Here’s a simple way to search for a RDS instance in AWS via CLI.
aws rds describe-db-instances \ --db-instance-identifier rds-instance-name \ --region us-east-1 \ --profile my-account |
You may have to cycle through accounts and regions to find it.
aws
AWS CloudFormation Security Group
AWS CloudFormation to create security groups. Includes self-refencing ingress and egress rules.
AWSTemplateFormatVersion: '2010-09-09' Description: my-security-groups ###################################### Parameters: EC2Vpc: ConstraintDescription: Must be a valid VpcId Description: Select the VPC to use Type: AWS::EC2::VPC::Id ############################################################################## Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC Parameters: - EC2Vpc ############################################################################## Resources: EC2InstanceSecurityGroup1: Type: AWS::EC2::SecurityGroup Properties: VpcId: Ref: EC2Vpc GroupDescription: my-security-group-1 GroupName: my-security-group-1 SecurityGroupIngress: - {CidrIp: 10.0.0.0/8, IpProtocol: tcp, FromPort: '80', ToPort: '80', Description: 'HTTP'} SecurityGroupEgress: - {CidrIp: 10.0.0.0/8, IpProtocol: udp, FromPort: '123', ToPort: '123', Description: 'NTP'} - {CidrIp: 10.0.0.0/8, IpProtocol: tcp, FromPort: '53', ToPort: '53', Description: 'DNS'} Tags: - {Key: Name, Value: 'my-security-group-1'} EC2InstanceSecurityGroup2: Type: AWS::EC2::SecurityGroup Properties: VpcId: Ref: EC2Vpc GroupDescription: my-security-group-2 GroupName: my-security-group-2 SecurityGroupIngress: - {CidrIp: 0.0.0.0/0, IpProtocol: tcp, FromPort: '443', ToPort: '443', Description: 'HTTP'} - {CidrIp: 0.0.0.0/0, IpProtocol: icmp, FromPort: '-1', ToPort: '-1', Description: 'ICMP ping'} SecurityGroupEgress: - {CidrIp: 10.0.0.0/8, IpProtocol: udp, FromPort: '123', ToPort: '123', Description: 'NTP'} - {CidrIp: 10.0.0.0/8, IpProtocol: tcp, FromPort: '53', ToPort: '53', Description: 'DNS'} - {CidrIp: 0.0.0.0/0, IpProtocol: icmp, FromPort: '-1', ToPort: '-1', Description: 'ICMP ping'} Tags: - {Key: Name, Value: 'my-security-group-2'} MyIngressSelfAll: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref EC2InstanceSecurityGroup2 SourceSecurityGroupId: !GetAtt EC2InstanceSecurityGroup2.GroupId IpProtocol: -1 FromPort: 0 ToPort: 65535 MyEgressSelfAll: Type: AWS::EC2::SecurityGroupEgress Properties: GroupId: !Ref EC2InstanceSecurityGroup2 DestinationSecurityGroupId: !GetAtt EC2InstanceSecurityGroup2.GroupId IpProtocol: -1 FromPort: 0 ToPort: 65535 ############################################################################## Outputs: SecurityGroupId: Description: The Security Group that was created Value: {Ref: EC2InstanceSecurityGroup1} Value: {Ref: EC2InstanceSecurityGroup2} StackName: Description: Name of this stack for Fn::ImportValue use by children of top level stack Value: {Ref: 'AWS::StackName'} |
AWS Copy Security Group
You can copy rules from a security group to a new security group created within the same Region.
Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, choose Security Groups.
- Select the security group you’d like to copy.
- For Actions, choose Copy to new.
- The Create Security Group dialog opens, and is populated with the rules from your existing security group.
- Specify a Security group name and Description for your new security group.
- For VPC, choose the ID of the VPC.
- Choose Create.
AWS Move Instance to Another Zone
Here’s how to move an AWS instance to another zone.
Stop the instance first.
aws ec2 stop-instances --instance-ids i-1234567890abcdef0 |
Create an AMI image.
aws ec2 create-image \ --instance-id i-1234567890abcdef0 \ --name "my-ami" \ --description "my-ami" |
Create EC2 instance using Terraform. The contents of main.tf.
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_instance" "ulysses" { ami = "ami-1234567890abcdef0" key_name = "servers" iam_instance_profile = "machine-role" instance_type = "t3.micro" subnet_id = "subnet-1234567890abcdef0" security_groups = ["sg-1234567890abcdef0", "sg-1234567890abcdef1"] tags = { Name = "moving-instance" tag1 = "test1" tag2 = "test2" } } |
Launch it.
terraform init terraform plan terraform apply |
Create AWS VPC using Terraform
Creating a VPC in AWS using Terraform. The script will do the following:
- Create a VPC
- Create a Subnet
- Create an Internet Gateway
- Create a route in the default route table using the Internet Gateway
Contents of main.tf
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "tfc" region = "us-west-1" } resource "aws_vpc" "my-vpc" { cidr_block = "10.0.4.0/24" instance_tenancy = "default" tags = { Name = "my-vpc" } } resource "aws_subnet" "my-subnet" { vpc_id = aws_vpc.my-vpc.id cidr_block = "10.0.4.0/24" availability_zone = "us-west-1a" tags = { Name = "my-subnet-us-west-1a" } } resource "aws_internet_gateway" "my-igw" { vpc_id = aws_vpc.my-vpc.id tags = { Name = "my-internet-gateway" } } resource "aws_default_route_table" "my-rt" { default_route_table_id = aws_vpc.my-vpc.default_route_table_id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.my-igw.id } tags = { Name = "my-route-table" } } |
AWS display Lightsail snapshots
How to display Lightsail snapshots.
#!/bin/bash displaysnapshots () { echo '--------------------------------------------------------' aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name]' --output text | sort echo '--------------------------------------------------------' } displaysnapshots |
Result.
daily_ulyme_1637812801 daily_ulyme_1637899201 daily_ulyme_1637985601 daily_ulyme_1638072001 |
Adding timestamp to the output.
aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name,createdAt]' --output text | sort |
Result.
daily_ulyme_1637812801 1637812806.853 daily_ulyme_1637899201 1637899208.285 daily_ulyme_1637985601 1637985606.184 daily_ulyme_1638072001 1638072006.579 |
Convert Unix timestamp to iso8601. Edit your ~/.aws/config file. Add this line.
cli_timestamp_format = iso8601 |
Result.
daily_ulyme_1637812801 2021-11-25T04:00:06.853000+00:00 daily_ulyme_1637899201 2021-11-26T04:00:08.285000+00:00 daily_ulyme_1637985601 2021-11-27T04:00:06.184000+00:00 daily_ulyme_1638072001 2021-11-28T04:00:06.579000+00:00 |
Terraform AWS Security Group
How to create a security group in AWS via Terraform.
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_security_group" "my_sg" { vpc_id = "vpc-xxxxxxxxxxxxxxxxx" name = "My Security Group" description = "My Security Group" ingress { from_port = 8088 to_port = 8088 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "My Security Group" } } |
Terraform AWS S3
How to create S3 bucket via Terraform.
erraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_s3_bucket" "bucket" { bucket = "my-ulysses-bucket" acl = "private" tags = { Name = "My Ulysses bucket" Environment = "Dev" } } resource "aws_s3_bucket_public_access_block" "example" { bucket = aws_s3_bucket.bucket.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } |