Aws: Difference between revisions

From Halfface
Jump to navigation Jump to search
 
(36 intermediate revisions by the same user not shown)
Line 7: Line 7:
  cwagent            cloud watch agent.
  cwagent            cloud watch agent.
  DynamoDB            NoSQL database  
  DynamoDB            NoSQL database  
ebs                elastic block storage
  ecr                Elastic Container Registry
  ecr                Elastic Container Registry
  ecs                Elastic Container Service.
  ecs                Elastic Container Service.
Line 14: Line 15:
  fargate            Fargate is a serverless compute service that can run containers on ECS or EKS.
  fargate            Fargate is a serverless compute service that can run containers on ECS or EKS.
  iam                Identity and Access Management
  iam                Identity and Access Management
imds                Instance Metadata Service.
  kenesis            analyzing real-time streaming data
  kenesis            analyzing real-time streaming data
kms                key management Service
  lambda              is an event-driven, serverless computing platform provided
  lambda              is an event-driven, serverless computing platform provided
  lbc                Load Balancer Controller
  lbc                Load Balancer Controller
Line 22: Line 25:
  sid                "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement.
  sid                "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement.
  sns                Simple Notification Service. message bus.
  sns                Simple Notification Service. message bus.
sqs                Simple Queue Service
  ssm                "Amazon Simple Systems Manager" "Amazon EC2 Systems Manager" Now known as AWS Systems Manager
  ssm                "Amazon Simple Systems Manager" "Amazon EC2 Systems Manager" Now known as AWS Systems Manager
ssm agent          Systems Manager Agent runs on EC2 makes it possible for Systems Manager to manage,resources.
  sts                Security Token Service
  sts                Security Token Service
transit gateway    service that simplifies and centralises the management of connectivity between multiple VPCs, VPN connections, and on-premises networks.
  waf                web application firewall
  waf                web application firewall
  vpc                Virtual Private Cloud
  vpc                Virtual Private Cloud
vgw                Virtual Private Gateway. VPN endpoint on the AWS side of a Site-to-Site VPN connection.


=documentation=
=documentation=
Line 45: Line 52:
=List databases short version=
=List databases short version=
  aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'
  aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'
aws rds describe-db-instances | jq -r '.DBInstances[]| [.DBInstanceIdentifier, .DBInstanceClass, .Engine, (.Endpoint|.Address, .Port)]|@tsv' | column -t -s $'\t'
=List databases in all regions=
=List databases in all regions=
  aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r  '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done
  aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r  '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done


=list events=
=list events=
  aws rds describe-events
  export DB=<database> ; aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier ${DB} --source-type db-instance
aws rds describe-events --duration 10080
 
aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance
=list logfiles=
=list logfiles=
  aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin
  aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin
Line 65: Line 73:
=remove files from s3 bucket=
=remove files from s3 bucket=
  aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz'
  aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz'
=Do files expire=
aws s3api get-bucket-lifecycle-configuration --bucket <bucket>
=undelete revision controlled files=
export BUCKET=<bucket> ; export PREFIX=<file> ; aws s3api list-object-versions --bucket "${BUCKET}" --prefix "${PREFIX}" --output json --query 'DeleteMarkers[?IsLatest==`true`].VersionId' | jq '.[]' -r | xargs echo aws s3api delete-object --bucket "${BUCKET}" --key "${PREFIX}" --version-id


=eksctl install=
=eksctl install=
  curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin
  curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin
=list users in all eks clusters=
aws eks list-clusters | jq -r '.clusters[]' | while read EKS ; do echo '*' Eks cluster $EKS ; eksctl get iamidentitymapping --cluster $EKS ; done
=list eks clusters=
=list eks clusters=
  aws eks list-clusters --region eu-north-1
  aws eks list-clusters --region eu-north-1
Line 75: Line 90:
=configure for kubectl=
=configure for kubectl=
  aws eks update-kubeconfig --name kafka-prod-cluster
  aws eks update-kubeconfig --name kafka-prod-cluster
  aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster
  aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::<arn>:<arn>
=Update eks=
Which clusters exist
eksctl get clusters
List addons.
aws eks list-addons --cluster-name kafka-cluster
Look for versions.
aws eks describe-addon-versions --addon-name kube-proxy
Update eks add-on.
aws eks update-addon --cluster-name <cluster-name> --addon-name <addon-name> --addon-version <version> --resolve-conflicts OVERWRITE
Update eks
aws eks update-cluster-version --name <cluster-name> --kubernetes-version <new-version>
View update status
aws eks describe-cluster --name <cluster-name>
kubectl get events -n kube-system --sort-by='.metadata.creationTimestamp' | less
Update eks nodegroup
eksctl get nodegroup --cluster kafka-cluster
eksctl upgrade nodegroup -name=<nodegroup> --cluster=<cluster> --kubernetes-version=1.30
View status
aws eks describe-nodegroup --cluster-name <clustername> --nodegroup-name <nodegroup>


=list roles=
=list roles=
Line 102: Line 136:
=list users=
=list users=
  aws iam list-users | jq -r '.Users[].UserName'
  aws iam list-users | jq -r '.Users[].UserName'
=list all users and their accesstokens=
for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
  echo "User: $user"
  aws iam list-access-keys --user-name "$user" --query 'AccessKeyMetadata[*].AccessKeyId' --output text
done
=get info about certain user=
=get info about certain user=
  aws iam get-user --user-name abjorklund
  aws iam get-user --user-name abjorklund
=list ec2 instances=
=list ec2 instances=
  aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less
  aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less
Filter running instances.
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"
=list vpcs=
=list vpcs=
  aws ec2 describe-vpcs $@ | jq -r '.Vpcs[] | [.CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv'
  aws ec2 describe-vpcs $@ | jq -r '.Vpcs[] | [.CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv'
=vpc peering=
List connections between vpc:s
aws ec2 describe-vpc-peering-connections | jq -r '.VpcPeeringConnections[] | .AccepterVpcInfo.CidrBlock +" "+ .AccepterVpcInfo.VpcId +" "+ .AccepterVpcInfo.Region +" "+ .RequesterVpcInfo.CidrBlock +" "+ .RequesterVpcInfo.VpcId +" "+ (.Tags[] | select(.Key=="Name").Value)'


=list securitygroups=
=list securitygroups=
Line 123: Line 169:
=list load balancers=
=list load balancers=
  aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerName'
  aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerName'
=try to access listeners=
aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | .DNSName +" "+ .VpcId +" "+ .LoadBalancerArn' | while read DNSName VpcId LoadBalancerArn ; do PORTS=$(aws elbv2 describe-listeners --load-balancer-arn $LoadBalancerArn | jq -r '.Listeners[]?|.Port') ; for Port in $PORTS ; do echo $DNSName $VpcId $(nc -w1 -zv $DNSName $Port 2>&1 ) ; done ; done
=route53=
=route53=
List names of hosted zones.
==List names of hosted zones.==
  aws route53 list-hosted-zones-by-name | jq -r '.HostedZones[]|.Name +"\t"+ .Id'
  aws route53 list-hosted-zones-by-name | jq -r '.HostedZones[]|.Id +"\t"+ .Name| sub("/hostedzone/"; "")' | column_tab
List info about recored
 
  aws route53 list-resource-record-sets --hosted-zone-id ZLFXGSK6FVL46
==List info about record==
...
  aws route53 list-resource-record-sets --hosted-zone-id <hostedzone>
{
 
  "Name": "akhq.inter.net.",
==Update cname==
  "Type": "CNAME",
  aws route53 change-resource-record-sets --hosted-zone-id <hostedzone> \
  "TTL": 300,
  "ResourceRecords": [
    {
      "Value": "internal-k8s-kafka-akhq-30d3a6b6ec-1273651003.eu-north-1.elb.amazonaws.com"
    }
  ]
},
...
Update cname.
  aws route53 change-resource-record-sets \
  --hosted-zone-id AAAABBBBB \
   --change-batch '{"Changes":[{"Action":"UPSERT","ResourceRecordSet":{"Name":"akhq.inter.net.","Type":"CNAME","TTL":300,"ResourceRecords":[{"Value":"internal-k8s-kafka-akhq-30d3a6b6ec-1805732719.eu-north-1.elb.amazonaws.com."}]}}]}'
   --change-batch '{"Changes":[{"Action":"UPSERT","ResourceRecordSet":{"Name":"akhq.inter.net.","Type":"CNAME","TTL":300,"ResourceRecords":[{"Value":"internal-k8s-kafka-akhq-30d3a6b6ec-1805732719.eu-north-1.elb.amazonaws.com."}]}}]}'
==Create a zone==
aws route53 create-hosted-zone --name inter.net --caller-reference $(date_file) --comment <comment>
==Add record to zone==
aws route53 change-resource-record-sets --hosted-zone-id <hostedzone> --change-batch '{"Changes":[{"Action":"CREATE","ResourceRecordSet":{"Name":"in.ter.net.","Type":"A","TTL":300,"ResourceRecords":[{"Value":"1.1.1.1"}]}}]}'
=subnets=
=subnets=
List subnets
List subnets
  aws ec2 describe-subnets | jq -r '.Subnets[] | [.SubnetId, .CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv' | column -t -s $'\t' | less -ISRM
  aws ec2 describe-subnets | jq -r '.Subnets[] | [.SubnetId, .CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv' | column -t -s $'\t' | less -ISRM
=direct connect=
List direct connect links
aws directconnect describe-connections
=ipsec vpn=
aws ec2 describe-vpn-connections | jq -r '.VpnConnections[] | .VpnConnectionId +" "+ (.Tags[] | select(.Key=="Name").Value)'
=list vpc endpoints interface/gateway=
aws ec2 describe-vpc-endpoints | jq -r '.VpcEndpoints[] | .VpcEndpointId +" "+ .VpcEndpointType +" "+ .VpcId +" "+ (.Tags[]? | select(.Key=="Name").Value)'
=imds=
Instance Metadata Service
TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/
=List ecs services=
# List cms services. Count the tasks.
aws ecs list-clusters
aws ecs describe-clusters --clusters <cluster>
aws ecs list-services --cluster <cluster>
aws ecs describe-services --cluster <cluster> --services <service> | jq '.services[].desiredCount'
=cloud trail=
aws cloudtrail describe-trails
=cloudwatch=
# View metrics on aws in namespace.
aws cloudwatch list-metrics --namespace=ContainerInsights/Prometheus
# List alarms
aws cloudwatch describe-alarms
aws cloudwatch describe-alarms | jq -r '.MetricAlarms[]| [.AlarmName, .MetricName, .Namespace, .AlarmDescription]|@tsv' |column_tab | less
aws cloudwatch describe-alarms | jq -r '.MetricAlarms[]| [.AlarmName, .MetricName, .EvaluationPeriods, .DatapointsToAlarm, .AlarmDescription]|@tsv' | column -t -s $'\t' | less
# Get alarm history
aws cloudwatch describe-alarm-history --alarm-name <ALARM_NAME>
=ssm/parameters=
Get parameter
aws ssm get-parameters --with-decryption --region eu-west-1 --name /<name>
Get parameters recursive
aws ssm get-parameters-by-path --recursive --region eu-west-1 --path /

Latest revision as of 08:32, 23 November 2024

what does it mean?

alb                 Application Load Balancer
acm                 AWS Certificate Manager
CloudFormation      Iac Infrastructure as code
cloudfront          cdn Content Delivery Network
cloudwatch          monitoring and management service that provides data and actionable insights.
cwagent             cloud watch agent.
DynamoDB            NoSQL database 
ebs                 elastic block storage
ecr                 Elastic Container Registry
ecs                 Elastic Container Service.
efs                 Elastic File System
eks                 Elastic Kubernetes Service
elb                 Elastic Load Balancing
fargate             Fargate is a serverless compute service that can run containers on ECS or EKS.
iam                 Identity and Access Management
imds                Instance Metadata Service.
kenesis             analyzing real-time streaming data
kms                 key management Service
lambda              is an event-driven, serverless computing platform provided
lbc                 Load Balancer Controller
nlb                 Network Load Balancer
peering connection  Networking connection established between two VPC.
sg                  Security group
sid                 "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement.
sns                 Simple Notification Service. message bus.
sqs                 Simple Queue Service
ssm                 "Amazon Simple Systems Manager" "Amazon EC2 Systems Manager" Now known as AWS Systems Manager
ssm agent           Systems Manager Agent runs on EC2 makes it possible for Systems Manager to manage,resources.
sts                 Security Token Service
transit gateway     service that simplifies and centralises the management of connectivity between multiple VPCs, VPN connections, and on-premises networks.
waf                 web application firewall
vpc                 Virtual Private Cloud
vgw                 Virtual Private Gateway. VPN endpoint on the AWS side of a Site-to-Site VPN connection.

documentation

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html

aws completion

complete -C '/usr/bin/aws_completer' aws

version

aws --version

configure aws

aws help config-vars

whoami

aws sts get-caller-identity

which groups do I belong to

aws iam list-groups

list databases

aws rds describe-db-instances

List databases short version

aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'
aws rds describe-db-instances | jq -r '.DBInstances[]| [.DBInstanceIdentifier, .DBInstanceClass, .Engine, (.Endpoint|.Address, .Port)]|@tsv' | column -t -s $'\t'

List databases in all regions

aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r  '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done

list events

export DB=<database> ; aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier ${DB} --source-type db-instance

list logfiles

aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin

view logfiles

aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text

List files in s3

aws s3 ls

Create bucket

aws --endpoint-url http://localhost:9000 s3 mb s3://minsio
make_bucket: minsio

Push files to bucket.

aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio

remove files from s3 bucket

aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz'

Do files expire

aws s3api get-bucket-lifecycle-configuration --bucket <bucket>

undelete revision controlled files

export BUCKET=<bucket> ; export PREFIX=<file> ; aws s3api list-object-versions --bucket "${BUCKET}" --prefix "${PREFIX}" --output json --query 'DeleteMarkers[?IsLatest==`true`].VersionId' | jq '.[]' -r | xargs echo aws s3api delete-object --bucket "${BUCKET}" --key "${PREFIX}" --version-id

eksctl install

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin

list users in all eks clusters

aws eks list-clusters | jq -r '.clusters[]' | while read EKS ; do echo '*' Eks cluster $EKS ; eksctl get iamidentitymapping --cluster $EKS ; done

list eks clusters

aws eks list-clusters --region eu-north-1

grant access to eks cluster

eksctl create iamidentitymapping --cluster kafka-cluster --arn <arn> --group system:masters --username ops-user

configure for kubectl

aws eks update-kubeconfig --name kafka-prod-cluster
aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::<arn>:<arn>

Update eks

Which clusters exist

eksctl get clusters

List addons.

aws eks list-addons --cluster-name kafka-cluster

Look for versions.

aws eks describe-addon-versions --addon-name kube-proxy

Update eks add-on.

aws eks update-addon --cluster-name <cluster-name> --addon-name <addon-name> --addon-version <version> --resolve-conflicts OVERWRITE

Update eks

aws eks update-cluster-version --name <cluster-name> --kubernetes-version <new-version>

View update status

aws eks describe-cluster --name <cluster-name>
kubectl get events -n kube-system --sort-by='.metadata.creationTimestamp' | less

Update eks nodegroup

eksctl get nodegroup --cluster kafka-cluster
eksctl upgrade nodegroup -name=<nodegroup> --cluster=<cluster> --kubernetes-version=1.30

View status

aws eks describe-nodegroup --cluster-name <clustername> --nodegroup-name <nodegroup>

list roles

aws iam list-roles | jq -r '.Roles[].RoleName'

List roles with specific attribute

aws iam list-roles --query "Roles[?RoleName=='Administrator']"

assume role

aws sts assume-role --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster --role-session-name eks-cluster-role-kafka-prod-cluster

save assume role policy

aws iam list-roles --query "Roles[?RoleName=='Administrator']" | jq '.[].AssumeRolePolicyDocument' > /temp/aws_iam_list-roles.$(date_file).json

grant access to assume role

aws iam update-assume-role-policy --role-name Administrator --policy-document file:///<full_path_to_file>.json
{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Principal": {"AWS": [
            "arn:aws:iam::442031788965:root",
            "arn:aws:sts::203144576027:assumed-role/rb-sso/abjorklund"
        ]},
        "Action": "sts:AssumeRole"
    }
}

list users

aws iam list-users | jq -r '.Users[].UserName'

list all users and their accesstokens

for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
  echo "User: $user"
  aws iam list-access-keys --user-name "$user" --query 'AccessKeyMetadata[*].AccessKeyId' --output text
done

get info about certain user

aws iam get-user --user-name abjorklund

list ec2 instances

aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less

Filter running instances.

aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

list vpcs

aws ec2 describe-vpcs $@ | jq -r '.Vpcs[] | [.CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv'

vpc peering

List connections between vpc:s

aws ec2 describe-vpc-peering-connections | jq -r '.VpcPeeringConnections[] | .AccepterVpcInfo.CidrBlock +" "+ .AccepterVpcInfo.VpcId +" "+ .AccepterVpcInfo.Region +" "+ .RequesterVpcInfo.CidrBlock +" "+ .RequesterVpcInfo.VpcId +" "+ (.Tags[] | select(.Key=="Name").Value)'

list securitygroups

aws ec2 describe-security-groups | jq -r .SecurityGroups[].GroupName
aws ec2 describe-security-groups | jq -r '.SecurityGroups[]|{GroupName: .GroupName,VpcId: .VpcId, Description: .Description, IpPermissions:.IpPermissions[],IpPermissionsEgress:.IpPermissionsEgress[]}, (.Tags[]?|join(":"))'

list accounts

aws organizations list-accounts --query 'Accounts[*].[Name, Id]' --output table

List info about Account.

aws organizations list-accounts | jq '.Accounts[]|select(.Id=="974752708905")'

vip/irule

cloudfront -> distribution -> behaviour

origin

Where to shoot request.

list load balancers

aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerName'

try to access listeners

aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | .DNSName +" "+ .VpcId +" "+ .LoadBalancerArn' | while read DNSName VpcId LoadBalancerArn ; do PORTS=$(aws elbv2 describe-listeners --load-balancer-arn $LoadBalancerArn | jq -r '.Listeners[]?|.Port') ; for Port in $PORTS ; do echo $DNSName $VpcId $(nc -w1 -zv $DNSName $Port 2>&1 ) ; done ; done

route53

List names of hosted zones.

aws route53 list-hosted-zones-by-name | jq -r '.HostedZones[]|.Id +"\t"+ .Name| sub("/hostedzone/"; "")' | column_tab

List info about record

aws route53 list-resource-record-sets --hosted-zone-id <hostedzone>

Update cname

aws route53 change-resource-record-sets --hosted-zone-id <hostedzone> \
  --change-batch '{"Changes":[{"Action":"UPSERT","ResourceRecordSet":{"Name":"akhq.inter.net.","Type":"CNAME","TTL":300,"ResourceRecords":[{"Value":"internal-k8s-kafka-akhq-30d3a6b6ec-1805732719.eu-north-1.elb.amazonaws.com."}]}}]}'

Create a zone

aws route53 create-hosted-zone --name inter.net --caller-reference $(date_file) --comment <comment>

Add record to zone

aws route53 change-resource-record-sets --hosted-zone-id <hostedzone> --change-batch '{"Changes":[{"Action":"CREATE","ResourceRecordSet":{"Name":"in.ter.net.","Type":"A","TTL":300,"ResourceRecords":[{"Value":"1.1.1.1"}]}}]}'

subnets

List subnets

aws ec2 describe-subnets | jq -r '.Subnets[] | [.SubnetId, .CidrBlock, .VpcId, (.Tags[]?|join(":"))] | @tsv' | column -t -s $'\t' | less -ISRM

direct connect

List direct connect links

aws directconnect describe-connections

ipsec vpn

aws ec2 describe-vpn-connections | jq -r '.VpnConnections[] | .VpnConnectionId +" "+ (.Tags[] | select(.Key=="Name").Value)'

list vpc endpoints interface/gateway

aws ec2 describe-vpc-endpoints | jq -r '.VpcEndpoints[] | .VpcEndpointId +" "+ .VpcEndpointType +" "+ .VpcId +" "+ (.Tags[]? | select(.Key=="Name").Value)'

imds

Instance Metadata Service

TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/

List ecs services

# List cms services. Count the tasks.
aws ecs list-clusters
aws ecs describe-clusters --clusters <cluster>
aws ecs list-services --cluster <cluster>
aws ecs describe-services --cluster <cluster> --services <service> | jq '.services[].desiredCount'

cloud trail

aws cloudtrail describe-trails

cloudwatch

# View metrics on aws in namespace.
aws cloudwatch list-metrics --namespace=ContainerInsights/Prometheus
# List alarms
aws cloudwatch describe-alarms
aws cloudwatch describe-alarms | jq -r '.MetricAlarms[]| [.AlarmName, .MetricName, .Namespace, .AlarmDescription]|@tsv' |column_tab | less
aws cloudwatch describe-alarms | jq -r '.MetricAlarms[]| [.AlarmName, .MetricName, .EvaluationPeriods, .DatapointsToAlarm, .AlarmDescription]|@tsv' | column -t -s $'\t' | less
# Get alarm history
aws cloudwatch describe-alarm-history --alarm-name <ALARM_NAME>

ssm/parameters

Get parameter

aws ssm get-parameters --with-decryption --region eu-west-1 --name /<name>

Get parameters recursive

aws ssm get-parameters-by-path --recursive --region eu-west-1 --path /