Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for cli

January 26, 2021

AWS EC2 List Firewall Rules

AWS EC2 Firewall rules are defined within security groups. Security groups are attached to an instance. An instance can have up to 5 security groups. Essentially, this script gathers all the security groups associated with an instance, loops through them, and then outputs the ingress and egress rules of each security group to a file in a text format.

#!/bin/bash
# set variables
instanceid='i-xxxxxxxxxxxxxxxx'
region='us-east-1'
profile='sample'
# log and temp files
output="ec2-sg.log"
tmpfil="ec2-sg.tmp"
# empty log at start
> $output
# get sg ids
aws ec2 describe-instances \
--instance-ids $instanceid \
--region $region \
--profile $profile \
--query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil
while read -r id; do
  echo '============================================' >> $output
  echo $id >> $output
  echo '============================================' >> $output
  echo '---------------- INGRESS -------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
  echo '---------------- EGRESS --------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
done < $tmpfil

#!/bin/bash # set variables instanceid='i-xxxxxxxxxxxxxxxx' region='us-east-1' profile='sample' # log and temp files output="ec2-sg.log" tmpfil="ec2-sg.tmp" # empty log at start > $output # get sg ids aws ec2 describe-instances \ --instance-ids $instanceid \ --region $region \ --profile $profile \ --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil while read -r id; do echo '============================================' >> $output echo $id >> $output echo '============================================' >> $output echo '---------------- INGRESS -------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output echo '---------------- EGRESS --------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output done < $tmpfil

Here’s a sample output.

============================================
sg-xxxxxxxxxxxxxxx
============================================
---------------- INGRESS -------------------
5985    5985    tcp     10.0.0.220/32
10005   10005   tcp     10.0.0.164/32
---------------- EGRESS --------------------
80      80      tcp     10.0.0.14/32
40000   65535   udp     10.0.0.0/8
3389    3389    tcp     10.0.0.96/32
9389    9389    tcp     10.0.0.0/8
5985    5986    tcp     10.0.0.96/32

============================================ sg-xxxxxxxxxxxxxxx ============================================ ---------------- INGRESS ------------------- 5985 5985 tcp 10.0.0.220/32 10005 10005 tcp 10.0.0.164/32 ---------------- EGRESS -------------------- 80 80 tcp 10.0.0.14/32 40000 65535 udp 10.0.0.0/8 3389 3389 tcp 10.0.0.96/32 9389 9389 tcp 10.0.0.0/8 5985 5986 tcp 10.0.0.96/32

January 16, 2021

AWS CLI Contains

The AWS CLI has a not so well-known comparison operator called “contains” which can be used to filter or query the output of your results. In this example, we want to show only instances that were not terminated.

Here’s a query containing “?!contains().”

aws ec2 describe-instances \
--query 'Reservations[*].Instances[?!contains(State.Name, `terminated`)].{Instance:InstanceId}'
--output text

aws ec2 describe-instances \ --query 'Reservations[*].Instances[?!contains(State.Name, `terminated`)].{Instance:InstanceId}' --output text

October 21, 2020

AWS S3 Make Object Public

Copy object or file to S3 bucket.

aws s3 cp filename.ext s3://bucketname/ --profile your-profile

aws s3 cp filename.ext s3://bucketname/ --profile your-profile

To make it publicly available, run this command.

aws s3api put-object-acl \
--bucket bucket-name \
--key filename.ext \
--acl public-read \
--profile your-profile

aws s3api put-object-acl \ --bucket bucket-name \ --key filename.ext \ --acl public-read \ --profile your-profile

October 4, 2020

AWS S3 Acceleration CLI

Here is how to enable Amazon S3 Transfer Acceleration on a S3 bucket.

aws s3api put-bucket-accelerate-configuration \
--bucket bucketname \
--accelerate-configuration Status=Enabled \
--region us-east-1

aws s3api put-bucket-accelerate-configuration \ --bucket bucketname \ --accelerate-configuration Status=Enabled \ --region us-east-1

Use an accelerate endpoint.

aws configure set default.s3.use_accelerate_endpoint true

aws configure set default.s3.use_accelerate_endpoint true

To copy files to S3 you can use the default copy.

aws s3 cp file.txt s3://bucketname/keyname \
--region us-east-1

aws s3 cp file.txt s3://bucketname/keyname \ --region us-east-1

Or use the acceleration endpoint.

aws configure set s3.addressing_style virtual
aws s3 cp file.txt s3://bucketname/keyname \
--endpoint-url http://s3-accelerate.amazonaws.com \
--region us-east-1

aws configure set s3.addressing_style virtual aws s3 cp file.txt s3://bucketname/keyname \ --endpoint-url http://s3-accelerate.amazonaws.com \ --region us-east-1

June 28, 2020

AWS CLI V2

How to install AWS CLI version 2.

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install

  • 1
  • 2
  • 3
  • …
  • 9
  • Next Page »
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021