-systems --query 'FileSystems' --creation-token 'fs-name'
# Get filesystems's ids.
aws efs describe-file-systems --query 'FileSystems[].FileSystemId' --output 'text' --creation-token 'fs-name'
# Print filesystems's DNS.
# No DNS nor region are returned from the get fs command, but ARN is and the DNS does follow a naming convention, so…
aws efs describe-file-systems --query 'FileSystems[].FileSystemArn' --output 'text' --creation-token 'fs-name' \
| sed -E 's|arn:[a-z-]+:elasticfilesystem:([a-z0-9-]+):[0-9]+:file-system/(fs-[a-f0-9]+)|\2.efs.\1.amazonaws.com|'
# Get mount targets' information.
aws efs describe-mount-targets --query 'MountTargets' --file-system-id 'fs-0123456789abcdef0'
# Get mount targets' IP address.
aws efs describe-mount-targets --query 'MountTargets[].IpAddress' --output 'text' --file-system-id 'fs-0123456789abcdef0'
aws efs describe-mount-targets --query 'MountTargets[].IpAddress' --output 'text' --mount-target-id 'fsmt-0123456789abcdef0'
# Get mount targets' IP address from the filesystem's name.
aws efs describe-mount-targets --query 'MountTargets[].IpAddress' --output 'json' \
--file-system-id ( \
aws efs describe-file-systems --creation-token 'fs-name' --query 'FileSystems[].FileSystemId' --output 'text' \
)
# Mount volumes.
mount -t 'nfs' -o 'nfsvers=4.0,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport' \
'fs-0123456789abcdef0.efs.eu-west-1.amazonaws.com:/' "$HOME/efs"
mount -t 'nfs' -o 'nfsvers=4,tcp,rwsize=1048576,hard,timeo=600,retrans=2,noresvport' \
'10.20.30.42:/export-name' "$HOME/efs/export"
# Update a file in an EFS volume, then stop the ECS tasks using it so new can start with the updated file.
mkdir -p "$HOME/tmp/efs" \
&& aws efs describe-file-systems --query 'FileSystems[].FileSystemId' --output 'text' --creation-token 'mimir' \
| xargs -I '%%' dig 'A' +short '@172.16.0.2' "%%.efs.eu-west-1.amazonaws.com" \
| xargs -I '%%' mount -t 'nfs' -o 'nfsvers=4.0,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport' \
"%%:/" "$HOME/tmp/efs" \
&& sudo cp -iv 'config.yaml' "$HOME/tmp/efs/" \
&& diff -q 'config.yaml' "$HOME/tmp/efs/config.yaml" \
&& umount "$HOME/tmp/efs" \
&& aws --profile 'ro' ecs list-tasks --cluster 'staging' --service-name 'mimir' --query 'taskArns' --output 'text' \
| xargs -n '1' aws --profile 'rw' ecs stop-task --cluster 'staging' --output 'text' --query 'task.lastStatus' --task
###
# EKS
# ------------------
###
aws eks --region 'eu-west-1' update-kubeconfig --name 'oneForAll'
aws eks --region 'eu-west-1' update-kubeconfig --name 'oneForAll' --profile 'dev-user'
aws eks --region 'eu-west-1' update-kubeconfig --name 'oneForAll' --role-arn 'arn:aws:iam::012345678901:role/AssumedRole'
# Create OIDC providers for EKS clusters
# 1. Get the OIDC issuer ID for existing EKS clusters
set 'OIDC_ISSUER' (aws eks describe-cluster --name 'oneForAll' --query 'cluster.identity.oidc.issuer' --output 'text')
set 'OIDC_ID' (echo "$OIDC_ISSUER" | awk -F '/id/' '{print $2}')
# 2. Check they are present in the list of providers for the account
aws iam list-open-id-connect-providers --query 'OpenIDConnectProviderList' --output 'text' | grep "$OIDC_ID"
# 3. If the providers do not exist, create them
aws create create-open-id-connect-provider --url "$OIDC_ISSUER" --client-id-list 'sts.amazonaws.com'
aws iam list-roles --query "Roles[?RoleName=='EksEbsCsiDriverRole'].Arn"
aws iam list-attached-role-policies --role-name 'EksEbsCsiDriverRole' --query 'AttachedPolicies[].PolicyArn'
aws iam get-policy --policy-arn 'arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy' --query 'Policy'
aws eks describe-addon-versions --query 'sort(addons[].addonName)'
aws eks describe-addon-versions --addon-name 'eks-pod-identity-agent' --query 'addons[].addonVersions[]'
aws eks describe-addon-configuration --addon-name 'aws-ebs-csi-driver' --addon-version 'v1.32.0-eksbuild.1'
aws eks describe-addon-configuration --addon-name 'aws-ebs-csi-driver' --addon-version 'v1.32.0-eksbuild.1' \
--query 'configurationSchema' --output 'text' | jq -sr
###
# Elasticache
# ------------------
###
# Describe replication groups
aws elasticache describe-replication-groups
aws elasticache describe-replication-groups --query 'ReplicationGroups[].ReplicationGroupId'
aws elasticache describe-replication-groups --replication-group-id 'some-app' --output 'text' \
--query "ReplicationGroups[].NodeGroups[].PrimaryEndpoint[].join(':', [Address, to_string(Port)])"
aws elasticache describe-replication-groups --replication-group-id 'some-app' --output 'text' \
--query "ReplicationGroups[].NodeGroups[].PrimaryEndpoint[].join('', [`redis://`,Address,`:`,to_string(Port),`/0`])"
# List pending changes to replication groups
aws elasticache describe-replication-groups --query 'ReplicationGroups[].PendingModifiedValues'
aws elasticache describe-replication-groups --replication-group-id 'some-app' --query 'ReplicationGroups[].PendingModifiedValues'
# Upgrade replication groups' engine
aws elasticache modify-replication-group --replication-group-id 'some-app' --engine-version '6.2' --apply-immediately
# Describe clusters
aws elasticache describe-cache-clusters
aws elasticache describe-cache-clusters --query 'CacheClusters[].CacheClusterId'
# List pending changes to clusters
aws elasticache describe-cache-clusters --query 'CacheClusters[].PendingModifiedValues'
aws elasticache describe-cache-clusters \
--query 'CacheClusters[?length(PendingModifiedValues)>`0`].{"CacheClusterId":CacheClusterId,"PendingModifiedValues":PendingModifiedValues}'
aws elasticache describe-cache-clusters --cache-cluster-id 'some-cluster' --query 'CacheClusters[].PendingModifiedValues'
# Apply pending changes to clusters
aws elasticache modify-cache-cluster --cache-cluster-id 'some-cluster' --num-cache-nodes 'current-number-of-nodes' \
--apply-immediately
###
# ELB - Load Balancers
# ------------------
###
# Get load balancers IDs
aws elbv2 describe-load-balancers --names 'load-balancer-name' --query 'LoadBalancers[].LoadBalancerArn' --output 'text' \
| grep -o '[^/]*$'
# Get the private IP addresses of load balancers
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB app/application-load-balancer-name/application-load-balancer-id' \
--query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress'
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB net/network-load-balancer-name/network-load-balancer-id' \
--query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress'
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB classic-load-balancer-name' \
--query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress'
# Get the public IP addresses of load balancers
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB app/application-load-balancer-name/application-load-balancer-id' \
--query 'NetworkInterfaces[*].Association.PublicIp'
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB net/network-load-balancer-name/network-load-balancer-id' \
--query 'NetworkInterfaces[*].Association.PublicIp'
aws ec2 describe-network-interfaces --output 'text' \
--filters Name=description,Values='ELB classic-load-balancer-name' \
--query 'NetworkInterfaces[*].Association.PublicIp'
# Create listener rules
# Conditions' 'host-header' values allow up to 90 chars total, not 128 as said in the docs
# Priority 0 is highest
aws engineer elbv2 create-rule \
--listener-arn 'arn:aws:elasticloadbalancing:eu-west-1:012345678901:listener/app/some-listener/0123456789abcedf/0123456789abcdef' \
--conditions 'Field=host-header,Values=["some-host.dev.example.org"]' \
--actions 'Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:eu-west-1:012345678901:targetgroup/0123456789abcdef0123456789abcdef/0123456789abcdef' \
--priority 1000
###
# Grafana
# ------------------
###
aws grafana create-workspace-api-key --workspace-id 'g-abcdef0123' \
--key-name 'test' --key-role 'VIEWER' --seconds-to-live '60'
aws grafana delete-workspace-api-key --workspace-id 'g-abcdef0123' --key-name 'test'
###
# IAM
# ------------------
###
# Create users
# Only 1 user can exist with a specific username, no matter its path
aws iam create-user --user-name 'quistis'
aws iam create-user --path '/alumni/' --user-name 'squall'
# Get users' information
aws iam get-user --user-name 'michele'
# Get information about user's console login capabilities
aws iam get-login-profile --user-name 'john' --query 'LoginProfile'
# Get all users' access keys
aws iam list-users --no-cli-pager --query 'Users[].UserName' --output 'text' \
| xargs -n1 aws iam list-access-keys --output 'json' --user
# Get the user owning a specific access key
aws iam list-users --no-cli-pager --query 'Users[].UserName' --output 'text' \
| xargs -n1 -P (nproc) aws iam list-access-keys \
--query "AccessKeyMetadata[?AccessKeyId=='AKIA01234567890ABCDE'].UserName" --output 'json' --user \
| jq -rs 'flatten|first'
# Get details for access keys
# When no user is specified, it displays only keys for the current one
aws iam --no-cli-pager list-access-keys
aws iam --no-cli-pager list-access-keys --user-name 'mark'
# Change users' console password
# FIXME: check
aws iam update-login-profile --user-name 'logan'
aws iam update-login-profile --user-name 'mike' --password 'newPassword' --password-reset-require
# Change one's own console password
# FIXME: check
basename (aws sts get-caller-identity --query 'Arn' --output 'text') \
| xargs aws iam update-login-profile --user-name
# Add users to user groups
aws iam add-user-to-group --group-name 'infra' --user-name 'matt'
# Delete users
aws iam delete-user --user-name 'sophie'
# Create roles
# Only 1 role can exist with a specific name, no matter its path
aws iam create-role --role-name 'captain' --assume-role-policy-document 'file://captain-trustPolicy.json'
aws iam create-role --role-name 'someService' --path '/services/' --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowEc2ToAssumeThisVeryRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
}'
# Delete roles
aws iam delete-role --role-name 'someService'
###
# Image Builder
# ------------------
###
aws imagebuilder list-image-recipes
aws imagebuilder get-image-recipe \
--image-recipe-arn 'arn:aws:imagebuilder:eu-west-1:012345678901:image-recipe/my-custom-image/1.0.12'
###
# KMS
# ------------------
###
aws kms get-key-policy --output 'text' --key-id '01234567-89ab-cdef-0123-456789abcdef'
aws kms create-key
aws kms get-public-key --key-id 'arn:aws:kms:eu-west-1:123456789012:key/d74f5077-811b-4447-af65-71f5f64f37d3' \
--output text --query 'PublicKey' > 'RSAPublic.b64' \
&& base64 -d 'RSAPublic.b64' > 'RSAPublic.bin'
aws kms encrypt --key-id '01234567-89ab-cdef-0123-456789abcdef' --plaintext 'My Test String'
aws kms encrypt --key-id '01234567-89ab-cdef-0123-456789abcdef' --plaintext 'My Test String' \
--query 'CiphertextBlob' --output 'text' \
| base64 --decode > 'ciphertext.dat'
aws kms decrypt --ciphertext-blob 'AQICA…0zzdXzQLAw='
aws kms decrypt --ciphertext-blob 'fileb://ciphertext.dat' --query 'Plaintext' --output 'text' \
| base64 --decode
aws kms decrypt --key-id 'arn:aws:kms:eu-west-1:123456789012:key/d74f5077-811b-4447-af65-71f5f64f37d3' \
--ciphertext-blob 'fileb://enc.key.bin' --encryption-algorithm 'RSAES_OAEP_SHA_256' \
--output 'text' --query 'Plaintext' \
| base64 --decode > 'decryptedKey.bin'
aws kms list-aliases --query 'Aliases[?AliasName.contains(@,`staging`)]'
aws kms list-aliases --query 'Aliases[?AliasName.contains(@,`prod`)]|[*].{"Alias":@.AliasName,"KeyId":@.TargetKeyId}'
###
# Route53
# ------------------
###
aws route53 list-hosted-zones
aws route53 list-resource-record-sets --hosted-zone-id 'ABC012DEF345GH'
###
# S3
# ------------------
###
aws s3 rm 's3://bucket-name/prefix' --recursive --dry-run
aws s3 cp 's3://my-first-bucket/test.txt' 's3://my-other-bucket/'
aws s3api list-objects-v2 --bucket 'backup'
aws s3api list-objects-v2 --bucket 'backup' --query "Contents[?LastModified>='2022-01-05T08:05:37+00:00'].Key"
aws s3api list-buckets --output 'text' --query 'Buckets[].Name' | xargs -n1 aws s3api list-multipart-uploads --bucket
aws --profile 'someProfile' s3api head-bucket --bucket 'someBucket'
###
# Secrets
# ------------------
###
# List secrets
aws secretsmanager list-secrets
aws secretsmanager list-secrets --query 'SecretList[].Name|sort(@)' --output 'json'
# Create secrets
aws secretsmanager create-secret --name 'TestSecretFromFile' --secret-string 'file://mycreds.json'
aws secretsmanager create-secret \
--name 'MyTestSecret' --description 'A test secret created with the CLI.' \
--secret-string '{"user":"diego","password":"EXAMPLE-PASSWORD"}' \
--tags '[{"Key": "FirstTag", "Value": "FirstValue"}, {"Key": "SecondTag", "Value": "SecondValue"}]'
# Retrieve secrets
aws secretsmanager get-secret-value --secret-id 'prod/ecr/pullthroughcache/dockerhub'
aws secretsmanager get-secret-value --secret-id 'dev/db/master' --output 'text' --query 'SecretString' | jq '.' -
###
# SNS
# ------------------
###
# List topics
aws sns list-topics
# Get information about topics
aws sns get-topic-attributes --topic-arn 'arn:aws:sns:eu-west-1:012345678901:aSucculentTopic'
# List subscriptions
aws sns list-subscriptions
aws sns list-subscriptions --query 'Subscriptions'
aws sns list-subscriptions-by-topic --topic-arn 'arn:aws:sns:eu-west-1:012345678901:aSucculentTopic'
# Get information about subscriptions
aws sns get-subscription-attributes \
--subscription-arn 'arn:aws:sns:eu-west-1:012345678901:aSucculentTopic:abcdef01-2345-6789-abcd-ef0123456789'
###
# SSM
# ------------------
###
# Check SSM registered an EC2 instance
aws ssm get-connection-status --target 'i-0123456789abcdef0' --query 'Status' --output 'text'
# Start a shell
aws ssm start-session --target 'i-0123456789abcdef0'
###
# Step Functions
# ------------------
###
# Start an execution
aws stepfunctions start-execution --state-machine-arn 'arn:aws:states:eu-west-1:012345678901:stateMachine:SomeMachine'
# List executions
aws stepfunctions list-executions --state-machine-arn 'arn:aws:states:eu-west-1:012345678901:stateMachine:SomeMachine'
aws stepfunctions list-executions --state-machine-arn 'arn:aws:states:eu-west-1:012345678901:stateMachine:SomeMachine' \
--query "executions[?status=='RUNNING']"
# Stop executions
aws stepfunctions list-executions --state-machine-arn 'arn:aws:states:eu-west-1:012345678901:stateMachine:SomeMachine' \
--query "executions[?status=='RUNNING'].executionArn" --output 'text' \
| xargs -n1 aws stepfunctions stop-execution --execution-arn
Reference in New Issue View Git Blame Copy Permalink