AWS CLI

, , Comments Off on AWS CLI

Find Old Snapshots

aws ec2 describe-snapshots --region us-east-1 --profile profile --query 'Snapshots[?StartTime<=`2019-03-01`]'

Retrieve Windows Password

aws ec2 get-password-data --instance-id $instance --profile profile --priv-launch-key  ~/Desktop/my.pem  

Refresh an Auto Scaling Group

aws autoscaling start-instance-refresh --auto-scaling-group-name my-asg --profile profile --region us-east-2 

Show All EC2 Instances Behind an ASG

aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names  `aws autoscaling describe-auto-scaling-groups --profile profile --query 'AutoScalingGroups[].AutoScalingGroupName' --output text` --profile profile --query  'AutoScalingGroups[].Instances[].InstanceId' 

List EC2 Instance if Tag Exists

aws ec2 --profile account --region region describe-instances --filters "Name=tag-key,Values=SomeString" --query 'Reservations[].Instances[].[Tags[?Key==`Name`].Value | join(`, `, @), InstanceId |  join(`, `, to_array(to_string(@))) ]' --output table 

List EC2 Instance if Tag DOES NOT Exists

aws ec2 describe-instances --profile profile --region region  --query 'Reservations[].Instances[?!contains(Tags[].Key, `SomeString`)][].[Tags[?Key==`Name`].Value | join(`, `, @), InstanceId |  join(`, `, to_array(to_string(@))) ]' --output table

Describe Instances and Sort

aws ec2 describe-instances --profile profile --region us-east-2 --query 'Reservations[*].Instances[*][InstanceId,LaunchTime,ImageId,PlatformDetails,Tags[?Key==`Name`]| [0].Value][]  | sort_by(@, &[1]) ' --output table

List Name of EC2 Instances

aws ec2 describe-instances --region us-east-1 --profile profile   --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value' --output text

Find Images by Name

aws ec2 describe-instances --region us-east-1 --profile profile  --query "Reservations[].Instances[?Tags[?Key == 'Name' && contains(Value, '<query string>')][]][].[join(': ',[InstanceId,SecurityGroups[0].GroupId])]"

Contains Example

aws secretsmanager list-secrets --region us-east-1 --query 'SecretList[?contains(Name, `ssh`)==`true`].Name'

Find Network Interfaces

aws ec2 describe-instances --filters "Name=vpc-id,Values=vpc-5ef0b731" --query 'Reservations[*].Instances[*].NetworkInterfaces[*].NetworkInterfaceId'  --output text

List Name of EC2 Instance and Related Network Interface

aws ec2 describe-instances --region us-east-1  --query 'Reservations[*].Instances[].[Tags[?Key==`Name`].Value,  NetworkInterfaces[*].NetworkInterfaceId]' --output text 

List Instances Name and Instance ID

aws ec2 describe-instances --region us-east-1 --profile profile --query 'Reservations[*].Instances[].[Tags[?Key==`Name`].Value | join(`, `, @), InstanceId |  join(`, `, to_array(to_string(@))) ]' --output table

List Instance Name, ID and Type

aws ec2 describe-instances --region us-east-1 --profile profile --query 'Reservations[*].Instances[].[Tags[?Key==`Name`].Value | join(`, `, @), InstanceId, InstanceType | join(`, `, to_array(to_string(@))) ]' --output table

Instance Name, ID, and Key

aws ec2 describe-instances --instance-ids `cat /tmp/instances.txt`  --region us-east-1 --query 'Reservations[].Instances[].[Tags[?Key==`Name`].Value | join(`, `, @), InstanceId,KeyName |  join(`, `, to_array(to_string(@))) ]' --output table

List Name of EC2 Instances

aws ec2 describe-instances --region us-east-1 --profile 133 --query 'Reservations[*].Instances[].Tags[?Key==`Name`].Value' --output text 

Show Name of Running Instances

aws ec2 describe-instances --profile 133 --region us-east-1 --filters "Name=instance-state-code, Values=16" --query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress' --output text

Show EC2 Instance Name and IP Address

aws ec2 describe-instances  --query 'Reservations[*].Instances[].[ Tags[?Key==`Name`].Value  |  join(`, `, @), NetworkInterfaces[].PrivateIpAddress[] |  join(`, `, to_array(to_string(@))) ]' --profile legacy --region us-east-1 --output table

Show EC2 Instance Name and Instance ID

aws ec2 describe-instances  --query 'Reservations[*].Instances[].[ Tags[?Key==`Name`].Value  |  join(`, `, @), InstanceId |  join(`, `, to_array(to_string(@))) ]' --profile legacy --region us-east-1 --output table

Encrypt Bucket with AES256

aws s3api put-bucket-encryption --bucket famc-gold-image --server-side-encryption-configuration  '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' --profile legacy

Find Name of EC2 Instances Associated with Network Interface

aws ec2 describe-instances --output text --query 'Reservations[*].Instances[].Tags[?Key==`Name`].Value' --filters "Name=instance-state-name,Values=running,Name=network-interface.network-interface-id , Values=eni-8c20e1a0" --profile legacy --region us-east-1

List Snapshots 

aws ec2 describe-snapshots --query Snapshots[].SnapshotId  --filters Name=owner-id,Values=858737304353 --profile legacy --region us-east-1 

Delete Available Volumes

for each in `aws  ec2 describe-volumes --filter "Name=status, Values=available" --profile famc-prod --region us-east-1 --query Volumes[].VolumeId --output text`; do echo $each; aws ec2 delete-volume --volume-id $each  --profile prod --region us-east-1; done

Allocate Elastic IP

ip2=`aws ec2 allocate-address --profile legacy --region us-east-1 | jq .PublicIp | sed 's/\"//g' `

ACL – Add Read Permissions to Object

aws s3 cp Image\ from\ iOS.jpg s3://thinkicide/public/ --acl public-read --profile default --region us-east-1

ACL – Add Read Permissions for Any AWS User

Cannot be done through the console!
aws s3 cp Image\ from\ iOS.jpg s3://thinkicide/public/ --acl authenticated-read --profile default --region us-east-1

List Names of EC2 Instance

aws ec2 describe-instances  --profile famc-legacy --region us-east-1 | jq '.Reservations[].Instances[].Tags[]|select(.Key=="Name").Value'

List Name and IP Addresses of Running EC2

aws ec2 describe-instances --filters Name=instance-state-code,Values=16  --query 'Reservations[*].Instances[].[ Tags[?Key==`Name`].Value  |  join(`, `, @), NetworkInterfaces[].PrivateIpAddress[] |  join(`, `, to_array(to_string(@))) ]' --profile ops --region us-east-1  --output table 

List Unencrypted Volumes

aws ec2 describe-volumes --profile legacy --region us-east-1 --filters "Name=encrypted,Values=false" --query 'Volumes[].Tags[?Key==Name].Value[] | []'

AmazonSSMRoleForInstancesQuickSetup

aws ec2 describe-instances --profile profile --region us-east-1 --filters Name=iam-instance-profile.arn,Values=arn:aws:iam::<account>:instance-profile/AmazonSSMRoleForInstancesQuickSetup --query Reservations[].Instances[].InstanceId

Add IAM Policy

aws iam create-policy --policy-name DenyFromNonFAMCNetwork --policy-document file://policy --profile famc-qa

All EC2 Instances in a Subnet

aws ec2 describe-instances  --filters Name=subnet-id,Values=subnet-f0fcbb9f --profile legacy --region us-east-1 --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value[] | []'

Create and EKS Cluster

aws eks create-cluster --name test --role-arn arn:aws:iam::442327582670:role/eksClusterRole --resources-vpc-config subnetIds=subnet-0d0d281ff87371cfa,subnet-0f45ccf5e7ef61ed5 --region us-east-1 --profile whatsbrewingnashville

Restore Instance from AMI

aws ec2 run-instances --image-id ami-0270754c4d6d906fb  --count 1 --instance-type t2.large --key-name orc-be  --security-group-ids sg-0b7204c40f9316d93 --subnet-id subnet-7bec4151 --private-ip-address 172.24.98.145 --profile qa --region us-east-1

List QuardDuty Members

aws guardduty list-members --detector-id xxxx --profile legacy --region us-east-1 --output table

Create AMI from EC2 Instance

aws ec2 create-image --instance-id i-1578acbd --name "orc-be ami" --description "orc-be prior to update" --profile legacy --region us-east-1

Create an EBS Volume

ec2 create-volume --availability-zone=us-east-1a --size=10 --volume-type=gp2 --profile whatsbrewingnashville --region us-east-1

Create a VPC

aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-east-1 --profile legacy

Create a Subnet

aws ec2 create-subnet --vpc-id vpc-05082fb9b9fde73be --cidr-block 10.0.1.0/24 --availability-zone us-east-1a --region us-east-1 --profile legacy

List gp2 Volumes

aws ec2 describe-volumes --filters Name=volume-type,Values=gp2 --query Volumes[].VolumeId --output text --profile legacy --region us-east-1

Create a CodeCommit Repository

aws codecommit create-repository --repository-name MyDemoRepo --repository-description "My demonstration repository" --profile legacy --region us-east-1

Add Files to Your CodeCommit Repository

aws codecommit put-file --repository-name MyDemoRepo --branch-name master --file-content fileb://ec2.json --file-path ec2.json --profile legacy --region us-east-1

List Names of S3 Buckets

aws s3api list-buckets --profile legacy --region us-east-1 --query Buckets[].Name --output text

List Names of VPC(s)

aws ec2 describe-vpcs --query 'Vpcs[].Tags[?Key==`Name`].Value' --profile legacy --region us-east-1 --output text

List VPC Endpoint Id(s)

aws ec2 describe-vpc-endpoints --query VpcEndpoints[].VpcEndpointId[] --profile legacy --region us-east-1 --output text

List NAT Gateways

aws ec2 describe-nat-gateways --query 'NatGateways[].Tags[?Key==`Name`].Value' --profile legacy --region us-east-1 --output text

Authenticate to ECR

aws ecr get-login-password --region us-east-1 --profile legacy | docker login --username AWS --password-stdin 123456789123.dkr.ecr.us-east-1.amazonaws.com

Find VPC by Tag

aws ec2 describe-vpcs --filter "Name=tag:Name,Values=main" --query 'Vpcs[].VpcId' --output text

Does S3 Bucket Exist

aws s3api list-buckets --query 'Buckets[?Name==bucket_name].Name' --profile profile --output text

Find Certificate ARN for Specific Domain

aws acm list-certificates --profile saml --query 'CertificateSummaryList[?DomainName==`'$var'`]' | jq '.[0].CertificateArn' 

Show instance ID and volume that are unencrypted

aws ec2 describe-volumes --filters Name=encrypted,Values=false --profile profile --region us-east-1  --query 'Volumes[*].[Attachments[*].InstanceId|  join(`, `, @), VolumeId |  join(`, `, to_array(to_string(@)))  ]'  --output table