This is a tool for automating common tasks using the AWS CLI. I got tired of typing in long strings of AWS CLI commands and having to remember all the options and parameters. Yes, shell scripts can be created to do things like find instance IDs, start SSM sessions, log in to different environments, etc. But I, and other members of my team, need to flip back and forth between Windows, Linux, and MacOS. Having to maintain scripts for PowerShell, bash, zsh, and who knows what else, is a pain.
Thus, the awsutil tool was born. The aim is to have the tool minimize the amount of typing, "learn" your most common settings, and generally just help get the job done and get out of the way.
This tool automates calls to the AWS CLI, so please ensure that the AWS CLI and the SSM plugin are installed and available in your PATH.
This tool is written in Go, so can be compiled for Windows, Mac, or Linux. It requires a single executable and its configuration file.
First, make sure you have a working installation of Go on your machine (I always have the very latest version installed). The code has zero dependencies, so it will compile without any package installation shenanigans.
go buildYou should now have an executable (awsutil.exe if you're on Windows, awsutil otherwise).
It's a good practice to have a bin folder in your user home folder that's also in your PATH, but you can put it wherever you'd like. Copy the executable to your chosen location. You're all set!
Let's say we have profiles called dev and prod, we log in using the dev profile with the AWS CLI like this:
aws sso login --profile devWe can do the same thing with awsutil:
awsutil login --profile devBut nothing is gained by using awsutil like this, so let's simplify it by setting dev as the default profile for all our commands:
awsutil configure --profile devNow, we can log in like so:
awsutil loginThis gets more useful with other commands.
To get a filtered list of EC2 instances, e.g. anything starting with the word "example", we would need to run a command like this:
aws --profile dev ec2 describe-instances --query "Reservations[*].Instances[*].{Instance:InstanceId,AZ:Placement.AvailabilityZone,Name:Tags[?Key=='Name']|[0].Value}" --filters 'Name=tag:Name,Values=example*' --output=tableWe can simplify this:
awsutil instances example --profile devBut wait... We've already set dev as our default profile using awsutil configure --profile dev. So we can just use:
awsutil instances exampleThis will print out something like this:
Instances
example-app-stg-asg: i-0c15ff251abee847f
...
We're going to work quite a bit with the i-0c15ff251abee847f instance, so let's set it as our default:
awsutil configure --instance i-0c15ff251abee847fBecause we've saved our defaults, there will be a new file called awsutil_config.json in the same location as the executable. It should look something like this:
{
"defaultProfile": "dev",
"defaultInstance": "i-0c15ff251abee847f"
}We would normally create an SSM session like this:
aws sso login --profile dev
aws ssm --profile dev start-session --target i-0c15ff251abee847fWith awsutil, we would do the same thing like this:
awsutil terminalWe can launch a terminal using a different profile by specifying the profile and instance ID if they're not the ones we saved as our defaults:
awsutil terminal --profile prod --instance i-0c15ff251abee847fWe can start a bastion host tunnel, but this requires a few parameters so we first need to configure them. We need the bastion instance ID, the host we want to tunnel to, the remote port we want to forward, and the local port.
awsutil configure -profile <profile> -bastion-instance <instance ID> -bastion-host <host name> -bastion-port <port> -bastion-local <local port>This all gets stored in the awsutil_config.json file. Now, to start the tunnel, it's as simple as this:
awsutil bastionAlternatively, we can start the tunnel the first time and save the settings in one go:
awsutil bastion -profile <profile> -bastion-instance <instance ID> -bastion-host <host name> -bastion-port <port> -bastion-local <local port>After this, we can start our tunnel again with just awsutil bastion.
If we try to issue an AWS CLI command without first logging in, or after our session has expired, we would get a rude response. We'd then need to log in, then re-attempt our command. This is simplified with awsutil because it determines if we don't have a valid authentication session and will log in with our default profile before executing the command.
So using:
awsutil terminal
is the same as doing:
awsutil login
awsutil terminalWe've used awsutil configure to save our default profile and instance ID. What if we forget to do this or don't want to do this up front? If we do something like:
awsutil instances --profile devthe profile will automatically get saved in the config file, so the next time you want to retrieve instances, you just need to run:
awsutil instancesWhat if you want to start an SSM session to an instance you already know and this is the first time you're using awsutil? We can kill two proverbial birds with one stone:
awsutil terminal --profile dev i-0c15ff251abee847fThe profile and instance ID will automatically get saved, an SSO authentication session will be created, and you will be connected to the instance via an SSM terminal session. Then you'd simply use awsutil terminal to log into the instance again later.
Let's simplify even further. If the filter we supply for the awsutil instances command results in just one instance being returned, awsutil will save that instance ID as your default. Let's try it. First, delete the awsutil_config.json file so we're sure we have no defaults saved. Then issue do something like this, where the filter parameter ensures that we get just one instance back:
awsutil instances --profile spg very-specific-prefix
awsutil terminalBoth the profile and the resultant instance ID from the 1st command will be remembered for further commands.