Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
137 lines (114 sloc) 4.11 KB
[toplevel]
whoami = sts get-caller-identity
create-assume-role =
!f() {
aws iam create-role --role-name "${1}" \
--assume-role-policy-document \
"{\"Statement\":[{\
\"Action\":\"sts:AssumeRole\",\
\"Effect\":\"Allow\",\
\"Principal\":{\"Service\":\""${2}".amazonaws.com\"},\
\"Sid\":\"\"\
}],\
\"Version\":\"2012-10-17\"\
}";
}; f
running-instances = ec2 describe-instances \
--filter Name=instance-state-name,Values=running \
--output table \
--query 'Reservations[].Instances[].{ID: InstanceId,Hostname: PublicDnsName,Name: Tags[?Key==`Name`].Value | [0],Type: InstanceType, Platform: Platform || `Linux`}'
ebs-volumes= ec2 describe-volumes \
--query 'Volumes[].{VolumeId: VolumeId,State: State,Size: Size,Name: Tags[0].Value,AZ: AvailabilityZone}' \
--output table
amazon-linux-amis = ec2 describe-images \
--filter \
Name=owner-alias,Values=amazon \
Name=name,Values="amzn-ami-hvm-*" \
Name=architecture,Values=x86_64 \
Name=virtualization-type,Values=hvm \
Name=root-device-type,Values=ebs \
Name=block-device-mapping.volume-type,Values=gp2 \
--query "reverse(sort_by(Images, &CreationDate))[*].[ImageId,Name,Description]" \
--output text
list-sgs = ec2 describe-security-groups --query "SecurityGroups[].[GroupId, GroupName]" --output text
sg-rules = !f() { aws ec2 describe-security-groups \
--query "SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,join(',',IpRanges[].CidrIp)]" \
--group-id "$1" --output text; }; f
tostring =
!f() {
jp -f "${1}" 'to_string(@)'
}; f
tostring-with-jq =
!f() {
cat "${1}" | jq 'tostring'
}; f
authorize-my-ip =
!f() {
ip=$(aws myip)
aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
}; f
get-group-id =
!f() {
aws ec2 describe-security-groups --filters Name=group-name,Values=${1} --query SecurityGroups[0].GroupId --output text
}; f
authorize-my-ip-by-name =
!f() {
group_id=$(aws get-group-id "${1}")
aws authorize-my-ip "$group_id"
}; f
# list all security group port ranges open to 0.0.0.0/0
public-ports = ec2 describe-security-groups \
--filters Name=ip-permission.cidr,Values=0.0.0.0/0 \
--query 'SecurityGroups[].{
GroupName:GroupName,
GroupId:GroupId,
PortRanges:
IpPermissions[?contains(IpRanges[].CidrIp, `0.0.0.0/0`)].[
join(`:`, [IpProtocol, join(`-`, [to_string(FromPort), to_string(ToPort)])])
][]
}'
# List or set your region
region = !f() { [[ $# -eq 1 ]] && aws configure set region "$1" || aws configure get region; }; f
find-access-key = !f() {
clear_to_eol=$(tput el)
for i in $(aws iam list-users --query "Users[].UserName" --output text); do
printf "\r%sSearching...$i" "${clear_to_eol}"
result=$(aws iam list-access-keys --output text --user-name "${i}" --query "AccessKeyMetadata[?AccessKeyId=='${1}'].UserName";)
if [ -n "${result}" ]; then
printf "\r%s%s is owned by %s.\n" "${lear_to_eol}" "$1" "${result}"
break
fi
done
if [ -z "${result}" ]; then
printf "\r%sKey not found." "${clear_to_eol}"
fi
}; f
docker-ecr-login =
!f() {
region=$(aws configure get region)
endpoint=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].proxyEndpoint)
passwd=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].authorizationToken | base64 --decode | cut -d: -f2)
docker login -u AWS -p $passwd $endpoint
}; f
myip =
!f() {
dig +short myip.opendns.com @resolver1.opendns.com
}; f
allow-my-ip =
!f() {
my_ip=$(aws myip)
aws ec2 authorize-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
}; f
revoke-my-ip =
!f() {
my_ip=$(aws myip)
aws ec2 revoke-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
}; f
allow-my-ip-all =
!f() {
aws allow-my-ip ${1} all all
}; f
revoke-my-ip-all =
!f() {
aws revoke-my-ip ${1} all all
}; f