Last active
November 16, 2021 02:47
-
-
Save jimfdavies/1a47086fa7d734ee36eb to your computer and use it in GitHub Desktop.
AWS CLI helpers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security groups that contain 0.0.0.0/0 rules | |
| aws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values=0.0.0.0/0 --output=text | grep SECURITYGROUPS | |
| # Security groups for ElasticSearch | |
| aws ec2 describe-security-groups --filters Name=ip-permission.from-port,Values=9200 --output=text | grep SECURITYGROUPS | |
| # Search last 10,000/1MB of CloudTrail logs for 'AccessDenied' (removed AWS account number from stream name) | |
| aws logs get-log-events --log-group-name CloudTrail/DefaultLogGroup --log-stream-name 000000000000_CloudTrail_eu-west-1 | grep AccessDenied | |
| # Get number of AWS API calls in time period (assumes a Cloudwatch Logs 'catch-all' filter and metric has been created against CloudTrail logs) | |
| aws cloudwatch get-metric-statistics --namespace LogMetrics --metric-name AllApiCallsCount --period 60 --statistics Sum --start-time 2015-04-15T13:40:00 --end-time 2015-04-15T13:55:00 | |
| # Security groups with particular name | |
| aws ec2 describe-security-groups --filters Name=group-name,Values=*external* --output=text | grep SECURITYGROUPS | |
| # Instance IDs on known subnet ranges | |
| aws ec2 describe-instances --filters Name="private-ip-address",Values="10.100.1.*","10.100.2.*" --query "Reservations[*].Instances[*].InstanceId" | |
| # Count instance types | |
| aws ec2 describe-instances --query 'Reservations[*].Instances[*].InstanceType' --output=text | sort | uniq -c | sort -r | |
| # ELB summaries | |
| aws elb describe-load-balancers --query 'LoadBalancerDescriptions[*].{Name:DNSName,Instances:Instances[*],SecurityGroups:SecurityGroups[*],Listeners:ListenerDescriptions[*].Listener.LoadBalancerPort}' | |
| # Elastic IP summaries | |
| aws ec2 describe-addresses --query "Addresses[*].{PublicIp:PublicIp,InstanceId:InstanceId}" | |
| # Show scheduled events | |
| aws ec2 describe-instance-status --filters Name=event.code,Values=instance-reboot,system-reboot,system-maintenance,instance-retirement,instance-stop --query "InstanceStatuses[*].{InstanceId:InstanceId,Event:[Events[*].Code,Events[*].NotBefore,Events[*].Description]}" | |
| # Show last 10 security group ingress changes | |
| aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=AuthorizeSecurityGroupIngress --max-results 10 | |
| # Show IDs and names of instances in specified subnets | |
| aws ec2 describe-instances --filters Name="subnet-id",Values="subnet-<id>","subnet-<id>" \ | |
| --query "Reservations[*].Instances[*].{InstanceId:InstanceId,SubnetId:SubnetId,Tags:[Tags[*].Value],PrivateIpAddress:PrivateIpAddress,\ | |
| PublicIpAddress:PublicIpAddress,SecurityGroupNames:[SecurityGroups[*].GroupName],SecurityGroupIds:[SecurityGroups[*].GroupId]}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Came for anything of use, took away the ec2 instance count (awsome!) and will leave the following (hopefully of use)
#Get rds instances by name:
aws --profile REPLACEME rds describe-db-instances --query 'DBInstances[].DBInstanceIdentifier' --output text | sed $'s/\t/\\n/g'
#Set backup period to 2 days
aws --profile REPLACEME rds modify-db-instance --db-instance-identifier REPLACEME --backup-retention-period 2 --apply-immediately