AWS Cloud9 CLI for Amazon Linux 2

feature image


AWS Cloud9 CLI

Create a new Cloud9 in us-west-2.
Select t3.small


Linux Update

Run:


sudo yum -y update sudo sed 's/enabled = 0/enabled = 1/' /etc/yum/pluginconf.d/priorities.conf sudo yum -y upgrade

Output:


[...] Complete!

Update AWS CLI

Check current AWS CLI version.

Run:


aws --version

Output:


aws-cli/1.8.3 Python/3.9.11 Linux/5.4.0-1086-aws exe/x86_64.ubuntu.18 prompt/off

If it is version 1.x, then update AWS CLI.

Run:


curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install /usr/local/bin/aws --version

Output:


[...] aws-cli/2.11.13 Python/3.11.3 Linux/4.14.311-233.529.amzn2.x86_64 exe/x86_64.amzn.2 prompt/off

Reboot to use the CLI version 2.

Run:


sudo reboot

Output:


Cloud9 is rebooting and wait for 1 min to connect to your Cloud9 again.

Install Python SDK boto3

Run:


pip3 install boto3

Output:


[...] Installing collected packages: botocore, s3transfer, boto3 Successfully installed boto3-1.26.115 botocore-1.29.115 s3transfer-0.6.0

Setup/Check AKSK

Setup AKSK

Run:


aws configure

Output:


AWS Access Key ID [****************ZXD2]:

Press Ctrl+C to quit. Wait for a while, run aws configure again. You will see another Access Key ID. Cloud9 is not using a static AKSK. It is using a temporary role.

Read current temporary AKSK

Run:


cd ~/.aws more credentials

Output:


# Do not modify this file, if this file is modified it will not be updated. If the file is deleted, i t will be recreated on Mon Oct 17 2022 03:59:34 GMT+0000 (Coordinated Universal Time). # cc2ac3f11365c46d67a21bc6a53f7effaef3704fbc4ea9e58554655175823d2c # [default] aws_access_key_id=ASIAZJY3635BTUAYXEWQ aws_secret_access_key=VKetTtWt3VDHEcyiYyDQ8lZhfCJxYUi5wtXiEkci aws_session_token = region=ap-east-1

Role

Check current IAM Role

Run:


aws sts get-caller-identity

Output:


Check other Role

Run:


aws sts get-caller-identity --query Arn

Output:


"arn:aws:sts::639471902531:assumed-role/eksworkshop-admin/i-0c7bf0fd7e7197e91"

Get user info

Run:


aws iam get-user

Output:


{ "User": { "Path": "/", "UserName": "raytsang", "UserId": "AIDAZJY3635BXSEF4LCO4", "Arn": "arn:aws:iam::639471902531:user/raytsang", "CreateDate": "2019-07-11T08:07:34+00:00", "PasswordLastUsed": "2023-04-19T00:36:14+00:00", "Tags": [ { "Key": "AKIAZJY3635BQP5FIIWC ", "Value": "AWS Macbook" } ] } }

Meta Data

Check Meta-data

Run:


curl -s http://169.254.169.254/latest/meta-data

Output:


ami-id ami-launch-index ami-manifest-path block-device-mapping/ events/ hostname iam/ identity-credentials/ instance-action instance-id instance-life-cycle instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 reservation-id security-groups services/

jq

Install jq

we can display a beautified json in terminal by using jq. We can find more details in jqplay.org

Run:


sudo yum -y install jq

Output:


[...] Installed: jq.x86_64 0:1.6-2.el7 Complete!

Test jq

Check IAM User created year.

Run:


aws iam get-user | jq -r ".User.CreateDate[:4]"

Output:


2019

Find current region name.

Run:


aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]'

Output:


us-west-2

Find current region name by jq.

Run:


aws ec2 describe-availability-zones | jq -r '.AvailabilityZones[0].RegionName'

Output:


us-west-2

Find services that I am using by jq.

Run:


aws ce get-cost-and-usage --time-period Start=$(date "+%Y-%m-01" -d "-1 Month"),End=$(date --date="$(date +'%Y-%m-01') - 1 second" -I) --granularity MONTHLY --metrics UsageQuantity --group-by Type=DIMENSION,Key=SERVICE | jq '.ResultsByTime[].Groups[] | select(.Metrics.UsageQuantity.Amount > 0) | .Keys[0]'

Output:


"AWS CloudTrail" "AWS Config" "AWS DeepRacer" "AWS Directory Service" "AWS Key Management Service" "AWS Lambda"

Find services that cost me by jq.

Run:


aws ce get-cost-and-usage --time-period Start=$(date "+%Y-%m-01"),End=$(date --date="$(date +'%Y-%m-01') + 1 month - 1 second" -I) --granularity MONTHLY --metrics USAGE_QUANTITY BLENDED_COST --group-by Type=DIMENSION,Key=SERVICE | jq '[ .ResultsByTime[].Groups[] | select(.Metrics.BlendedCost.Amount > "0") | { (.Keys[0]): .Metrics.BlendedCost } ] | sort_by(.Amount) | add'

Output:


{ "AWS Config": { "Amount": "0.563", "Unit": "USD" }, "AWS DeepRacer": { "Amount": "0.1637677487", "Unit": "USD" }, "AWS Directory Service": { "Amount": "63.0430441641", "Unit": "USD" }, "AWS Key Management Service": { "Amount": "1.763888903", "Unit": "USD" }, "AWS Lambda": { "Amount": "0.000001503", "Unit": "USD" }, [...]

How many instances of each type do I have, and in what states

Run:


aws ec2 describe-instances | jq -r "[[.Reservations[].Instances[]|{ state: .State.Name, type: .InstanceType }]|group_by(.state)|.[]|{state: .[0].state, types: [.[].type]|[group_by(.)|.[]|{type: .[0], count: ([.[]]|length)}] }]"

Output:


[ { "state": "running", "types": [ { "type": "t3.small", "count": 1 } ] } ]

How many instances of each type do I have, and in what states

Run:


aws ec2 describe-security-groups | jq '[ .SecurityGroups[].IpPermissions[] as $a | { "ports": [($a.FromPort|tostring),($a.ToPort|tostring)]|unique, "cidr": $a.IpRanges[].CidrIp } ] | [group_by(.cidr)[] | { (.[0].cidr): [.[].ports|join("-")]|unique }] | add'

Output:


"172.0.0.0/8": [ "3306", "6379" ], "172.31.0.0/16": [ "5439" ],
,