Aws: Difference between revisions
Jump to navigation
Jump to search
(46 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=what does it mean?= | |||
alb Application Load Balancer | |||
acm AWS Certificate Manager | |||
CloudFormation Iac Infrastructure as code | |||
cloudfront cdn Content Delivery Network | |||
cloudwatch monitoring and management service that provides data and actionable insights. | |||
cwagent cloud watch agent. | |||
DynamoDB NoSQL database | |||
ecr Elastic Container Registry | |||
ecs Elastic Container Service. | |||
efs Elastic File System | |||
eks Elastic Kubernetes Service | |||
elb Elastic Load Balancing | |||
fargate Fargate is a serverless compute service that can run containers on ECS or EKS. | |||
iam Identity and Access Management | |||
kenesis analyzing real-time streaming data | |||
lambda is an event-driven, serverless computing platform provided | |||
lbc Load Balancer Controller | |||
nlb Network Load Balancer | |||
sid "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement. | |||
sns Simple Notification Service. message bus. | |||
waf web application firewall | |||
=documentation= | |||
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html | |||
=aws completion= | =aws completion= | ||
complete -C '/usr/bin/aws_completer' aws | complete -C '/usr/bin/aws_completer' aws | ||
=version= | =version= | ||
aws --version | aws --version | ||
=configure aws= | |||
aws help config-vars | |||
=whoami= | =whoami= | ||
Line 11: | Line 36: | ||
=which groups do I belong to= | =which groups do I belong to= | ||
aws iam list-groups | aws iam list-groups | ||
=list databases= | =list databases= | ||
aws rds describe-db-instances | aws rds describe-db-instances | ||
=List databases short version= | =List databases short version= | ||
aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]' | aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]' | ||
=List databases in all regions= | |||
aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done | |||
=list events= | =list events= | ||
Line 21: | Line 47: | ||
aws rds describe-events --duration 10080 | aws rds describe-events --duration 10080 | ||
aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance | aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance | ||
=list logfiles= | =list logfiles= | ||
aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin | aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin | ||
=view logfiles= | =view logfiles= | ||
aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text | aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text | ||
=List files in s3= | =List files in s3= | ||
aws s3 ls | aws s3 ls | ||
Line 35: | Line 58: | ||
=Push files to bucket.= | =Push files to bucket.= | ||
aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio | aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio | ||
=remove files from s3 bucket= | |||
aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz' | |||
=eksctl install= | =eksctl install= | ||
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin | curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin | ||
=list eks clusters= | |||
aws eks list-clusters --region eu-north-1 | |||
=grant access to eks cluster= | |||
eksctl create iamidentitymapping --cluster kafka-cluster --arn <arn> --group system:masters --username ops-user | |||
=configure for kubectl= | |||
aws eks update-kubeconfig --name kafka-prod-cluster | |||
aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster | |||
=list roles= | |||
aws iam list-roles | jq -r '.Roles[].RoleName' | |||
=List roles with specific attribute= | |||
aws iam list-roles --query "Roles[?RoleName=='Administrator']" | |||
=assume role= | |||
aws sts assume-role --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster --role-session-name eks-cluster-role-kafka-prod-cluster | |||
=save assume role policy= | |||
aws iam list-roles --query "Roles[?RoleName=='Administrator']" | jq '.[].AssumeRolePolicyDocument' > /temp/aws_iam_list-roles.$(date_file).json | |||
=grant access to assume role= | |||
aws iam update-assume-role-policy --role-name Administrator --policy-document file:///<full_path_to_file>.json | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": { | |||
"Effect": "Allow", | |||
"Principal": {"AWS": [ | |||
"arn:aws:iam::442031788965:root", | |||
"arn:aws:sts::203144576027:assumed-role/rb-sso/abjorklund" | |||
]}, | |||
"Action": "sts:AssumeRole" | |||
} | |||
} | |||
=list users= | |||
aws iam list-users | jq -r '.Users[].UserName' | |||
=get info about certain user= | |||
aws iam get-user --user-name abjorklund | |||
=list ec2 instances= | |||
aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less | |||
=list vpcs= | |||
aws ec2 describe-vpcs | jq -r '.Vpcs[].CidrBlock' | |||
=list securitygroups= | |||
aws ec2 describe-security-groups | jq -r .SecurityGroups[].GroupName | |||
=list accounts= | |||
aws organizations list-accounts --query 'Accounts[*].[Name, Id]' --output table | |||
List info about Account. | |||
aws organizations list-accounts | jq '.Accounts[]|select(.Id=="974752708905")' | |||
=vip/irule= | |||
cloudfront -> distribution -> behaviour | |||
=origin= | |||
Where to shoot request. |
Revision as of 15:14, 25 April 2024
what does it mean?
alb Application Load Balancer acm AWS Certificate Manager CloudFormation Iac Infrastructure as code cloudfront cdn Content Delivery Network cloudwatch monitoring and management service that provides data and actionable insights. cwagent cloud watch agent. DynamoDB NoSQL database ecr Elastic Container Registry ecs Elastic Container Service. efs Elastic File System eks Elastic Kubernetes Service elb Elastic Load Balancing fargate Fargate is a serverless compute service that can run containers on ECS or EKS. iam Identity and Access Management kenesis analyzing real-time streaming data lambda is an event-driven, serverless computing platform provided lbc Load Balancer Controller nlb Network Load Balancer sid "statement ID" as an optional identifier for the policy statement. Must be uniq in the json statement. sns Simple Notification Service. message bus. waf web application firewall
documentation
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html
aws completion
complete -C '/usr/bin/aws_completer' aws
version
aws --version
configure aws
aws help config-vars
whoami
aws sts get-caller-identity
which groups do I belong to
aws iam list-groups
list databases
aws rds describe-db-instances
List databases short version
aws rds describe-db-instances --region=eu-west-1 --query 'DBInstances[*].[DBInstanceArn,Engine,DBInstanceIdentifier]'
List databases in all regions
aws account list-regions | jq -r '.Regions[]| select(."RegionOptStatus" == "ENABLED_BY_DEFAULT")|.RegionName' | while read REGION ; do echo '*' ${REGION} ; aws rds describe-db-instances --region=${REGION} | jq -r '.DBInstances[]| .DBInstanceIdentifier +"\t"+ .DBInstanceClass +"\t"+ .Engine +"\t"+ .DBName' | column -t -s $'\t' ; done
list events
aws rds describe-events aws rds describe-events --duration 10080 aws rds describe-events --duration 10080 --region=eu-west-1 --source-identifier admin-db-test-01 --source-type db-instance
list logfiles
aws rds describe-db-log-files --region=eu-west-1 --db-instance-identifier admin
view logfiles
aws rds download-db-log-file-portion --region=eu-west-1 --db-instance-identifier admin --log-file-name error/mysql-error-running.log.2022-05-05.14 --output text
List files in s3
aws s3 ls
Create bucket
aws --endpoint-url http://localhost:9000 s3 mb s3://minsio make_bucket: minsio
Push files to bucket.
aws --endpoint-url http://localhost:9000 s3 sync . s3://minsio
remove files from s3 bucket
aws s3 rm s3://<bucket> --recursive --exclude '*' --include '<path>-*.gz'
eksctl install
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | sudo tar xz -C /usr/local/bin
list eks clusters
aws eks list-clusters --region eu-north-1
grant access to eks cluster
eksctl create iamidentitymapping --cluster kafka-cluster --arn <arn> --group system:masters --username ops-user
configure for kubectl
aws eks update-kubeconfig --name kafka-prod-cluster aws eks update-kubeconfig --name kafka-prod-cluster --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster
list roles
aws iam list-roles | jq -r '.Roles[].RoleName'
List roles with specific attribute
aws iam list-roles --query "Roles[?RoleName=='Administrator']"
assume role
aws sts assume-role --role-arn arn:aws:iam::288898264342:role/eks-cluster-role-kafka-prod-cluster --role-session-name eks-cluster-role-kafka-prod-cluster
save assume role policy
aws iam list-roles --query "Roles[?RoleName=='Administrator']" | jq '.[].AssumeRolePolicyDocument' > /temp/aws_iam_list-roles.$(date_file).json
grant access to assume role
aws iam update-assume-role-policy --role-name Administrator --policy-document file:///<full_path_to_file>.json { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": {"AWS": [ "arn:aws:iam::442031788965:root", "arn:aws:sts::203144576027:assumed-role/rb-sso/abjorklund" ]}, "Action": "sts:AssumeRole" } }
list users
aws iam list-users | jq -r '.Users[].UserName'
get info about certain user
aws iam get-user --user-name abjorklund
list ec2 instances
aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | [.PrivateIpAddress, .InstanceType, .KeyName, .PublicIpAddress, (.Tags[] | .Key, .Value)] | join("\t")' | column_tab | less
list vpcs
aws ec2 describe-vpcs | jq -r '.Vpcs[].CidrBlock'
list securitygroups
aws ec2 describe-security-groups | jq -r .SecurityGroups[].GroupName
list accounts
aws organizations list-accounts --query 'Accounts[*].[Name, Id]' --output table
List info about Account.
aws organizations list-accounts | jq '.Accounts[]|select(.Id=="974752708905")'
vip/irule
cloudfront -> distribution -> behaviour
origin
Where to shoot request.