Uly.me

cloud engineer

cli

AWS SDK Load Config

Occasionally I was getting this random error when running Terraform.

╷
│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│ 
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│ 
│ Error: RequestError: send request failed
│ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer
│ 
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 10, in provider "aws":
│   10: provider "aws" {

Here’s the fix. Place this in your ~/.bash_profile.

export AWS_SDK_LOAD_CONFIG=1

This forces Terraform to use both config and credentials file.

AWS ACM List Certificates

How to list SSL certificates in AWS Certificate Manager.

aws acm list-certificates

Result

{
    "CertificateSummaryList": [
        {
            "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "DomainName": "mydomain.com"
        }
    ]
}

Describe details about the certificate.

aws acm describe-certificate \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--region us-east-1 \
--profile my-profile

AWS Search for RDS

Here’s a simple way to search for a RDS instance in AWS via CLI.

aws rds describe-db-instances \
--db-instance-identifier rds-instance-name \
--region us-east-1 \
--profile my-account

You may have to cycle through accounts and regions to find it.

AWS CLI Search IAM UserID

Here’s how to search for an IAM user in AWS by filtering their access key.

aws iam list-users --query 'Users[?UserId==`AIDAxxxxxxxxxxxxxxxxx`]' \
--profile your-profile

The results only returns one user with that UserID.

[
    {
        "Path": "/",
        "UserName": "your-username",
        "UserId": "AIDAxxxxxxxxxxxxxxxxx",
        "Arn": "arn:aws:iam::xxxxxxxxxxxx:user/sa-lucidchart",
        "CreateDate": "2019-04-15T15:53:18+00:00"
    }
]

AWSCLI in Docker Container

This will download the latest awscli and run it in a container.

A new container will be built every time the command is run.

Your current credentials in ~/.aws will be used.

docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli:latest

Create an alias for convenience.

alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws amazon/aws-cli'

You can now run any aws cli after.

aws --version
aws-cli/2.2.20 Python/3.8.8 Linux/5.4.0-66-generic docker/x86_64.amzn.2 prompt/off

AWS EC2 ENA Support

AWS has machine types that require ENA Support. You can run AWS CLI to find out if instance is ENA enabled.

aws ec2 describe-instances \
--instance-id i-xxxxxxxxxxxxxxxxx \
--profile default \
--region us-east-1 \
--query 'Reservations[].Instances[].EnaSupport'

Login to the instance and verify.

sudo lspci | grep -i Amazon

List driver details.

modinfo nvme

Verify modules loaded at startup.

lsmod | grep nvme
lsmod | grep ena

If ENA drivers are missing, install them.

yum install pciutils

AWS Backup Vaults

Here’s how to list AWS Backup vaults and plans. You can filter the output by specifying a vault.

aws backup list-backup-vaults --query "BackupVaultList[?BackupVaultName=='my-vault']" --output json

Output: (outputs are redacted for security reasons)

[
    {
        "BackupVaultName": "my-vault",
        "BackupVaultArn": "arn:aws:backup:us-east-1:xxxxxxxxxxxx:backup-vault:my-vault",
        "CreationDate": "2019-02-10T11:38:42.556000-05:00",
        "EncryptionKeyArn": "arn:aws:kms:us-east-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "CreatorRequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "NumberOfRecoveryPoints": 3
    }
]

Display the BackupPlanId of a specific backup plan.

aws backup list-backup-plans --query "BackupPlansList[?BackupPlanName=='my-backup-plan'].BackupPlanId"

Output: (outputs are redacted for security reasons)

[
    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
]