• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

aws

AWS List of Auto Scaling Groups

January 27, 2023

Here’s a script to list Auto Scaling Groups from multiple AWS accounts. Accounts are in your AWS profiles.

#!/bin/bash
file='results-aws-asg.txt'
> $file
declare -a account=("default" "account-1" "account-2" "account-3" "account-4" "account-5")
declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2")
for i in "${account[@]}"
do
    echo '----------------------' >> $file
    echo 'Account: '$i >> $file
    for j in "${region[@]}"
    do
        echo 'Region: '$j >> $file
        aws autoscaling describe-auto-scaling-groups \
        --query "AutoScalingGroups[].[AutoScalingGroupName,LaunchConfigurationName]" \
        --profile $i \
        --region $j \
        --output text >> $file
    done
done

#!/bin/bash file='results-aws-asg.txt' > $file declare -a account=("default" "account-1" "account-2" "account-3" "account-4" "account-5") declare -a region=("us-east-1" "us-east-2" "us-west-1" "us-west-2") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file for j in "${region[@]}" do echo 'Region: '$j >> $file aws autoscaling describe-auto-scaling-groups \ --query "AutoScalingGroups[].[AutoScalingGroupName,LaunchConfigurationName]" \ --profile $i \ --region $j \ --output text >> $file done done

Filed Under: Cloud Tagged With: auto scaling, aws, groups, list, load balancer

Logging In to AWS and GCP

January 22, 2023

Here’s my Bash script to login to both AWS and GCP. It has a little bit of intelligence. It checks if you are already logged in, and skips if you are. If not logged in, it will open up the cloud web console which is protected by Okta. The script has been redacted and replace with generic usernames and web pages for security reasons.

#!/bin/bash
## CHECK IF LOGGED IN TO GCP 
read -p "Login to GCP? (y/n) : " login_gcp
if [[ $login_gcp = "y" ]]; then
  file1="/Users/username/code/etc/auth-gcp.txt"
  gcloud auth print-identity-token 1> /dev/null 2> $file
  user=$(gcloud config list account --format "value(core.account)")
  auth=$(cat "$file" | head -n 1)
  rm -f $file1
  if [[ $auth == "Reauthentication required." ]] ||  [[ $user != "first.last@domain.com" ]]; then
    echo "Logging in to Google Cloud Platform."
    gcloud auth login
    gcloud auth application-default login
    open https://okta-login
  else
    echo "You are already logged in to Google Cloud Platform."
  fi
else
  echo "Skipping GCP ... "
fi
## CHECK IF LOGGED IN TO AWS
read -p "Login to AWS? (y/n) : " login_aws
if [[ $login_aws = "y" ]]; then  
  file2=""/Users/username/code/etc/auth-aws.txt""
  aws sts get-caller-identity 2> $file2
  expired=$(tail -n +2 "$file2")
  rm -f $file2
  if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then
    open https://okta-login
    echo "please wait until web page loads ... "
    read -p "Press any key to continue... " -n1 -s
    echo ""
    basecred='/Users/username/.aws/credentials.base'
    newcreds='/Users/username/Downloads/credentials'
    creds='/Users/username/.aws/credentials'
    if [ ! -f $newcreds ]; then
      echo 'No AWS credentials.'
      exit
    else
      cat $newcreds $basecred > $creds
      echo 'New AWS credentials.'
      sleep 3
      rm -f $newcreds
    fi
  else
    echo "You are already logged in to AWS."
  fi
else 
  echo "Skipping AWS ... "
fi

#!/bin/bash ## CHECK IF LOGGED IN TO GCP read -p "Login to GCP? (y/n) : " login_gcp if [[ $login_gcp = "y" ]]; then file1="/Users/username/code/etc/auth-gcp.txt" gcloud auth print-identity-token 1> /dev/null 2> $file user=$(gcloud config list account --format "value(core.account)") auth=$(cat "$file" | head -n 1) rm -f $file1 if [[ $auth == "Reauthentication required." ]] || [[ $user != "first.last@domain.com" ]]; then echo "Logging in to Google Cloud Platform." gcloud auth login gcloud auth application-default login open https://okta-login else echo "You are already logged in to Google Cloud Platform." fi else echo "Skipping GCP ... " fi ## CHECK IF LOGGED IN TO AWS read -p "Login to AWS? (y/n) : " login_aws if [[ $login_aws = "y" ]]; then file2=""/Users/username/code/etc/auth-aws.txt"" aws sts get-caller-identity 2> $file2 expired=$(tail -n +2 "$file2") rm -f $file2 if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then open https://okta-login echo "please wait until web page loads ... " read -p "Press any key to continue... " -n1 -s echo "" basecred='/Users/username/.aws/credentials.base' newcreds='/Users/username/Downloads/credentials' creds='/Users/username/.aws/credentials' if [ ! -f $newcreds ]; then echo 'No AWS credentials.' exit else cat $newcreds $basecred > $creds echo 'New AWS credentials.' sleep 3 rm -f $newcreds fi else echo "You are already logged in to AWS." fi else echo "Skipping AWS ... " fi

Filed Under: Cloud, Linux Tagged With: aws, gcp, login, script

AWS Create Volume From Snapshot with Tags

January 19, 2023

Here’s another script that creates a volume from a snapshot, but also add the tags.

#!/bin/bash
read -p "server     : " server
read -p "volumeId   : " volume
read -p "snapshotId : " snapshot
read -p "region     : " region
read -p "zone       : " zone
read -p "profile    : " profile
# get tags
tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile)
# remove quotes
tags2=$(echo "$tags1" | tr -d '"')
# remove spaces
tags3=$(echo $tags2 | sed 's/ //g')
# replace : with =
tags4=$(echo $tags3 | sed 's/:/=/g')
# if empty value replace with quotes
tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g')
# create volume
aws ec2 create-volume \
--availability-zone $zone \
--encrypted \
--iops 3000 \
--volume-type gp3 \
--snapshot-id $snapshot \
--tag-specifications 'ResourceType=volume,Tags='$tags5'' \
--region $region \
--profile $profile

#!/bin/bash read -p "server : " server read -p "volumeId : " volume read -p "snapshotId : " snapshot read -p "region : " region read -p "zone : " zone read -p "profile : " profile # get tags tags1=$(aws ec2 describe-volumes --volume-ids $volume --query 'Volumes[].Tags[]' --region $region --profile $profile) # remove quotes tags2=$(echo "$tags1" | tr -d '"') # remove spaces tags3=$(echo $tags2 | sed 's/ //g') # replace : with = tags4=$(echo $tags3 | sed 's/:/=/g') # if empty value replace with quotes tags5=$(echo $tags4 | sed 's/Value=}/Value=""}/g') # create volume aws ec2 create-volume \ --availability-zone $zone \ --encrypted \ --iops 3000 \ --volume-type gp3 \ --snapshot-id $snapshot \ --tag-specifications 'ResourceType=volume,Tags='$tags5'' \ --region $region \ --profile $profile

Filed Under: Cloud, Linux Tagged With: aws, create, snapshot, tags, volume

AWS List Account Aliases

December 26, 2022

Here’s how to list account aliases. I have four profiles in my credentials. I’m looping through all four and printing the aliases.

#!/bin/bash
file='results-aws-account-aliases.txt'
> $file
declare -a account=("default" "one" "two" "three")
for i in "${account[@]}"
do
    echo '----------------------' >> $file
    echo 'Account: '$i >> $file
    aws iam list-account-aliases \
    --profile $i 
done

#!/bin/bash file='results-aws-account-aliases.txt' > $file declare -a account=("default" "one" "two" "three") for i in "${account[@]}" do echo '----------------------' >> $file echo 'Account: '$i >> $file aws iam list-account-aliases \ --profile $i done

Filed Under: Cloud Tagged With: accounts, aws, iam, list

CloudWatch Notifications

September 7, 2022

How to give someone access to enable/disable CloudWatch notifications.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:EnableAlarmActions",
                "cloudwatch:DisableAlarmActions"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions" ], "Effect": "Allow", "Resource": "*" } ] }

Filed Under: Cloud Tagged With: aws, cloudwatch, disable, enable, notifications

AWS Get Access Key Info

June 28, 2022

How to look for an access key in AWS. Find the account.

$ aws sts get-access-key-info --access-key-id AKIA8XXXXXXXXXXXXXXX
{
    "Account": "XXXXXXXXXXXX"
}

$ aws sts get-access-key-info --access-key-id AKIA8XXXXXXXXXXXXXXX { "Account": "XXXXXXXXXXXX" }

Filed Under: Cloud Tagged With: access, account, aws, get, key

AWS SDK Load Config

February 14, 2022

Occasionally I was getting this random error when running Terraform.

╷
│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│ 
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│ 
│ Error: RequestError: send request failed
│ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer
│ 
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 10, in provider "aws":
│   10: provider "aws" {

╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" {

Here’s the fix. Place this in your ~/.bash_profile.

export AWS_SDK_LOAD_CONFIG=1

export AWS_SDK_LOAD_CONFIG=1

This forces Terraform to use both config and credentials file.

Filed Under: Linux Tagged With: aws, awscli, bash_profile, cli, config, credentials, sdk, terraform

Saml2aws

February 14, 2022

Use Saml2Aws CLI as an alternative to SAML to AWS STS Key Conversion.

Install on Mac.

brew install saml2aws
saml2aws --version

brew install saml2aws saml2aws --version

Configure. Provide information.

saml2aws configure

saml2aws configure

It will create a ~/.saml2aws config file. Set session to 8 hours.

aws_session_duration    = 28800

aws_session_duration = 28800

Login.

saml2aws login

saml2aws login

After authentication and/or MFA, your ~/.aws/credentials will be updated.

Filed Under: Linux, Mac Tagged With: aws, integration, keys, saml, saml2aws, sessions, sts

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 19
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023