alias

[toplevel]

whoami = sts get-caller-identity

create-assume-role =
  !f() {
    aws iam create-role --role-name "${1}" \
      --assume-role-policy-document \
        "{\"Statement\":[{\
            \"Action\":\"sts:AssumeRole\",\
            \"Effect\":\"Allow\",\
            \"Principal\":{\"Service\":\""${2}".amazonaws.com\"},\
            \"Sid\":\"\"\
          }],\
          \"Version\":\"2012-10-17\"\
        }";
  }; f


running-instances = ec2 describe-instances \
    --filter Name=instance-state-name,Values=running \
    --output table \
    --query 'Reservations[].Instances[].{ID: InstanceId,Hostname: PublicDnsName,Name: Tags[?Key==`Name`].Value | [0],Type: InstanceType, Platform: Platform || `Linux`}'

ebs-volumes= ec2 describe-volumes \
    --query 'Volumes[].{VolumeId: VolumeId,State: State,Size: Size,Name: Tags[0].Value,AZ: AvailabilityZone}' \
    --output table

amazon-linux-amis = ec2 describe-images \
    --filter \
      Name=owner-alias,Values=amazon \
      Name=name,Values="amzn-ami-hvm-*" \
      Name=architecture,Values=x86_64 \
      Name=virtualization-type,Values=hvm \
      Name=root-device-type,Values=ebs \
      Name=block-device-mapping.volume-type,Values=gp2 \
    --query "reverse(sort_by(Images, &CreationDate))[*].[ImageId,Name,Description]" \
    --output text

list-sgs = ec2 describe-security-groups --query "SecurityGroups[].[GroupId, GroupName]" --output text

sg-rules = !f() { aws ec2 describe-security-groups \
    --query "SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,join(',',IpRanges[].CidrIp)]" \
    --group-id "$1" --output text; }; f

tostring =
  !f() {
    jp -f "${1}" 'to_string(@)'
  }; f

tostring-with-jq =
  !f() {
    cat "${1}" | jq 'tostring'
  }; f

authorize-my-ip =
  !f() {
    ip=$(aws myip)
    aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
  }; f

get-group-id =
  !f() {
    aws ec2 describe-security-groups --filters Name=group-name,Values=${1} --query SecurityGroups[0].GroupId --output text
  }; f

authorize-my-ip-by-name =
  !f() {
    group_id=$(aws get-group-id "${1}")
    aws authorize-my-ip "$group_id"
  }; f

# list all security group port ranges open to 0.0.0.0/0
public-ports = ec2 describe-security-groups \
  --filters Name=ip-permission.cidr,Values=0.0.0.0/0 \
  --query 'SecurityGroups[].{
    GroupName:GroupName,
    GroupId:GroupId,
    PortRanges:
      IpPermissions[?contains(IpRanges[].CidrIp, `0.0.0.0/0`)].[
        join(`:`, [IpProtocol, join(`-`, [to_string(FromPort), to_string(ToPort)])])
      ][]
  }'

# List or set your region
region = !f() { [[ $# -eq 1 ]] && aws configure set region "$1" || aws configure get region; }; f

find-access-key = !f() {
    clear_to_eol=$(tput el)
    for i in $(aws iam list-users --query "Users[].UserName" --output text); do
      printf "\r%sSearching...$i" "${clear_to_eol}"
      result=$(aws iam list-access-keys --output text --user-name "${i}" --query "AccessKeyMetadata[?AccessKeyId=='${1}'].UserName";)
      if [ -n "${result}" ]; then
         printf "\r%s%s is owned by %s.\n" "${lear_to_eol}" "$1" "${result}"
         break
      fi
    done
    if [ -z "${result}" ]; then
      printf "\r%sKey not found." "${clear_to_eol}"
    fi
  }; f

docker-ecr-login =
  !f() {
    region=$(aws configure get region)
    endpoint=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].proxyEndpoint)
    passwd=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].authorizationToken | base64 --decode | cut -d: -f2)
    docker login -u AWS -p $passwd $endpoint
  }; f

myip =
  !f() {
    dig +short myip.opendns.com @resolver1.opendns.com
  }; f

allow-my-ip =
  !f() {
    my_ip=$(aws myip)
    aws ec2 authorize-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
  }; f

revoke-my-ip =
  !f() {
    my_ip=$(aws myip)
    aws ec2 revoke-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
  }; f

allow-my-ip-all =
  !f() {
    aws allow-my-ip ${1} all all
  }; f

revoke-my-ip-all =
  !f() {
    aws revoke-my-ip ${1} all all
  }; f
	[toplevel]

	whoami = sts get-caller-identity

	create-assume-role =
	!f() {
	aws iam create-role --role-name "${1}" \
	--assume-role-policy-document \
	"{\"Statement\":[{\
	\"Action\":\"sts:AssumeRole\",\
	\"Effect\":\"Allow\",\
	\"Principal\":{\"Service\":\""${2}".amazonaws.com\"},\
	\"Sid\":\"\"\
	}],\
	\"Version\":\"2012-10-17\"\
	}";
	}; f


	running-instances = ec2 describe-instances \
	--filter Name=instance-state-name,Values=running \
	--output table \
	--query 'Reservations[].Instances[].{ID: InstanceId,Hostname: PublicDnsName,Name: Tags[?Key==`Name`].Value \| [0],Type: InstanceType, Platform: Platform \|\| `Linux`}'

	ebs-volumes= ec2 describe-volumes \
	--query 'Volumes[].{VolumeId: VolumeId,State: State,Size: Size,Name: Tags[0].Value,AZ: AvailabilityZone}' \
	--output table

	amazon-linux-amis = ec2 describe-images \
	--filter \
	Name=owner-alias,Values=amazon \
	Name=name,Values="amzn-ami-hvm-*" \
	Name=architecture,Values=x86_64 \
	Name=virtualization-type,Values=hvm \
	Name=root-device-type,Values=ebs \
	Name=block-device-mapping.volume-type,Values=gp2 \
	--query "reverse(sort_by(Images, &CreationDate))[*].[ImageId,Name,Description]" \
	--output text

	list-sgs = ec2 describe-security-groups --query "SecurityGroups[].[GroupId, GroupName]" --output text

	sg-rules = !f() { aws ec2 describe-security-groups \
	--query "SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,join(',',IpRanges[].CidrIp)]" \
	--group-id "$1" --output text; }; f

	tostring =
	!f() {
	jp -f "${1}" 'to_string(@)'
	}; f

	tostring-with-jq =
	!f() {
	cat "${1}" \| jq 'tostring'
	}; f

	authorize-my-ip =
	!f() {
	ip=$(aws myip)
	aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
	}; f

	get-group-id =
	!f() {
	aws ec2 describe-security-groups --filters Name=group-name,Values=${1} --query SecurityGroups[0].GroupId --output text
	}; f

	authorize-my-ip-by-name =
	!f() {
	group_id=$(aws get-group-id "${1}")
	aws authorize-my-ip "$group_id"
	}; f

	# list all security group port ranges open to 0.0.0.0/0
	public-ports = ec2 describe-security-groups \
	--filters Name=ip-permission.cidr,Values=0.0.0.0/0 \
	--query 'SecurityGroups[].{
	GroupName:GroupName,
	GroupId:GroupId,
	PortRanges:
	IpPermissions[?contains(IpRanges[].CidrIp, `0.0.0.0/0`)].[
	join(`:`, [IpProtocol, join(`-`, [to_string(FromPort), to_string(ToPort)])])
	][]
	}'

	# List or set your region
	region = !f() { [[ $# -eq 1 ]] && aws configure set region "$1" \|\| aws configure get region; }; f

	find-access-key = !f() {
	clear_to_eol=$(tput el)
	for i in $(aws iam list-users --query "Users[].UserName" --output text); do
	printf "\r%sSearching...$i" "${clear_to_eol}"
	result=$(aws iam list-access-keys --output text --user-name "${i}" --query "AccessKeyMetadata[?AccessKeyId=='${1}'].UserName";)
	if [ -n "${result}" ]; then
	printf "\r%s%s is owned by %s.\n" "${lear_to_eol}" "$1" "${result}"
	break
	fi
	done
	if [ -z "${result}" ]; then
	printf "\r%sKey not found." "${clear_to_eol}"
	fi
	}; f

	docker-ecr-login =
	!f() {
	region=$(aws configure get region)
	endpoint=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].proxyEndpoint)
	passwd=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].authorizationToken \| base64 --decode \| cut -d: -f2)
	docker login -u AWS -p $passwd $endpoint
	}; f

	myip =
	!f() {
	dig +short myip.opendns.com @resolver1.opendns.com
	}; f

	allow-my-ip =
	!f() {
	my_ip=$(aws myip)
	aws ec2 authorize-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
	}; f

	revoke-my-ip =
	!f() {
	my_ip=$(aws myip)
	aws ec2 revoke-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
	}; f

	allow-my-ip-all =
	!f() {
	aws allow-my-ip ${1} all all
	}; f

	revoke-my-ip-all =
	!f() {
	aws revoke-my-ip ${1} all all
	}; f