Skip to content

Instantly share code, notes, and snippets.

@RomainRouzaud
Forked from kudosqujo/basics.sh
Created January 7, 2021 10:33
Show Gist options
  • Save RomainRouzaud/203c8eecdc095b7696f0f6c885a733b8 to your computer and use it in GitHub Desktop.
Save RomainRouzaud/203c8eecdc095b7696f0f6c885a733b8 to your computer and use it in GitHub Desktop.
[AWS CLI] #aws #cheatsheet
### Walkthrough #1: Create our first virtual machine in the cloud
# get list of commands useful for EC2
aws ec2 help | grep "\sdescribe"
# create an SSH keypair for AWS
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem
# verify that AWS knows about our newly created key
aws ec2 describe-key-pairs --key-name MyKeyPair
# the private key is used to access all machines in AWS that it is assigned to,
# so it is important to KEEP IT SAFE!!!
# it is best practice to keep the permissions of this key file safe
chmod 400 MyKeyPair.pem
# we're also going to need a security group that is going to be attached to the instance
# A security group defines access permissions for the resources it is attached to.
# create a security group which will get attached to our instance
aws ec2 create-security-group --group-name my-sg --description "My security group"
# verify its creation
aws ec2 describe-security-groups --group-names my-sg
# since security group's don't auto-create rules upon initialization, we will need to create some ourselves
# add an inbound rule to the group that allows TCP traffic on port 22 from the IP range of 203.0.113.0/24
aws ec2 authorize-security-group-ingress --group-name my-sg --protocol tcp --port 22 --cidr 203.0.113.0/24
# get a list of AMIs, filter list to only include Xenial AMIs
aws ec2 describe-images --filters "Name=description,Values=*xenial*"
# set the size of our EC2 instance to `t2.micro` -- which is a free tier for new customers
# and run the instance
aws ec2 run-instances --instance-type t2.micro --key-name MyKeyPair --security-groups my-sg --image-id ami-760aaa0f
# verify that the instance is running
aws ec2 describe-instances --instance-ids i-04240cbed0bac7da6
# terminate the instance
aws ec2 terminate-instances --instance-ids i-04240cbed0bac7da6
# if we wanted to STOP the instance instead of TERMINATE it, we'd run
aws ec2 stop-instances --instance-ids i-04240cbed0bac7da6
# every instance has a metadata endpoint accessible from within the instance via the address:
# 169.254.169.254
# run an instance
aws ec2 run-instances --instance-type t2.micro --key-name MyKeyPair --security-groups my-sg --image-id ami-760aaa0f --iam-instance-profile Name="role1-instance-profile"
# ssh into instance
ssh -i /srv/resources/MyKeyPair.pem [email protected]
# configure curl to start a new line after the result of a call
echo '-w "\n"' >> ~/.curlrc
# hit metadata endpoint
curl 169.254.169.254/
# checkout latest metadata
curl 169.254.169.254/latest/meta-data/
# checkout IAM role
curl 169.254.169.254/latest/meta-data/iam/security-credentials/role1
# get availability zone
curl 169.254.169.254/latest/meta-data/placement/availability-zone
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllObjectAccess",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
# create an S3 bucket
aws s3 mb s3://<bucket_name>
# list all buckets owned by the user
aws s3 ls
# copy local file to s3 bucket
aws s3 cp test_file s3://mybucket
# list contents of a bucket
aws s3 ls s3://mybucket
# copy a file from S3 to local machine
aws s3api get-object --bucket mybucket --key test_file copy
# can attach a bucket policy (which is a JSON file controlling access rights to buckets)
aws s3api put-bucket-policy --policy file://policy.json --bucket mybucket
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment