cloud engineer
Here’s how to list account aliases. I have four profiles in my credentials. I’m looping through all four and printing the aliases.
#!/bin/bash file='results-aws-account-aliases.txt' > $file declare -a account=("default" "one" "two" "three") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file aws iam list-account-aliases \ --profile $i done |
#!/bin/bash file='results-aws-account-aliases.txt' > $file declare -a account=("default" "one" "two" "three") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file aws iam list-account-aliases \ --profile $i done
How to clone repositories with multiple Github accounts.
git clone git@github.com-yourgitaccount:yourgitaccount/myrepo.git |
git clone git@github.com-yourgitaccount:yourgitaccount/myrepo.git
Here’s how to sync S3 buckets between 2 different AWS accounts. Assuming buckets are already created.
Account A bucket permissions. Account and user are from Account B.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] } |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] }
Create IAM user (Jane) in Account B
aws iam create-user --user-name Jane |
aws iam create-user --user-name Jane
Give IAM user (Jane) access to both buckets.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] } |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] }
Sync the buckets
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket |
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket
If you have multiple AWS accounts, you can gain additional permission by authorizing it to a different AWS account via IAM. Here’s the assume role documentation from AWS. And here are some documentation if you need to grant someone to switch accounts. If you are going to be using the AWS CLI, you will need to run “aws configure” to setup multiple profiles.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Resource": [
"arn:aws:iam::*:role/your-custom-role"
],
"Effect": "Allow"
}
]
} |
{ "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Resource": [ "arn:aws:iam::*:role/your-custom-role" ], "Effect": "Allow" } ] }