weyderfs · June 17, 2024 19:26
diff --git a/awscli_jq_tricks.sh b/awscli_jq_tricks.sh
 #List ECS Clusters by Name
 aws ecs list-clusters --region <region> | jq -r '.clusterArns[]' | cut -d/ -f2

 #List ECS List ServiceNames by Cluster
 aws ecs list-services --cluster <cluster-name> --region sa-east-1 | jq -r '.serviceArns[]' | cut -d/ -f3

 #List EventBridge Event Buses
 aws events list-event-buses --region <region> | jq -r '.EventBuses[].Name'

 #List EventBridge Rules
 aws events list-rules --region us-east-1 | jq -r '.Rules[].Name'

 #Listing RDS Instances group by Name and InstanceType
 aws rds describe-db-instances --region sa-east-1 | jq -r '.DBInstances[]|[.DBInstanceIdentifier,.DBInstanceClass] | join(";")'

 #List RDS Snapshots group by SnapshotIdentifier and InstanceIdentifier
 aws rds describe-db-snapshots --region sa-east-1 | jq '.DBSnapshots[] | [.DBSnapshotIdentifier,.DBInstanceIdentifier] | join (";")'

 #List Secrets Manager
 aws secretsmanager list-secrets | jq '.SecretList[]'

 #List SNS Subscription group by ARN and Endpoint
 aws sns list-subscriptions --region sa-east-1 | jq -r '.Subscriptions[] | [.SubscriptionArn,.Endpoint] | join(";")'

 #List SNS Topic group by Name
 ws sns list-subscriptions --region sa-east-1 | jq -r '.Subscriptions[].TopicArn'  | cut -d: -f6 | sort


 #List SQS Queues group by Name
 aws sqs list-queues --region sa-east-1 | jq -r '.QueueUrls[]' | cut -d/ -f5


 #List Load Balancers Classic group by LBName and DNSName
 aws elb describe-load-balancers --region sa-east-1 | jq -r '.LoadBalancerDescriptions[] | [.LoadBalancerName,.DNSName] | join(";")

 #List Load Balancers V2 (NBL, ALB)
 aws elbv2 describe-load-balancers --region <region> | jq -r '.LoadBalancers[]| [.LoadBalancerName,.Type] | join(";")'

 #List API Gateways by Name
 aws apigateway get-rest-apis --region sa-east-1 | jq -r '.items[].name'

 #List / Describe AWS Regions group by RegionName
 aws ec2 describe-regions --region us-east-1 | jq -r '.Regions[].RegionName'

 #List DyamoDB Table Names
 aws dynamodb list-tables --region sa-east-1 | jq -r '.TableNames[]' | sort

 #List Elasticache Clusters
 aws elasticache describe-cache-clusters --region sa-east-1 | jq -r '.CacheClusters[].CacheClusterId' | sort

 #List EC2 Volumes group by TagsName, VolumeId and InstanceId
 aws ec2 describe-volumes --region sa-east-1 | jq '.Volumes[] | {Name:.Tags[]?.Value,Specs:([.Attachments[].VolumeId,.Attachments[].InstanceId] | join(";"))} | join(";")'

 #List Parameters Store by Name
 aws ssm describe-parameters | jq -r ".Parameters[] | .Name" 

 #List S3 Buckets showing only Name
 aws s3 ls | awk '{for(i=3;i<=NF;++i)print $i}'

 #List Transit Gateways by TagName
 aws ec2 describe-transit-gateways --region sa-east-1 | jq -r .'TransitGateways[] | .Tags[]?.Value'

 #List VPC's by name
 aws ec2 describe-vpcs --region us-east-1 | jq -r '.Vpcs[].Tags[] | select(.Key == "Name") | .Value'

 #Empty and Delete Bucket S3
 BUCKET=<bucket> ; echo $BUCKET ; aws s3 rm s3://${BUCKET} --recursive --profile dev && aws s3api delete-bucket --bucket ${BUCKET} ; echo $?

 #Delete CloudFormation Stacks
 for i in $(aws cloudformation list-stacks |jq -r '.StackSummaries[] | {StackName} | join(" ")')
 do echo aws cloudformation delete-stack --stack-name $i #remove echo to delete
 done

 #Get Buckets s3 and concatenating it with its policy
 for x in $(aws s3 ls | awk '{for(i=3;i<=NF;++i)print $i}') 
 do 
  echo aws s3api get-bucket-policy-status --bucket $x
 done

 #Get ECS Services group by ServiceName
 aws ecs describe-services --cluster <cluster-name --service <service-name> --region sa-east-1 | jq -r '.services[] | [.serviceName,.desiredCount,.runningCount] | join(",")'

 #Get SQS Queue Name
 aws sqs list-queue-tags --region sa-east-1 --queue-url <queue-url>| jq -r '.Tags.Name'

 # Validate if all SNS Topics are encrypted with KMS
 for x in $(aws sns list-subscriptions --profile dev| jq -r '.Subscriptions[].TopicArn' | sort) 
 do
    echo $(aws sns get-topic-attributes --topic-arn $x --profile dev | jq -r '.Attributes | [.TopicArn,.KmsMasterKeyId] | join(" -> ")')
 done

 # Enable encrypt for SQS Queues previously created
 for x in $(aws sqs list-queues --profile prd --region us-east-1 | jq -r ".QueueUrls[]")                                                                                                  ─╯
 do
    aws sqs set-queue-attributes --queue-url $x --attributes '{"KmsMasterKeyId":"....","KmsDataKeyReusePeriodSeconds":"300"}' --profile prd --region us-east-1
 done
	#List ECS Clusters by Name
	aws ecs list-clusters --region <region> \| jq -r '.clusterArns[]' \| cut -d/ -f2

	#List ECS List ServiceNames by Cluster
	aws ecs list-services --cluster <cluster-name> --region sa-east-1 \| jq -r '.serviceArns[]' \| cut -d/ -f3

	#List EventBridge Event Buses
	aws events list-event-buses --region <region> \| jq -r '.EventBuses[].Name'

	#List EventBridge Rules
	aws events list-rules --region us-east-1 \| jq -r '.Rules[].Name'

	#Listing RDS Instances group by Name and InstanceType
	aws rds describe-db-instances --region sa-east-1 \| jq -r '.DBInstances[]\|[.DBInstanceIdentifier,.DBInstanceClass] \| join(";")'

	#List RDS Snapshots group by SnapshotIdentifier and InstanceIdentifier
	aws rds describe-db-snapshots --region sa-east-1 \| jq '.DBSnapshots[] \| [.DBSnapshotIdentifier,.DBInstanceIdentifier] \| join (";")'

	#List Secrets Manager
	aws secretsmanager list-secrets \| jq '.SecretList[]'

	#List SNS Subscription group by ARN and Endpoint
	aws sns list-subscriptions --region sa-east-1 \| jq -r '.Subscriptions[] \| [.SubscriptionArn,.Endpoint] \| join(";")'

	#List SNS Topic group by Name
	ws sns list-subscriptions --region sa-east-1 \| jq -r '.Subscriptions[].TopicArn' \| cut -d: -f6 \| sort


	#List SQS Queues group by Name
	aws sqs list-queues --region sa-east-1 \| jq -r '.QueueUrls[]' \| cut -d/ -f5


	#List Load Balancers Classic group by LBName and DNSName
	aws elb describe-load-balancers --region sa-east-1 \| jq -r '.LoadBalancerDescriptions[] \| [.LoadBalancerName,.DNSName] \| join(";")

	#List Load Balancers V2 (NBL, ALB)
	aws elbv2 describe-load-balancers --region <region> \| jq -r '.LoadBalancers[]\| [.LoadBalancerName,.Type] \| join(";")'

	#List API Gateways by Name
	aws apigateway get-rest-apis --region sa-east-1 \| jq -r '.items[].name'

	#List / Describe AWS Regions group by RegionName
	aws ec2 describe-regions --region us-east-1 \| jq -r '.Regions[].RegionName'

	#List DyamoDB Table Names
	aws dynamodb list-tables --region sa-east-1 \| jq -r '.TableNames[]' \| sort

	#List Elasticache Clusters
	aws elasticache describe-cache-clusters --region sa-east-1 \| jq -r '.CacheClusters[].CacheClusterId' \| sort

	#List EC2 Volumes group by TagsName, VolumeId and InstanceId
	aws ec2 describe-volumes --region sa-east-1 \| jq '.Volumes[] \| {Name:.Tags[]?.Value,Specs:([.Attachments[].VolumeId,.Attachments[].InstanceId] \| join(";"))} \| join(";")'

	#List Parameters Store by Name
	aws ssm describe-parameters \| jq -r ".Parameters[] \| .Name"

	#List S3 Buckets showing only Name
	aws s3 ls \| awk '{for(i=3;i<=NF;++i)print $i}'

	#List Transit Gateways by TagName
	aws ec2 describe-transit-gateways --region sa-east-1 \| jq -r .'TransitGateways[] \| .Tags[]?.Value'

	#List VPC's by name
	aws ec2 describe-vpcs --region us-east-1 \| jq -r '.Vpcs[].Tags[] \| select(.Key == "Name") \| .Value'

	#Empty and Delete Bucket S3
	BUCKET=<bucket> ; echo $BUCKET ; aws s3 rm s3://${BUCKET} --recursive --profile dev && aws s3api delete-bucket --bucket ${BUCKET} ; echo $?

	#Delete CloudFormation Stacks
	for i in $(aws cloudformation list-stacks \|jq -r '.StackSummaries[] \| {StackName} \| join(" ")')
	do echo aws cloudformation delete-stack --stack-name $i #remove echo to delete
	done

	#Get Buckets s3 and concatenating it with its policy
	for x in $(aws s3 ls \| awk '{for(i=3;i<=NF;++i)print $i}')
	do
	echo aws s3api get-bucket-policy-status --bucket $x
	done

	#Get ECS Services group by ServiceName
	aws ecs describe-services --cluster <cluster-name --service <service-name> --region sa-east-1 \| jq -r '.services[] \| [.serviceName,.desiredCount,.runningCount] \| join(",")'

	#Get SQS Queue Name
	aws sqs list-queue-tags --region sa-east-1 --queue-url <queue-url>\| jq -r '.Tags.Name'

	# Validate if all SNS Topics are encrypted with KMS
	for x in $(aws sns list-subscriptions --profile dev\| jq -r '.Subscriptions[].TopicArn' \| sort)
	do
	echo $(aws sns get-topic-attributes --topic-arn $x --profile dev \| jq -r '.Attributes \| [.TopicArn,.KmsMasterKeyId] \| join(" -> ")')
	done

	# Enable encrypt for SQS Queues previously created
	for x in $(aws sqs list-queues --profile prd --region us-east-1 \| jq -r ".QueueUrls[]") ─╯
	do
	aws sqs set-queue-attributes --queue-url $x --attributes '{"KmsMasterKeyId":"....","KmsDataKeyReusePeriodSeconds":"300"}' --profile prd --region us-east-1
	done