Skip to content

Instantly share code, notes, and snippets.

@tuxpower

tuxpower/aws_cli_101.md

Last active July 2, 2019 17:54
Show Gist options
  • Save tuxpower/1040154f14aa842fdade15676041bde7 to your computer and use it in GitHub Desktop.
Save tuxpower/1040154f14aa842fdade15676041bde7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws_cli_101.md

List AWS regions and parsing using jq:

$ aws ec2 describe-regions | jq '.Regions[].RegionName'

"ap-south-1"
"eu-west-1"
"ap-southeast-1"
"ap-southeast-2"
"eu-central-1"
"ap-northeast-2"
"ap-northeast-1"
"us-east-1"
"sa-east-1"
"us-west-1"
"us-west-2"

Same as above but using raw output:

$ aws ec2 describe-regions | jq -r '.Regions[].RegionName'

ap-south-1
eu-west-1
ap-southeast-1
ap-southeast-2
eu-central-1
ap-northeast-2
ap-northeast-1
us-east-1
sa-east-1
us-west-1
us-west-2

Listing official images from Amazon using filters. Available filters can be checked with command helper e.g. aws ec2 describe-images help

$ aws ec2 describe-images --filters Name=owner-id,Values=137112412989 Name=virtualization-type,Values=hvm

$ aws ec2 create-vpc --cidr-block 10.0.0.0/16

{
    "Vpc": {
        "VpcId": "vpc-681e8d0c",
        "InstanceTenancy": "default",
        "State": "pending",
        "DhcpOptionsId": "dopt-e13fdd84",
        "CidrBlock": "10.0.0.0/16",
        "IsDefault": false
    }
}

Tagging any AWS resource is simple as:

$ aws ec2 create-tags --resources vpc-681e8d0c --tags Key=Name,Value=myVpc

$ aws ec2 create-subnet --vpc-id vpc-681e8d0c --availability-zone eu-west-1a --cidr-block 10.0.1.0/24

{
    "Subnet": {
        "VpcId": "vpc-681e8d0c",
        "CidrBlock": "10.0.1.0/24",
        "State": "pending",
        "AvailabilityZone": "eu-west-1a",
        "SubnetId": "subnet-0a6fdd52",
        "AvailableIpAddressCount": 251
    }
}

$ aws ec2 create-subnet --vpc-id vpc-681e8d0c --availability-zone eu-west-1c --cidr-block 10.0.2.0/24

{
    "Subnet": {
        "VpcId": "vpc-681e8d0c",
        "CidrBlock": "10.0.2.0/24",
        "State": "pending",
        "AvailabilityZone": "eu-west-1c",
        "SubnetId": "subnet-45234c33",
        "AvailableIpAddressCount": 251
    }
}

$ aws ec2 create-internet-gateway

{
    "InternetGateway": {
        "Tags": [],
        "InternetGatewayId": "igw-6f30280a",
        "Attachments": []
    }
}

$ aws ec2 attach-internet-gateway --internet-gateway-id igw-6f30280a --vpc-id vpc-681e8d0c

Making all subnets public with this route table:

$ aws ec2 create-route --route-table-id rtb-d5356bb1 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-6f30280a

{
    "Return": true
}

$ aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-681e8d0c

{
    "SecurityGroups": [
        {
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "UserIdGroupPairs": [],
                    "PrefixListIds": []
                }
            ],
            "Description": "default VPC security group",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "UserIdGroupPairs": [
                        {
                            "UserId": "xxxxxxxxxxxx",
                            "GroupId": "sg-fb30d69d"
                        }
                    ],
                    "PrefixListIds": []
                }
            ],
            "GroupName": "default",
            "VpcId": "vpc-681e8d0c",
            "OwnerId": "xxxxxxxxxxxx",
            "GroupId": "sg-fb30d69d"
        }
    ]
}

Adding inbound rules to a security group:

$ aws ec2 authorize-security-group-ingress --group-id sg-fb30d69d --protocol tcp --port 80 --cidr 0.0.0.0/0

$ aws ec2 authorize-security-group-ingress --group-id sg-fb30d69d --protocol tcp --port 443 --cidr 0.0.0.0/0

Same as above for dynamic IP address using curl ifconfig.co:

$ aws ec2 authorize-security-group-ingress --group-id sg-fb30d69d --protocol tcp --port 22 --cidr `curl ifconfig.co)`/32

$ aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-681e8d0c

Creating a key pair:

$ aws ec2 create-key-pair --key-name myKey

{
    "KeyMaterial": "-----BEGIN RSA PRIVATE KEY-----\n
    
    
    -----END RSA PRIVATE KEY-----",
    "KeyName": "myKey",
    "KeyFingerprint": "87:0f:18:dd:4a:37:f8:4e:69:a3:5b:ac:bc:17:9e:ae:ac:78:5a:d1"
}

Cheking fingerprint with openssl:

$ openssl pkcs8 -in ~/.ssh/myKey-eu-west-1.pem -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c

87:0f:18:dd:4a:37:f8:4e:69:a3:5b:ac:bc:17:9e:ae:ac:78:5a:d1

Launch multiple instances at once with --count option:

$ aws ec2 run-instances --image-id ami-f9dd458a --key-name myKey --subnet-id subnet-0a6fdd52 --instance-type m3.large --count 2

$ aws ec2 terminate-instances --instance-ids i-c5b9594a i-c4b9594b

$ aws ec2 run-instances --image-id ami-f9dd458a --key-name myKey--subnet-id subnet-0a6fdd52 --instance-type m3.large --count 2

Checking instance state with --query option and formatting output as text:

$ aws ec2 describe-instances --instance-ids i-3ebd5db1 i-39bd5db6 --query 'Reservations[*].Instances[*].[State.Name]' --output text

running
running

$ aws ec2 describe-instances --instance-ids i-56768140 --query 'Reservations[*].Instances[*].Tags[?Key==`Application`]'

[
    [
        [
            {
                "Value": "onramp",
                "Key": "Application"
            }
        ]
    ]
]

$ aws ec2 describe-instances --instance-ids i-56768140 --query 'Reservations[*].Instances[*].Tags[?Key==`Application`].[Value]'

[
    [
        [
            [
                "onramp"
            ]
        ]
    ]
]

$ aws ec2 create-tags --resources i-39bd5db6 --tags Key=Name,Value=GoCD-Server

$ aws ec2 create-tags --resources i-3ebd5db1 --tags Key=Name,Value=GoCD-Agent

Querying instances on multiple atributtes:

$ aws ec2 describe-instances --instance-ids i-3ebd5db1 i-39bd5db6 --query 'Reservations[*].Instances[*].[Tags[*].Value,NetworkInterfaces[*].Association.PublicIp]' --output text

GoCD-Agent
52.211.50.194
GoCD-Server
52.211.145.112

$ aws ec2 describe-instances --instance-ids i-3ebd5db1 i-39bd5db6 --query 'Reservations[*].Instances[*].[Tags[*].Value,PrivateIpAddress]' --output text

10.0.1.13
GoCD-Agent
10.0.1.14
GoCD-Server

$ aws cloudformation describe-stacks --query 'Stacks[?Tags[?Key==`Application` && Value==`myApp`]].[StackId,StackName]'

[
    [
        "arn:aws:cloudformation:us-east-1:xxxxxxxxxxxx:stack/bcprod-divvy-iam-ConsulAccess-1FX0IO4XGQK5J/e0549060-977e-11e5-8133-50ba0727c0a6",
        "bcprod-divvy-iam-ConsulAccess-xxxxxxxxxxxx"
    ],
    [
        "arn:aws:cloudformation:us-east-1:xxxxxxxxxxxx:stack/bcprod-divvy-iam-DivvyAccessKeys-1WIRFH1Z9R216/78bd1800-977e-11e5-995d-50d50182dc9a",
        "bcprod-divvy-iam-DivvyAccessKeys-xxxxxxxxxxxx"
    ],
    [
        "arn:aws:cloudformation:us-east-1:xxxxxxxxxxxx:stack/bcprod-divvy-iam/6e1f80e0-977e-11e5-a975-500150b34c7c",
        "bcprod-divvy-iam"
    ]
]

$ aws ec2 describe-instances --query 'Reservations[?Instances[?Tags[?Key==`Application` && Value==`myApp`]]].Instances[*].[InstanceId,KeyName]'

[
    [
        [
            "i-a54bb6b3",
            "uat"
        ]
    ],
    [
        [
            "i-9cba55ac",
            "qa"
        ]
    ]
]

$ aws ec2 describe-instances --filters "Name=tag:Application,Values=myApp" --query 'Reservations[*].Instances[*].[InstanceId,KeyName]'

[
    [
        [
            "i-a54bb6b3",
            "uat"
        ]
    ],
    [
        [
            "i-9cba55ac",
            "qa"
        ]
    ]
]

$ aws ec2 describe-instances --filters "Name=tag:Application,Values=myApp" --query 'Reservations[*].Instances[*].{ID:InstanceId,Key:KeyName}' --output table

| DescribeInstances | +-------------+-------+ | ID | Key | +-------------+-------+ | i-a54bb6b3 | uat | | i-9cba55ac | qa | +-------------+-------+

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment