Aws: Difference between revisions
Jump to navigation
Jump to search
Line 4: | Line 4: | ||
cloudwatch monitoring and management service that provides data and actionable insights. | cloudwatch monitoring and management service that provides data and actionable insights. | ||
cwagent cloud watch agent. | cwagent cloud watch agent. | ||
DynamoDB | DynamoDB NoSQL database | ||
ecs Elastic Container Service. | ecs Elastic Container Service. | ||
efs Elastic File System | efs Elastic File System |
Revision as of 11:25, 19 April 2024
what does it mean?
alb Application Load Balancer CloudFormation Iac Infrastructure as code cloudwatch monitoring and management service that provides data and actionable insights. cwagent cloud watch agent. DynamoDB NoSQL database ecs Elastic Container Service. efs Elastic File System eks Elastic Kubernetes Service elb Elastic Load Balancing fargate Fargate is a serverless compute service that can run containers on ECS or EKS. iam Identity and Access Management kenesis analyzing real-time streaming data lambda is an event-driven, serverless computing platform provided lbc Load Balancer Controller nlb Network Load Balancer sid "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement. sns Simple Notification Service. message bus. waf web application firewall
documentation
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html
aws completion
complete -C '/usr/bin/aws_completer' aws
version
aws --version
configure aws
aws help config-vars
whoami
aws sts get-caller-identity
which groups do I belong to
aws iam list-groups
list databases
aws rds describe-db-instances
List databases short version
aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'
List databases in all regions
aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done
list events
aws rds describe-events aws rds describe-events --duration 10080 aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance
list logfiles
aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin
view logfiles
aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text
List files in s3
aws s3 ls
Create bucket
aws --endpoint-url http://localhost:9000 s3 mb s3://minsio make_bucket: minsio
Push files to bucket.
aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio
eksctl install
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin
list eks clusters
aws eks list-clusters --region eu-north-1
grant access to eks cluster
eksctl create iamidentitymapping --cluster kafka-cluster --arn <arn> --group system:masters --username ops-user
configure for kubectl
aws eks update-kubeconfig --name kafka-prod-cluster aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster
list roles
aws iam list-roles | jq -r '.Roles[].RoleName'
List roles with specific attribute
aws iam list-roles --query "Roles[?RoleName=='Administrator']"
assume role
aws sts assume-role --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster --role-session-name eks-cluster-role-kafka-prod-cluster
save assume role policy
aws iam list-roles --query "Roles[?RoleName=='Administrator']" | jq '.[].AssumeRolePolicyDocument' > /temp/aws_iam_list-roles.$(date_file).json
grant access to assume role
aws iam update-assume-role-policy --role-name Administrator --policy-document file:///<full_path_to_file>.json { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": {"AWS": [ "arn:aws:iam::442031788965:root", "arn:aws:sts::203144576027:assumed-role/rb-sso/abjorklund" ]}, "Action": "sts:AssumeRole" } }
list users
aws iam list-users | jq -r '.Users[].UserName'
get info about certain user
aws iam get-user --user-name abjorklund
list ec2 instances
aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less
list vpcs
aws ec2 describe-vpcs | jq -r '.Vpcs[].CidrBlock'
list securitygroups
aws ec2 describe-security-groups | jq -r .SecurityGroups[].GroupName
list accounts
aws organizations list-accounts --query 'Accounts[*].[Name, Id]' --output table
List info about Account.
aws organizations list-accounts | jq '.Accounts[]|select(.Id=="974752708905")'