Commande avec AWS CLI (Command Line Interface)

Références

AWS CLI References

---

General Configuration

aws configure list

aws sts get-caller-identity

aws configure get region

EC2 (Elastic Compute Cloud)

EC2 References

O7 Pro Tip

Command -> o7 cli ec2

aws ec2 describe-instances --filters "Name=tag:Name,Values=MyInstance"

aws ec2 describe-instances \
--filters "Name=instance-type,Values=t2.micro" \
--query "Reservations[].Instances[].InstanceId"

aws ec2 describe-instances \
--filters "Name=tag:Name,Values=stelar-devops-bastion" \
--query "Reservations[0].Instances[0].InstanceId" \
--output text

aws ec2 terminate-instances --instance-ids i-5203422c

S3 (Simple Storage Service)

O7 Pro Tip

Command -> o7 cli s3

aws --profile o7 s3 sync --sse AES256 [s3://bucket/folder] .

aws s3 ls  [s3://bucket/folder/] --recursive \
| awk 'BEGIN {total=0}{total+=$3}END{print total/1024/1024/1024" GB"}'

aws s3api list-object-versions \
--bucket [s3://bucket/folder/] \
--prefix [filter.. ex: *.zip]

export BUCKET="bucket-name"
export FOLDER="folder-name"
# Test
aws s3 cp s3://$BUCKET/$FOLDER/ s3:/$BUCKET/$FOLDER/ --sse AES256 --recursive --dryrun
# Execute
aws s3 cp s3://$BUCKET/$FOLDER/ s3:/$BUCKET/$FOLDER/ --sse AES256 --recursive

export S3_BUCKET_NAME=bucket_name

aws s3api list-object-versions --bucket $S3_BUCKET_NAME | \
jq -r '.Versions[] | @base64' | \
while read -r obj; do
  key=$(echo "${obj}" | base64 --decode | jq -r .Key)
  versionId=$(echo "${obj}" | base64 --decode | jq -r .VersionId)
  echo "Deleting Key=$key VersionId=$versionId"
  aws s3api delete-object --bucket $S3_BUCKET_NAME --key "$key" --version-id "$versionId"
done


aws s3api list-object-versions --bucket $S3_BUCKET_NAME | \
jq -r '.DeleteMarkers[] | @base64' | \
while read -r obj; do
  key=$(echo "${obj}" | base64 --decode | jq -r .Key)
  versionId=$(echo "${obj}" | base64 --decode | jq -r .VersionId)
  echo "Deleting Marker Key=$key VersionId=$versionId"
  aws s3api delete-object --bucket $S3_BUCKET_NAME --key "$key" --version-id "$versionId"
done

ECR (Elastic Container Registry)

# prepare variable fron upload to ECR
REGION=ca-cenral-1
ACCOUNT_ID=123456789012
IMAGE="my_image"
ECR_URL=$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com
ECR_URL_REPO=$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$IMAGE
$VERSION = '3'

# Tag
docker tag $IMAGE:latest $ECR_URL_REPO:$VERSION
# Get Authentification
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $ECR_URL
# Push
echo Pushing the Docker image...
docker push $ECR_URL_REPO:$VERSION

ACM (AWS Certificate Manager)

aws acm list-certificates

SSM (AWS Systems Manager) - Parameter Store

O7 Pro Tip

Command -> o7 cli ps

aws ssm describe-parameters

aws ssm get-parameter --name mykey --query "Parameter.Value"

aws ssm put-parameter --name mykey --value 0.1.1 --overwrite

aws ssm get-parameters \
--names /aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id \
--query '[Parameters[0].Value]' \
--output text

Secret

O7 Pro Tip

Command -> o7 cli secret

aws secretsmanager list-secrets

aws secretsmanager get-secret-value --secret-id <secret-id>

EC2 Instance MetaData Service (IMDS)

Reference

Note

It is now strongly recommend to use IMDSv2. It is now required to conform to recent security standards.

curl http://169.254.169.254/latest/meta-data/instance-id

curl http://169.254.169.254/latest/meta-data/local-ipv4

TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

export AZ=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
export REGION=${AZ::-1}
export MAC=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/mac)
export SUBNET_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/subnet-id)

curl -s http://localhost:51678/v1/metadata