Ciberterminal Wiki

User Tools

Site Tools

Trace: [CHEATSHEET] aws cli
cloud:aws_cli_cheatsheet

Table of Contents

[CHEATSHEET] aws cli

Very initial commands

Configure sso

Use a config file, you had been warning. 

aws configure sso

login sso

aws sso login --profile ${PROFILE_NAME}

Credentials

Export credentials: 

eval $(aws configure export-credentials --profile ${PROFILE_NAME} --format env)

That will export: 

export AWS_ACCESS_KEY_ID=ASIA5***********PU
export AWS_SECRET_ACCESS_KEY=5e1F****************************YJ
export AWS_SESSION_TOKEN=IQoJb3J***********************************************************McuBR3R6E7Y=
export AWS_CREDENTIAL_EXPIRATION=2024-08-19T21:32:31+00:00

S3

Get object

aws s3api get-object \
    --bucket BUCKET_NAME \
    --key int/dodger_test.jpg \
    dodger_test.jpg

Get object Version

aws s3api get-object \
    --bucket BUCKET_NAME \
    --key int/dodger_test.jpg \
    --version-id "32zEKPVEBUcVbd2VFHgtJx.07hmCIjmd" \
    dodger_test.jpg

put object

aws s3api put-object --bucket BUCKET_NAME --key dir-1/my_images.tar.bz2 --body my_images.tar.bz2

List object versions

Full: 

aws s3api list-object-versions --bucket BUCKET_NAME --prefix object_name

Just VersionId and LastModified timestamp: 

aws s3api list-object-versions --bucket BUCKET_NAME --prefix object_name | jq '.Versions[] | "\(.LastModified) \(.VersionId)"'

Restore object from older version

aws s3api restore-object \
    --bucket BUCKET_NAME \
    --key dodger_test.jpg \
    --version-id "32zEKPVEBUcVbd2VFHgtJx.07hmCIjmd"

If you get: 

An error occurred (InvalidObjectState) when calling the RestoreObject operation: Restore is not allowed for the object's current storage class

You have to overwrite it…

RDS

Information

List RDS instances

aws rds describe-db-instances \
  --query '*[].{DBClusterIdentifier:DBClusterIdentifier,DBInstanceIdentifier:DBInstanceIdentifier,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade}'

List instance logs

aws rds describe-db-log-files --db-instance-identifier ${DB_IDENTIFIER}

Sort version: 

aws rds describe-db-log-files --db-instance-identifier ${DB_IDENTIFIER} --query 'DescribeDBLogFiles[].LogFileName'

Download instance logs

LOGFILE="error/mysql-error.log"
aws rds download-db-log-file-portion \
    --db-instance-identifier ${DB_IDENTIFIER} \
    --starting-token 0 --output text \
    --log-file-name "${LOGFILE}" > "$(basename ${LOGFILE})"

Parameters and parameters groups

Change Verbosity

  • ParameterValue= 1,2,3 as: terse, default, verbose
PARAMETER_GROUP="parameter-group-name"
# Modify log_error_verbosity on a DB parameter group
aws rds modify-db-parameter-group \
  --db-parameter-group-name ${PARAMETER_GROUP} \
  --parameters "ParameterName=log_error_verbosity,ParameterValue=3,ApplyMethod=immediate"
# Modify log_error_verbosity on a DB cluster parameter group
aws rds modify-db-cluster-parameter-group \
  --db-cluster-parameter-group-name ${PARAMETER_GROUP} \
  --parameters "ParameterName=log_error_verbosity,ParameterValue=<new_value>,ApplyMethod=immediate"

Assign/change parameter group for DB

aws rds modify-db-instance \
    --db-instance-identifier ${DB_IDENTIFIER} \
    --db-parameter-group-name ${PARAMETER_GROUP} \
    --apply-immediately

CPU

Setting the number of CPU cores for a DB instance

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--processor-features "Name=coreCount,Value=4" \
--apply-immediately

Setting the number of CPU cores and disabling multiple threads for a DB instance 

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--processor-features "Name=coreCount,Value=4" "Name=threadsPerCore,Value=1" \
--apply-immediately

Viewing the valid processor values for a DB instance class

aws rds describe-orderable-db-instance-options --engine oracle-ee --db-instance-class db.r3.large

Returning to default processor settings for a DB instance

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--use-default-processor-features \
--apply-immediately

Returning to the default number of CPU cores for a DB instance

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--processor-features "Name=coreCount,Value=DEFAULT" \
--apply-immediately

Returning to the default number of threads per core for a DB instance

aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--processor-features "Name=threadsPerCore,Value=DEFAULT" \
--apply-immediately

COSTS

Reserved db instance offers

aws rds describe-reserved-db-instances-offerings

Purchase a db instance offer

aws rds purchase-reserved-db-instances-offering \
    --reserved-db-instances-offering-id 649fd0c8-cf6d-47a0-bfa6-060f8e75e95f \
    --reserved-db-instance-id MyReservation

List account reserved db instances

aws rds describe-reserved-db-instances

EC2

Create keypair

snippet.bash
aws ec2 create-key-pair --key-name bofher_keypair --query 'KeyMaterial' --output text > AWS_bofher_keypair.pem
chmod 400 AWS_bofher_keypair.pem

Then show info:

snippet.bash
aws ec2 describe-vpcs

Result is a json, so you can filter it like:

snippet.bash
aws ec2 describe-vpcs | jq  ".Vpcs[].VpcId"

Create VPC

snippet.bash
aws ec2 create-vpc --cidr-block 10.0.0.0/24 --query Vpc.VpcId --output text

Then show info:

snippet.bash
aws ec2 describe-key-pairs --key-name bofher_keypair

security group

for firewall rules

Create security group

snippet.bash
aws ec2 create-security-group --group-name test_sg --description "test_security_group" --vpc-id vpc-04738d91cd27e3a68

To easy your live, export the security group id:

snippet.bash
export SG_ID="sg-07332f264769ee59c"

Check:

snippet.bash
aws ec2 describe-security-groups --group-ids  ${SG_ID}

Grant accesss to your public ip only

snippet.bash
aws ec2 authorize-security-group-ingress --group-id ${SG_ID} --protocol tcp --port 22 --cidr $(curl ifconfig.me)/32

You will see something like:

snippet.json
{
    "Return": true,
    "SecurityGroupRules": [
        {
            "SecurityGroupRuleId": "sgr-0a20e51c280054d45",
            "GroupId": "sg-07332f264769ee59c",
            "GroupOwnerId": "183631327649",
            "IsEgress": false,
            "IpProtocol": "tcp",
            "FromPort": 22,
            "ToPort": 22,
            "CidrIpv4": "149.102.236.197/32"
        }
    ]
}

Route 53 (r53/DNS)

List Zones

List zone names

snippet.bash
aws route53 list-hosted-zones --query "HostedZones[].Name"

List zone names+id

snippet.bash
aws route53 list-hosted-zones --query "*[].{Id:Id,Name:Name}"

List zones with all the info

Everything:

snippet.bash
aws route53 list-hosted-zones

Zone Info

snippet.bash
export ZONE_ID="/hostedzone/Z3QKBJBC4L942X"
aws route53 get-hosted-zone --id "${ZONE_ID}"

Zone DNS records

List DNS records for 1 zone

snippet.bash
aws route53 list-resource-record-sets --hosted-zone-id ${ZONE_ID} --query '*[].Name'

List ALL dns records from ALL zones

snippet.bash
aws route53 list-hosted-zones --query "*[].Id" | grep "hosted" | awk -F \" '{print $2}' | while read HOSTEDZONE ; do echo "#### ${HOSTEDZONE}" ; aws route53 list-resource-record-sets --hosted-zone-id "${HOSTEDZONE}" --query '*[].Name' ; done

List destination of the dns records

snippet.bash
aws route53 list-resource-record-sets --hosted-zone-id ${ZONE_ID} --query '*[].ResourceRecords[].Value'

Other Related commands

Get information about AWS region

aws ec2 describe-availability-zones --region ${REGION_NAME}
 
 
 
 
 
 
cloud/aws_cli_cheatsheet.txt · Last modified: 2024/10/23 16:16 by dodger