farrellit

aws route53 list-hosted-zones  --query HostedZones[?Id!=null].Id --output text | grep -v None | xargs -n 1 aws route53 list-resource-record-sets --query  'ResourceRecordSets[?AliasTarget!=null][AliasTarget.DNSName]' --hosted-zone-id --output text | grep -F elb.amazonaws.com

farrellit

iid=i-04XXXXXXXXXXXXX4f
# find security group of instance
securitygroups=`aws --profile dev ec2 describe-instances --region us-east-2 --instance-id $iid --query Reservations[*].Instances[*].SecurityGroups[*][GroupId] --output text`
# see open rules ( there's usually not many )
aws --profile dev --region us-east-2 ec2 describe-security-groups --group-ids $securitygroups --query '*[*][GroupId,IpPermissions[?FromPort!=null].[FromPort,ToPort,IpRanges[*].CidrIp]]' --output text
# find subnet 
subnet=`aws --profile dev ec2 describe-instances --region us-east-2 --instance-id $iid --query Reservations[*].Instances[*][SubnetId] --output text`
# now check default route.  If it's through an IGW, we should be good!
aws ec2 --region us-east-2 --profile dev describe-route-tables --filters Name=association.subnet-id,Values=$subnet --query RouteTables[*].Routes[?DestinationCidrBlock=='`0.0.0.0/0`']
# get it's public IP