cloud engineer
Here’s how to search for an IAM user in AWS by filtering their access key.
aws iam list-users --query 'Users[?UserId==`AIDAxxxxxxxxxxxxxxxxx`]' \ --profile your-profile |
aws iam list-users --query 'Users[?UserId==`AIDAxxxxxxxxxxxxxxxxx`]' \ --profile your-profile
The results only returns one user with that UserID.
[ { "Path": "/", "UserName": "your-username", "UserId": "AIDAxxxxxxxxxxxxxxxxx", "Arn": "arn:aws:iam::xxxxxxxxxxxx:user/sa-lucidchart", "CreateDate": "2019-04-15T15:53:18+00:00" } ] |
[ { "Path": "/", "UserName": "your-username", "UserId": "AIDAxxxxxxxxxxxxxxxxx", "Arn": "arn:aws:iam::xxxxxxxxxxxx:user/sa-lucidchart", "CreateDate": "2019-04-15T15:53:18+00:00" } ]
This will download the latest awscli and run it in a container.
A new container will be built every time the command is run.
Your current credentials in ~/.aws will be used.
docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli:latest |
docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli:latest
Create an alias for convenience.
alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws amazon/aws-cli' |
alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws amazon/aws-cli'
You can now run any aws cli after.
aws --version aws-cli/2.2.20 Python/3.8.8 Linux/5.4.0-66-generic docker/x86_64.amzn.2 prompt/off |
aws --version aws-cli/2.2.20 Python/3.8.8 Linux/5.4.0-66-generic docker/x86_64.amzn.2 prompt/off
AWS has machine types that require ENA Support. You can run AWS CLI to find out if instance is ENA enabled.
aws ec2 describe-instances \ --instance-id i-xxxxxxxxxxxxxxxxx \ --profile default \ --region us-east-1 \ --query 'Reservations[].Instances[].EnaSupport' |
aws ec2 describe-instances \ --instance-id i-xxxxxxxxxxxxxxxxx \ --profile default \ --region us-east-1 \ --query 'Reservations[].Instances[].EnaSupport'
Login to the instance and verify.
sudo lspci | grep -i Amazon |
sudo lspci | grep -i Amazon
List driver details.
modinfo nvme |
modinfo nvme
Verify modules loaded at startup.
lsmod | grep nvme lsmod | grep ena |
lsmod | grep nvme lsmod | grep ena
If ENA drivers are missing, install them.
yum install pciutils |
yum install pciutils
Here’s a quick way to find the AWS Account ID via AWS CLI.
aws sts get-caller-identity --query Account --output text |
aws sts get-caller-identity --query Account --output text
Output is a 12 digit number (redacted)
xxxxxxxxxxxx |
xxxxxxxxxxxx
AWS Account ID is a 12 digit number unique to each AWS account. Occasionally, there are scripts and policies that need the ID of the account. The command above is one way of querying the account ID so they can be used for policies that need them.
Here’s how to list AWS Backup vaults and plans. You can filter the output by specifying a vault.
aws backup list-backup-vaults --query "BackupVaultList[?BackupVaultName=='my-vault']" --output json |
aws backup list-backup-vaults --query "BackupVaultList[?BackupVaultName=='my-vault']" --output json
Output: (outputs are redacted for security reasons)
[ { "BackupVaultName": "my-vault", "BackupVaultArn": "arn:aws:backup:us-east-1:xxxxxxxxxxxx:backup-vault:my-vault", "CreationDate": "2019-02-10T11:38:42.556000-05:00", "EncryptionKeyArn": "arn:aws:kms:us-east-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "CreatorRequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "NumberOfRecoveryPoints": 3 } ] |
[ { "BackupVaultName": "my-vault", "BackupVaultArn": "arn:aws:backup:us-east-1:xxxxxxxxxxxx:backup-vault:my-vault", "CreationDate": "2019-02-10T11:38:42.556000-05:00", "EncryptionKeyArn": "arn:aws:kms:us-east-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "CreatorRequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "NumberOfRecoveryPoints": 3 } ]
Display the BackupPlanId of a specific backup plan.
aws backup list-backup-plans --query "BackupPlansList[?BackupPlanName=='my-backup-plan'].BackupPlanId" |
aws backup list-backup-plans --query "BackupPlansList[?BackupPlanName=='my-backup-plan'].BackupPlanId"
Output: (outputs are redacted for security reasons)
[ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ] |
[ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ]