Sunday, April 3, 2022

AWS CLI CHEAT SHEET

 


 aws --version

 

 aws configure


aws configure --profile "testfile"


aws configure output format jason


Specify your AWS Region


aws configure region "name"

 AWS  RUN Command

Create EC2 instance

ws ec2 run-instances \


    --image-id ami-name \


    --instance-type t2.micro \


    --key-name MyKeyPair

--security-group-ids sg-007e43f80a1958f29 \

--subnet-id subnet-name \

 

aws s3 ls --profile "name"

CloudFront

List CloudFront distributions and origins


aws cloudfront list-distributions 


CloudWatch

List information about an alarm

aws cloudwatch describe-alarms 


aws cloudwatch delete-alarms --alarm-names "name"

DynamoDB

List DynamoDB tables


aws dynamodb list-tables 

aws dynamodb scan --table-name events

aws dynamodb scan --table-name events --select 

aws ebs complete-snapshot "ID"

Start a Snapshot

aws ebs start-snapshot --volume-size 100G



List VPCs and CIDR IP Bloc

aws ec2 describe-vpcs | jq -r '.Vpcs[]|.VpcId+" "+(.Tags[]|select(.Key=="Name").Value)+" "+.CidrBlock'


List Subnets for a VPC


aws ec2 describe-subnets --filter Name=vpc-id,Values=vpc-0d1c1cf4e980ac593 | jq -r '.Subnets[]|.SubnetId+" "+.CidrBlock+" "+(.Tags[]|select(.Key=="Name").Value)'


List Security Groups

aws ec2 describe-security-groups | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName'


Edit Security Groups of an Instance


aws ec2 modify-instance-attribute --instance-id i-0dae5d4daa47fe4a2 --groups ID


Add Rule to Security Group

aws ec2 authorize-security-group-ingress --group-id "name" --protocol tcp --port 443 --cidr 10.0.0.1

Delete Rule from Security Group

aws ec2 revoke-security-group-ingress --group-id name --protocol tcp --port 443 --cidr 10.0.0.1

Edit Rules of Security Group

aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-02a63c67684d8deed --ip-permissions 'ToPort=443,IpProtocol=tcp,IpRanges=[{CidrIp=102.171.186.133/32,Description=name}]'

 

Delete Security Group


aws ec2 delete-security-group --group-id name


aws ecs create-cluster --cluster-name=NAME --generate-cli-skeleton


Create an ECS service


aws ecs create-service

 

EKS

Create a cluster


aws eks create-cluster --name 


Delete a cluster

aws eks delete-cluster --name 



aws eks tag-resource --resource-arn  --tags name

 

Untag a resource


aws eks untag-resource --resource-arn (resource_ARN) --tag-keys name

 



aws iam list-groups | jq -r .Groups[ ].GroupName

 


Add/Delete groups


aws iam create-group --group-name (groupName)

 

Add policy to a group


aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/name

 

Add user to a group


aws iam add-user-to-group --group-name (groupname) --user-name (username)

 

Remove user from a group


aws iam remove-user-from-group --group-name (groupname) --user-name (username)

 


List users in a group


aws iam get-group --group-name (groupname)

 

List groups for a user


aws iam list-groups-for-user --user-name (username)

 


Attach/detach policy to a group


aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess

aws iam detach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess

 

 

IAM User

List userId and UserName


aws iam list-users | jq -r ‘.Users[ ]|.UserId+” “+.UserName’

 


Get single user


aws iam get-user --user-name 

 


Add user


aws iam create-user --user-name 

 


Delete user


aws iam delete-user --user-name (username)


 

Route53

Create hosted zone


aws route53 create-hosted-zone --name xxx.com


Delete hosted zone


aws route53 delete-hosted-zone --id 

 

Get hosted zone


aws route53 get-hosted-zone --id 


List hosted zones


aws route53 list-hosted-zones

 

Create a record set


To do this you’ll first need to create a JSON file with a list of change items in the body and use the CREATE action. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "CREATE",

          "ResourceRecordSet":{

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords":[{"Value":"1.4.4.4"}]

}}]

}


Update a record set


To do this you’ll first need to create a JSON file with a list of change items in the body and use the UPSERT action. This will either create a new record set with the specified value, or updates a record set if it already exists. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "UPSERT",

          "ResourceRecordSet":{

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords": [{"Value":"1.1.1.1"}]

}}]

}

Once you have a JSON file with the correct information like above you will be able to enter the command


aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://exampleabove.json

 

Delete a record set


To do this you’ll first need to create a JSON file with a list of the record set values you want to delete in the body and use the DELETE action. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "DELETE",

          "ResourceRecordSet": {

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords": [{"Value":"1.1.1.1"}]

}}]


aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://example.json

 

S3

List Buckets


aws s3 ls

aws s3 mb s3://bucket-name

make_bucket: bucket-name

 

Delete Bucket


aws s3 rb s3://bucket-name --force

 

Download S3 object to local


aws s3 cp s3://bucket-name

download: ./backup.tar from s3://bucket-name/backup.tar 


Upload local file as S3 object


aws s3 cp backup.tar s3://bucket-name

upload: ./backup.tar to s3://bucket-name/backup.tar


Delete S3 object


aws s3 rm s3://bucket-name/file.gz .

delete: s3://bucket-name/file.gz


Download bucket to local


aws s3 sync s3://bucket-name/ /media/pasport-ultra/backup

 

Upload local directory to bucket


aws s3 sync (directory) s3://bucket-name/

 

Share S3 object without public access


aws s3 presign s3://bucket-name/file-name --expires-in (time value)

https://bucket-name.s3.amazonaws.com/file-name.pdf?AWSAccessKeyId=(key)&Expires=(value)&Signature=(value)

 

 

No comments:

Post a Comment

Turn off pop notifications in chrome browser from major news outlets

 On Chrome browser, go to settings select privacy and security select site settings select Java Script Select Don't allow sites to use J...