Here’s how to get a list of certificates in AWS Certificate Manager.
aws acm list-certificates \ --profile default \ --region us-east-1 \ --output text \ --query 'CertificateSummaryList[*].{ARN:CertificateArn,Domain:DomainName}' |
aws
EC2 Password Authentication
When you stand up an AWS instance, it’s only accessible via SSH key using the default user, typically ec2-user.
Add password to ec2-user, then enable password authentication to ‘yes’ in SSH.
# Add password to ec2-user sudo passwd ec2-user # edit ssh config vim /etc/ssh/sshd_config # enable password authentication PasswordAuthentication yes # save file and exit |
Restart SSH service.
systemctl restart sshd.service |
AWS EC2 Describe Snapshots
Here’s how to describe snapshots using query with tags.
aws ec2 describe-snapshots \ --owner-ids xxxxxxxxxxx \ --profile default \ --region us-east-2 \ --output text \ --query "Snapshots[*].[SnapshotId,Tags[?Key=='Name'].Value[] | [0]]" |
Result.
snap-xxxxxxxxxxxxxxxxx Server1 snap-xxxxxxxxxxxxxxxxx Server2 |
AWS S3 Sync Between Accounts
Here’s how to sync S3 buckets between 2 different AWS accounts. Assuming buckets are already created.
- Setup bucket permissions in Account A
- Setup IAM user with permissions in Account B
- Setup bucket permissions in Account B
- Run S3 sync from Account B.
Account A bucket permissions. Account and user are from Account B.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] } |
Create IAM user (Jane) in Account B
aws iam create-user --user-name Jane |
Give IAM user (Jane) access to both buckets.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] } |
Sync the buckets
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket |
AWS CLI AutoScaler Update
Here’s the AWS CLI command to set the Auto Scaling Group to a certain number for the minimum, maximum, and desired number of instances.
#!/bin/bash # Format: # ./autoscaling.sh 3 # ./autoscaling.sh 0 int=$1 aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name your-auto-scaling-group \ --min-size $int \ --max-size $int \ --desired-capacity $int \ --region us-east-2 |
Format:
./autoscaling.sh 0 ./autoscaling.sh 3 |
WAF CloudFormation Template
Here’s the CloudFormation template for creating a WAF.
Here are some options that you’ll be asked during creation.
- Activate SQL Injection Protection ( yes | no )
- Activate Cross-site Scripting Protection ( yes | no )
- Activate HTTP Flood Protection ( WAF rate | Lambda log parser | Athena log parser | no )
- Activate Scanner & Probe Protection ( Lambda log parser | Athena log parser | no )
- Activate Reputation List Protection ( yes | no )
- Activate Bad Bot Protection ( yes | no )
- Endpoint Type (CloudFront or ALB)
- Application Access Log Bucket Name ( Leave blank if no S3 bucket)
The template creates 2 CloudFormation stacks.