AWS Cloud9 CLI
Create a new Cloud9 in us-west-2.
Select t3.small
Linux Update
Run:
sudo yum -y update
sudo sed 's/enabled = 0/enabled = 1/' /etc/yum/pluginconf.d/priorities.conf
sudo yum -y upgrade
Output:
[...]
Complete!
Update AWS CLI
Check current AWS CLI version.
Run:
aws --version
Output:
aws-cli/1.8.3 Python/3.9.11 Linux/5.4.0-1086-aws exe/x86_64.ubuntu.18 prompt/off
If it is version 1.x, then update AWS CLI.
Run:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
/usr/local/bin/aws --version
Output:
[...]
aws-cli/2.11.13 Python/3.11.3 Linux/4.14.311-233.529.amzn2.x86_64 exe/x86_64.amzn.2 prompt/off
Reboot to use the CLI version 2.
Run:
sudo reboot
Output:
Cloud9 is rebooting and wait for 1 min to connect to your Cloud9 again.
Install Python SDK boto3
Run:
pip3 install boto3
Output:
[...]
Installing collected packages: botocore, s3transfer, boto3
Successfully installed boto3-1.26.115 botocore-1.29.115 s3transfer-0.6.0
Setup/Check AKSK
Setup AKSK
Run:
aws configure
Output:
AWS Access Key ID [****************ZXD2]:
Press Ctrl+C to quit. Wait for a while, run aws configure again. You will see another Access Key ID. Cloud9 is not using a static AKSK. It is using a temporary role.
Read current temporary AKSK
Run:
cd ~/.aws
more credentials
Output:
# Do not modify this file, if this file is modified it will not be updated. If the file is deleted, i
t will be recreated on Mon Oct 17 2022 03:59:34 GMT+0000 (Coordinated Universal Time).
# cc2ac3f11365c46d67a21bc6a53f7effaef3704fbc4ea9e58554655175823d2c #
[default]
aws_access_key_id=ASIAZJY3635BTUAYXEWQ
aws_secret_access_key=VKetTtWt3VDHEcyiYyDQ8lZhfCJxYUi5wtXiEkci
aws_session_token =
region=ap-east-1
Role
Check current IAM Role
Run:
aws sts get-caller-identity
Output:
Check other Role
Run:
aws sts get-caller-identity --query Arn
Output:
"arn:aws:sts::639471902531:assumed-role/eksworkshop-admin/i-0c7bf0fd7e7197e91"
Get user info
Run:
aws iam get-user
Output:
{
"User": {
"Path": "/",
"UserName": "raytsang",
"UserId": "AIDAZJY3635BXSEF4LCO4",
"Arn": "arn:aws:iam::639471902531:user/raytsang",
"CreateDate": "2019-07-11T08:07:34+00:00",
"PasswordLastUsed": "2023-04-19T00:36:14+00:00",
"Tags": [
{
"Key": "AKIAZJY3635BQP5FIIWC ",
"Value": "AWS Macbook"
}
]
}
}
Meta Data
Check Meta-data
Run:
curl -s http://169.254.169.254/latest/meta-data
Output:
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hostname
iam/
identity-credentials/
instance-action
instance-id
instance-life-cycle
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
reservation-id
security-groups
services/
jq
Install jq
we can display a beautified json in terminal by using jq. We can find more details in jqplay.org
Run:
sudo yum -y install jq
Output:
[...]
Installed:
jq.x86_64 0:1.6-2.el7
Complete!
Test jq
Check IAM User created year.
Run:
aws iam get-user | jq -r ".User.CreateDate[:4]"
Output:
2019
Find current region name.
Run:
aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]'
Output:
us-west-2
Find current region name by jq.
Run:
aws ec2 describe-availability-zones | jq -r '.AvailabilityZones[0].RegionName'
Output:
us-west-2
Find services that I am using by jq.
Run:
aws ce get-cost-and-usage --time-period Start=$(date "+%Y-%m-01" -d "-1 Month"),End=$(date --date="$(date +'%Y-%m-01') - 1 second" -I) --granularity MONTHLY --metrics UsageQuantity --group-by Type=DIMENSION,Key=SERVICE | jq '.ResultsByTime[].Groups[] | select(.Metrics.UsageQuantity.Amount > 0) | .Keys[0]'
Output:
"AWS CloudTrail"
"AWS Config"
"AWS DeepRacer"
"AWS Directory Service"
"AWS Key Management Service"
"AWS Lambda"
Find services that cost me by jq.
Run:
aws ce get-cost-and-usage --time-period Start=$(date "+%Y-%m-01"),End=$(date --date="$(date +'%Y-%m-01') + 1 month - 1 second" -I) --granularity MONTHLY --metrics USAGE_QUANTITY BLENDED_COST --group-by Type=DIMENSION,Key=SERVICE | jq '[ .ResultsByTime[].Groups[] | select(.Metrics.BlendedCost.Amount > "0") | { (.Keys[0]): .Metrics.BlendedCost } ] | sort_by(.Amount) | add'
Output:
{
"AWS Config": {
"Amount": "0.563",
"Unit": "USD"
},
"AWS DeepRacer": {
"Amount": "0.1637677487",
"Unit": "USD"
},
"AWS Directory Service": {
"Amount": "63.0430441641",
"Unit": "USD"
},
"AWS Key Management Service": {
"Amount": "1.763888903",
"Unit": "USD"
},
"AWS Lambda": {
"Amount": "0.000001503",
"Unit": "USD"
},
[...]
How many instances of each type do I have, and in what states
Run:
aws ec2 describe-instances | jq -r "[[.Reservations[].Instances[]|{ state: .State.Name, type: .InstanceType }]|group_by(.state)|.[]|{state: .[0].state, types: [.[].type]|[group_by(.)|.[]|{type: .[0], count: ([.[]]|length)}] }]"
Output:
[
{
"state": "running",
"types": [
{
"type": "t3.small",
"count": 1
}
]
}
]
How many instances of each type do I have, and in what states
Run:
aws ec2 describe-security-groups | jq '[ .SecurityGroups[].IpPermissions[] as $a | { "ports": [($a.FromPort|tostring),($a.ToPort|tostring)]|unique, "cidr": $a.IpRanges[].CidrIp } ] | [group_by(.cidr)[] | { (.[0].cidr): [.[].ports|join("-")]|unique }] | add'
Output:
"172.0.0.0/8": [
"3306",
"6379"
],
"172.31.0.0/16": [
"5439"
],