• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Cloud

AWS List of Auto Scaling Groups

January 27, 2023

Here’s a script to list Auto Scaling Groups from multiple AWS accounts. Accounts are in your AWS profiles.

#!/bin/bash
file='results-aws-asg.txt'
> $file
declare -a account=("default" "account-1" "account-2" "account-3" "account-4" "account-5")
declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2")
for i in "${account[@]}"
do
    echo '----------------------' >> $file
    echo 'Account: '$i >> $file
    for j in "${region[@]}"
    do
        echo 'Region: '$j >> $file
        aws autoscaling describe-auto-scaling-groups \
        --query "AutoScalingGroups[].[AutoScalingGroupName,LaunchConfigurationName]" \
        --profile $i \
        --region $j \
        --output text >> $file
    done
done

#!/bin/bash file='results-aws-asg.txt' > $file declare -a account=("default" "account-1" "account-2" "account-3" "account-4" "account-5") declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file for j in "${region[@]}" do echo 'Region: '$j >> $file aws autoscaling describe-auto-scaling-groups \ --query "AutoScalingGroups[].[AutoScalingGroupName,LaunchConfigurationName]" \ --profile $i \ --region $j \ --output text >> $file done done

Filed Under: Cloud Tagged With: auto scaling, aws, groups, list, load balancer

Logging In to AWS and GCP

January 22, 2023

Here’s my Bash script to login to both AWS and GCP. It has a little bit of intelligence. It checks if you are already logged in, and skips if you are. If not logged in, it will open up the cloud web console which is protected by Okta. The script has been redacted and replace with generic usernames and web pages for security reasons.

#!/bin/bash
## CHECK IF LOGGED IN TO GCP 
read -p "Login to GCP? (y/n) : " login_gcp
if [[ $login_gcp = "y" ]]; then
  file1="/Users/username/code/etc/auth-gcp.txt"
  gcloud auth print-identity-token 1> /dev/null 2> $file
  user=$(gcloud config list account --format "value(core.account)")
  auth=$(cat "$file" | head -n 1)
  rm -f $file1
  if [[ $auth == "Reauthentication required." ]] ||  [[ $user != "first.last@domain.com" ]]; then
    echo "Logging in to Google Cloud Platform."
    gcloud auth login
    gcloud auth application-default login
    open https://okta-login
  else
    echo "You are already logged in to Google Cloud Platform."
  fi
else
  echo "Skipping GCP ... "
fi
## CHECK IF LOGGED IN TO AWS
read -p "Login to AWS? (y/n) : " login_aws
if [[ $login_aws = "y" ]]; then  
  file2=""/Users/username/code/etc/auth-aws.txt""
  aws sts get-caller-identity 2> $file2
  expired=$(tail -n +2 "$file2")
  rm -f $file2
  if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then
    open https://okta-login
    echo "please wait until web page loads ... "
    read -p "Press any key to continue... " -n1 -s
    echo ""
    basecred='/Users/username/.aws/credentials.base'
    newcreds='/Users/username/Downloads/credentials'
    creds='/Users/username/.aws/credentials'
    if [ ! -f $newcreds ]; then
      echo 'No AWS credentials.'
      exit
    else
      cat $newcreds $basecred > $creds
      echo 'New AWS credentials.'
      sleep 3
      rm -f $newcreds
    fi
  else
    echo "You are already logged in to AWS."
  fi
else 
  echo "Skipping AWS ... "
fi

#!/bin/bash ## CHECK IF LOGGED IN TO GCP read -p "Login to GCP? (y/n) : " login_gcp if [[ $login_gcp = "y" ]]; then file1="/Users/username/code/etc/auth-gcp.txt" gcloud auth print-identity-token 1> /dev/null 2> $file user=$(gcloud config list account --format "value(core.account)") auth=$(cat "$file" | head -n 1) rm -f $file1 if [[ $auth == "Reauthentication required." ]] || [[ $user != "first.last@domain.com" ]]; then echo "Logging in to Google Cloud Platform." gcloud auth login gcloud auth application-default login open https://okta-login else echo "You are already logged in to Google Cloud Platform." fi else echo "Skipping GCP ... " fi ## CHECK IF LOGGED IN TO AWS read -p "Login to AWS? (y/n) : " login_aws if [[ $login_aws = "y" ]]; then file2=""/Users/username/code/etc/auth-aws.txt"" aws sts get-caller-identity 2> $file2 expired=$(tail -n +2 "$file2") rm -f $file2 if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then open https://okta-login echo "please wait until web page loads ... " read -p "Press any key to continue... " -n1 -s echo "" basecred='/Users/username/.aws/credentials.base' newcreds='/Users/username/Downloads/credentials' creds='/Users/username/.aws/credentials' if [ ! -f $newcreds ]; then echo 'No AWS credentials.' exit else cat $newcreds $basecred > $creds echo 'New AWS credentials.' sleep 3 rm -f $newcreds fi else echo "You are already logged in to AWS." fi else echo "Skipping AWS ... " fi

Filed Under: Cloud, Linux Tagged With: aws, gcp, login, script

AWS Create Volume From Snapshot with Tags

January 19, 2023

Here’s another script that creates a volume from a snapshot, but also add the tags.

#!/bin/bash
read -p "server     : " server
read -p "volumeId   : " volume
read -p "snapshotId : " snapshot
read -p "region     : " region
read -p "zone       : " zone
read -p "profile    : " profile
# get tags
tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile)
# remove quotes
tags2=$(echo "$tags1" | tr -d '"')
# remove spaces
tags3=$(echo $tags2 | sed 's/ //g')
# replace : with =
tags4=$(echo $tags3 | sed 's/:/=/g')
# if empty value replace with quotes
tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g')
# create volume
aws ec2 create-volume \
--availability-zone $zone \
--encrypted \
--iops 3000 \
--volume-type gp3 \
--snapshot-id $snapshot \
--tag-specifications 'ResourceType=volume,Tags='$tags5'' \
--region $region \
--profile $profile

#!/bin/bash read -p "server : " server read -p "volumeId : " volume read -p "snapshotId : " snapshot read -p "region : " region read -p "zone : " zone read -p "profile : " profile # get tags tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile) # remove quotes tags2=$(echo "$tags1" | tr -d '"') # remove spaces tags3=$(echo $tags2 | sed 's/ //g') # replace : with = tags4=$(echo $tags3 | sed 's/:/=/g') # if empty value replace with quotes tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g') # create volume aws ec2 create-volume \ --availability-zone $zone \ --encrypted \ --iops 3000 \ --volume-type gp3 \ --snapshot-id $snapshot \ --tag-specifications 'ResourceType=volume,Tags='$tags5'' \ --region $region \ --profile $profile

Filed Under: Cloud, Linux Tagged With: aws, create, snapshot, tags, volume

AWS Create Volume From Snapshot

January 18, 2023

Here’s a bash script that creates a volume from a snapshot in AWS.

#!/bin/bash
read -p "snapshotId : " snapshot
read -p "server     : " server
read -p "tag1       : " tag1
read -p "tag2       : " tag2
read -p "region     : " region
read -p "zone       : " zone
read -p "profile    : " profile
aws ec2 create-volume \
--availability-zone $zone \
--encrypted \
--iops 3000 \
--volume-type gp3 \
--snapshot-id $snapshot \
--tag-specifications "ResourceType=volume,Tags=[{Key=Name,Value="$server"},{Key=tag1,Value="$tag1"},{Key=tag2,Value="$tag2"}]" \
--region $region \
--profile $profile

#!/bin/bash read -p "snapshotId : " snapshot read -p "server : " server read -p "tag1 : " tag1 read -p "tag2 : " tag2 read -p "region : " region read -p "zone : " zone read -p "profile : " profile aws ec2 create-volume \ --availability-zone $zone \ --encrypted \ --iops 3000 \ --volume-type gp3 \ --snapshot-id $snapshot \ --tag-specifications "ResourceType=volume,Tags=[{Key=Name,Value="$server"},{Key=tag1,Value="$tag1"},{Key=tag2,Value="$tag2"}]" \ --region $region \ --profile $profile

Filed Under: Cloud, Linux Tagged With: bash, create, script, snapshot, volume

AWS List Account Aliases

December 26, 2022

Here’s how to list account aliases. I have four profiles in my credentials. I’m looping through all four and printing the aliases.

#!/bin/bash
file='results-aws-account-aliases.txt'
> $file
declare -a account=("default" "one" "two" "three")
for i in "${account[@]}"
do
    echo '----------------------' >> $file
    echo 'Account: '$i >> $file
    aws iam list-account-aliases \
    --profile $i 
done

#!/bin/bash file='results-aws-account-aliases.txt' > $file declare -a account=("default" "one" "two" "three") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file aws iam list-account-aliases \ --profile $i done

Filed Under: Cloud Tagged With: accounts, aws, iam, list

GCP List of BMS Servers

September 15, 2022

Here’s how to list Bare Metal Servers in Google Cloud Platform via gcloud.

gcloud bms instances list --region REGION --project PROJECT

gcloud bms instances list --region REGION --project PROJECT

Result

NAME            ID                 PROJECT         REGION       MACHINE_TYPE           CLIENT_IPS    PRIVATE_IPS                    STATE
server-001      at-xxxxxxx-svr001  project-01      us-central1  o2-ultramem-896-metal  10.0.0.1      192.168.253.1,192.168.252.1    RUNNING
server-002      at-xxxxxxx-svr002  project-02      us-central1  o2-ultramem-896-metal  10.0.0.2      192.168.253.2,192.168.252.2    RUNNING

NAME ID PROJECT REGION MACHINE_TYPE CLIENT_IPS PRIVATE_IPS STATE server-001 at-xxxxxxx-svr001 project-01 us-central1 o2-ultramem-896-metal 10.0.0.1 192.168.253.1,192.168.252.1 RUNNING server-002 at-xxxxxxx-svr002 project-02 us-central1 o2-ultramem-896-metal 10.0.0.2 192.168.253.2,192.168.252.2 RUNNING

Obviously you can see the same from GCP’s Console.

Filed Under: Cloud Tagged With: bms, gcp, instances, list

CloudWatch Notifications

September 7, 2022

How to give someone access to enable/disable CloudWatch notifications.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:EnableAlarmActions",
                "cloudwatch:DisableAlarmActions"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions" ], "Effect": "Allow", "Resource": "*" } ] }

Filed Under: Cloud Tagged With: aws, cloudwatch, disable, enable, notifications

GCP Role Policy Binding

September 6, 2022

How to display the policy binding.

gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE

gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE

Result

# There is no binding policy
etag: ACAB
 
# There is a binding policy
bindings:
- members:
  - serviceAccount:SERVICEACCOUNT
  role: organizations/xxxxxxxxxxxx/roles/ROLE
etag: xxxxxxxxxxx=
version: 1

# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1

Add a role binding policy

gcloud compute instances add-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"

Remove a role binding policy

gcloud compute instances remove-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"

Filed Under: Cloud Tagged With: binding, gcp, policy, role, vm

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 45
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023