• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

cli

AWS SDK Load Config

February 14, 2022

Occasionally I was getting this random error when running Terraform.

╷
│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│ 
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│ 
│ Error: RequestError: send request failed
│ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer
│ 
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 10, in provider "aws":
│   10: provider "aws" {

╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" {

Here’s the fix. Place this in your ~/.bash_profile.

export AWS_SDK_LOAD_CONFIG=1

export AWS_SDK_LOAD_CONFIG=1

This forces Terraform to use both config and credentials file.

Filed Under: Linux Tagged With: aws, awscli, bash_profile, cli, config, credentials, sdk, terraform

AWS ACM List Certificates

January 4, 2022

How to list SSL certificates in AWS Certificate Manager.

aws acm list-certificates

aws acm list-certificates

Result

{
    "CertificateSummaryList": [
        {
            "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "DomainName": "mydomain.com"
        }
    ]
}

{ "CertificateSummaryList": [ { "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "DomainName": "mydomain.com" } ] }

Describe details about the certificate.

aws acm describe-certificate \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--region us-east-1 \
--profile my-profile

aws acm describe-certificate \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --region us-east-1 \ --profile my-profile

Filed Under: Cloud Tagged With: acm, aws, certificate, cli, ssl

AWS Search for RDS

January 3, 2022

Here’s a simple way to search for a RDS instance in AWS via CLI.

aws rds describe-db-instances \
--db-instance-identifier rds-instance-name \
--region us-east-1 \
--profile my-account

aws rds describe-db-instances \ --db-instance-identifier rds-instance-name \ --region us-east-1 \ --profile my-account

You may have to cycle through accounts and regions to find it.

Filed Under: Cloud Tagged With: aws, cli, describe-instances, profile, rds, region, search

AWS CLI Search IAM UserID

October 11, 2021

Here’s how to search for an IAM user in AWS by filtering their access key.

aws iam list-users --query 'Users[?UserId==`AIDAxxxxxxxxxxxxxxxxx`]' \
--profile your-profile

aws iam list-users --query 'Users[?UserId==`AIDAxxxxxxxxxxxxxxxxx`]' \ --profile your-profile

The results only returns one user with that UserID.

[
    {
        "Path": "/",
        "UserName": "your-username",
        "UserId": "AIDAxxxxxxxxxxxxxxxxx",
        "Arn": "arn:aws:iam::xxxxxxxxxxxx:user/sa-lucidchart",
        "CreateDate": "2019-04-15T15:53:18+00:00"
    }
]

[ { "Path": "/", "UserName": "your-username", "UserId": "AIDAxxxxxxxxxxxxxxxxx", "Arn": "arn:aws:iam::xxxxxxxxxxxx:user/sa-lucidchart", "CreateDate": "2019-04-15T15:53:18+00:00" } ]

Filed Under: Cloud Tagged With: access keys, aws, cli, iam, list-users

AWSCLI in Docker Container

July 17, 2021

This will download the latest awscli and run it in a container.

A new container will be built every time the command is run.

Your current credentials in ~/.aws will be used.

docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli:latest

docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli:latest

Create an alias for convenience.

alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws amazon/aws-cli'

alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws amazon/aws-cli'

You can now run any aws cli after.

aws --version
aws-cli/2.2.20 Python/3.8.8 Linux/5.4.0-66-generic docker/x86_64.amzn.2 prompt/off

aws --version aws-cli/2.2.20 Python/3.8.8 Linux/5.4.0-66-generic docker/x86_64.amzn.2 prompt/off

Filed Under: Cloud Tagged With: aws, cli, container, docker

AWS EC2 ENA Support

May 7, 2021

AWS has machine types that require ENA Support. You can run AWS CLI to find out if instance is ENA enabled.

aws ec2 describe-instances \
--instance-id i-xxxxxxxxxxxxxxxxx \
--profile default \
--region us-east-1 \
--query 'Reservations[].Instances[].EnaSupport'

aws ec2 describe-instances \ --instance-id i-xxxxxxxxxxxxxxxxx \ --profile default \ --region us-east-1 \ --query 'Reservations[].Instances[].EnaSupport'

Login to the instance and verify.

sudo lspci | grep -i Amazon

sudo lspci | grep -i Amazon

List driver details.

modinfo nvme

modinfo nvme

Verify modules loaded at startup.

lsmod | grep nvme
lsmod | grep ena

lsmod | grep nvme lsmod | grep ena

If ENA drivers are missing, install them.

yum install pciutils

yum install pciutils

Filed Under: Cloud Tagged With: aws, cli, describe-instances, ec2, ena, support

AWS Get Account ID

March 6, 2021

Here’s a quick way to find the AWS Account ID via AWS CLI.

aws sts get-caller-identity --query Account --output text

aws sts get-caller-identity --query Account --output text

Output is a 12 digit number (redacted)

xxxxxxxxxxxx

xxxxxxxxxxxx

AWS Account ID is a 12 digit number unique to each AWS account. Occasionally, there are scripts and policies that need the ID of the account. The command above is one way of querying the account ID so they can be used for policies that need them.

Filed Under: Cloud Tagged With: account, aws, cli, get, id

AWS Backup Vaults

March 5, 2021

Here’s how to list AWS Backup vaults and plans. You can filter the output by specifying a vault.

aws backup list-backup-vaults --query "BackupVaultList[?BackupVaultName=='my-vault']" --output json

aws backup list-backup-vaults --query "BackupVaultList[?BackupVaultName=='my-vault']" --output json

Output: (outputs are redacted for security reasons)

[
    {
        "BackupVaultName": "my-vault",
        "BackupVaultArn": "arn:aws:backup:us-east-1:xxxxxxxxxxxx:backup-vault:my-vault",
        "CreationDate": "2019-02-10T11:38:42.556000-05:00",
        "EncryptionKeyArn": "arn:aws:kms:us-east-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "CreatorRequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "NumberOfRecoveryPoints": 3
    }
]

[ { "BackupVaultName": "my-vault", "BackupVaultArn": "arn:aws:backup:us-east-1:xxxxxxxxxxxx:backup-vault:my-vault", "CreationDate": "2019-02-10T11:38:42.556000-05:00", "EncryptionKeyArn": "arn:aws:kms:us-east-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "CreatorRequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "NumberOfRecoveryPoints": 3 } ]

Display the BackupPlanId of a specific backup plan.

aws backup list-backup-plans --query "BackupPlansList[?BackupPlanName=='my-backup-plan'].BackupPlanId"

aws backup list-backup-plans --query "BackupPlansList[?BackupPlanName=='my-backup-plan'].BackupPlanId"

Output: (outputs are redacted for security reasons)

[
    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
]

[ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ]

Filed Under: Cloud Tagged With: aws, backup, cli, efs, plans, vault

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 7
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023