Here’s how to get a list of certificates in AWS Certificate Manager.
aws acm list-certificates \ --profile default \ --region us-east-1 \ --output text \ --query 'CertificateSummaryList[*].{ARN:CertificateArn,Domain:DomainName}' |
AWS WAF IP Set
Here’s how to get the WAF rule.
aws waf-regional get-rule \
--rule-id xxxxxxxxxxxxxxxxxxxxxxxxxxx |
Here’s how to get the AWS WAF IP set.
aws waf-regional get-ip-set \ --ip-set-id xxxxxxxxxxxxxxxxxxx \ --region us-east-1 \ --profile your-profile |
Here’s how to get the latest token.
aws waf-regional get-change-token |
Result is similar to this.
{
"ChangeToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
} |
Create a JSON file called “change.json” to be used for updating the IP set. We will insert and delete an IP set.
[
{
"Action": "INSERT",
"IPSetDescriptor":
{
"Type": "IPV4",
"Value": "12.34.56.78/24"
}
},
{
"Action": "DELETE",
"IPSetDescriptor":
{
"Type": "IPV6",
"Value": "1111:0000:0000:0000:0000:0000:0000:0111/128"
}
}
] |
Finally, here’s how to update the IP set.
aws waf-regional update-ip-set \ --ip-set-id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ --change-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ --region us-east-1 \ --profile default \ --updates file://change.json |
GCP Instances By Service Account
Here’s how to get a list of GCP instances using a specific service account.
gcloud compute instances list \ --filter="serviceAccounts.email=service-account@domain.com" \ --project project-id |
To display all instances and their service accounts in JSON format.
gcloud compute instances list \ --format="json(name,serviceAccounts[].email)" \ --project your-project-id |
Display in YAML which is also the Default.
gcloud compute instances list \ --format="default(name,serviceAccounts[].email)" \ --project your-project-id |