what does it mean?

alb                 Application Load Balancer
acm                 AWS Certificate Manager
CloudFormation      Iac Infrastructure as code
cloudfront          cdn Content Delivery Network
cloudwatch          monitoring and management service that provides data and actionable insights.
cwagent             cloud watch agent.
DynamoDB            NoSQL database 
ecr                 Elastic Container Registry
ecs                 Elastic Container Service.
efs                 Elastic File System
eks                 Elastic Kubernetes Service
elb                 Elastic Load Balancing
fargate             Fargate is a serverless compute service that can run containers on ECS or EKS.
iam                 Identity and Access Management
kenesis             analyzing real-time streaming data
lambda              is an event-driven, serverless computing platform provided
lbc                 Load Balancer Controller
nlb                 Network Load Balancer
sid                 "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement.
sns                 Simple Notification Service. message bus.
sts                 Security Token Service
waf                 web application firewall

documentation

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html

aws completion

complete -C '/usr/bin/aws_completer' aws

version

aws --version

configure aws

aws help config-vars

whoami

aws sts get-caller-identity

which groups do I belong to

aws iam list-groups

list databases

aws rds describe-db-instances

List databases short version

aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'

List databases in all regions

aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r  '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done

list events

aws rds describe-events
aws rds describe-events --duration 10080
aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance

list logfiles

aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin

view logfiles

aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text

List files in s3

aws s3 ls

Create bucket

aws --endpoint-url http://localhost:9000 s3 mb s3://minsio
make_bucket: minsio

Push files to bucket.

aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio

remove files from s3 bucket

aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz'

eksctl install

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin

list eks clusters

aws eks list-clusters --region eu-north-1

grant access to eks cluster

eksctl create iamidentitymapping --cluster kafka-cluster --arn <arn> --group system:masters --username ops-user

configure for kubectl

aws eks update-kubeconfig --name kafka-prod-cluster
aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster

list roles

aws iam list-roles | jq -r '.Roles[].RoleName'

List roles with specific attribute

aws iam list-roles --query "Roles[?RoleName=='Administrator']"

assume role

aws sts assume-role --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster --role-session-name eks-cluster-role-kafka-prod-cluster

save assume role policy

aws iam list-roles --query "Roles[?RoleName=='Administrator']" | jq '.[].AssumeRolePolicyDocument' > /temp/aws_iam_list-roles.$(date_file).json

grant access to assume role

aws iam update-assume-role-policy --role-name Administrator --policy-document file:///<full_path_to_file>.json
{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Principal": {"AWS": [
            "arn:aws:iam::442031788965:root",
            "arn:aws:sts::203144576027:assumed-role/rb-sso/abjorklund"
        ]},
        "Action": "sts:AssumeRole"
    }
}

list users

aws iam list-users | jq -r '.Users[].UserName'

get info about certain user

aws iam get-user --user-name abjorklund

list ec2 instances

aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less

list vpcs

aws ec2 describe-vpcs | jq -r '.Vpcs[].CidrBlock'

list securitygroups

aws ec2 describe-security-groups | jq -r .SecurityGroups[].GroupName

list accounts

aws organizations list-accounts --query 'Accounts[*].[Name, Id]' --output table

List info about Account.

aws organizations list-accounts | jq '.Accounts[]|select(.Id=="974752708905")'

vip/irule

cloudfront -> distribution -> behaviour

origin

Where to shoot request.

list load balancers

aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerName'