Created
October 9, 2023 14:01
-
-
Save cdoan1/f8538da52c8b6eafa73e3765d3cc42a0 to your computer and use it in GitHub Desktop.
01-get-resources.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| mask() { | |
| local n=8 # number of chars to leave | |
| local a="${1:0:${#1}-n}" # take all but the last n chars | |
| local b="${1:${#1}-n}" # take the final n chars | |
| printf "%s%s\n" "${a//?/*}" "$b" # substitute a with asterisks | |
| } | |
| PROFILE=${PROFILE} | |
| DEBUG=${DEBUG} | |
| echo | |
| if [ -z $PROFILE ]; then | |
| echo "AWS PROFILE needs to be defined." | |
| exit 1 | |
| fi | |
| echo "πΊ using profile $PROFILE" | |
| echo "πΊ using account " $(mask $(aws configure --profile $PROFILE get aws_access_key_id)) | |
| echo " default region " $(aws configure --profile $PROFILE get region) | |
| echo " availability zone " $(aws ec2 describe-availability-zones --profile $PROFILE | jq -r '.AvailabilityZones[].ZoneName' | wc -l) | |
| echo "β has non-default vpcs" $(aws ec2 describe-vpcs --profile $PROFILE | jq -r '.Vpcs[] | select(.IsDefault==false) | .VpcId' | wc -l) | |
| if [ ! -z $DEBUG ]; then | |
| echo "vpcs that should be deleted" | |
| aws ec2 describe-vpcs --profile $PROFILE | jq -r '.Vpcs[] | select(.IsDefault==false) | .VpcId' | |
| # aws ec2 describe-vpcs --profile $PROFILE | jq -r '.Vpcs[] | select(.IsDefault==false) | .VpcId,(.Tags[]? | select(.Key=="Name") | .Value)' | |
| fi | |
| echo "β has vpcs with tags" $(aws ec2 describe-vpcs --profile $PROFILE | jq -r '.Vpcs[].Tags[]?' | jq --slurp length) | |
| echo "β has ec2 instances" $(aws ec2 describe-instances --profile $PROFILE | jq -r '.Reservations[].Instances[] | select(.State.Name!="terminated") | .InstanceId' | wc -l) | |
| echo "β has ec2 subnets" $(aws ec2 describe-subnets --profile $PROFILE | jq -r '.Subnets | length') | |
| if [ ! -z $DEBUG ]; then | |
| aws ec2 describe-subnets --profile $PROFILE | jq -r '.Subnets' | |
| fi | |
| echo "β has ec2 subnets managed by osdfm " $(aws ec2 describe-subnets --filters "Name=tag:osdfm-managed,Values=true" --profile $PROFILE | jq -r ".Subnets | length") | |
| echo "β has ec2 subnets has route table association" $(aws ec2 describe-route-tables --profile $PROFILE | jq -r '.RouteTables[] | .Associations[]? | .SubnetId' | sort -u | wc -l) | |
| if [ ! -z $DEBUG ]; then | |
| aws ec2 describe-route-tables --profile $PROFILE | jq -r '.RouteTables[] | .Associations[]? | .SubnetId' | |
| aws ec2 describe-subnets \ | |
| --profile $PROFILE | jq -r '.Subnets[] | .SubnetId, (.Tags[]? | select(.Key=="Name") | .Value)' | |
| # aws ec2 describe-subnets \ | |
| # --profile $PROFILE | jq -r '.Subnets[] | select(.Tags[]?) | (.Tags[]? | select(.Key=="Name") | .Value)' | |
| fi | |
| if [ ! -z $DEBUG ]; then | |
| echo "route table and route table association" | |
| aws ec2 describe-route-tables --profile $PROFILE | jq -r '.RouteTables[]' | |
| aws ec2 describe-route-tables --profile $PROFILE | jq -r '.RouteTables[] | .Associations[]?' | |
| # aws ec2 disassociate-route-table --association-id rtbassoc-781d0d1a | |
| fi | |
| echo "β has ec2 acl managed by osdfm " $(aws ec2 describe-network-acls --profile $PROFILE --filters "Name=tag:osdfm-managed,Values=true" | jq -r '.NetworkAcls[].NetworkAclId' | wc -l) | |
| echo "β has ec2 acl ingress/egress entries count " $(aws ec2 describe-network-acls --profile $PROFILE --filters "Name=tag:osdfm-managed,Values=true" | jq -r '.NetworkAcls[].Entries[]' | jq -s '. | length') | |
| if [ ! -z $DEBUG ]; then | |
| # aws ec2 describe-network-acls --profile $PROFILE --filters "Name=tag:osdfm-managed,Values=true" | jq -r '.NetworkAcls[].Entries[]' | |
| aws ec2 describe-network-acls --profile $PROFILE --filters "Name=tag:osdfm-managed,Values=true" | jq -r '.NetworkAcls[].Entries[]' | jq -s '.' | jq -r '.[] | [.CidrBlock, .Egress, .RuleAction, .RuleNumber] | @csv' | column -t -s',' | |
| fi | |
| echo "β has ec2 volumes" $(aws ec2 describe-volumes --profile $PROFILE | jq -r '.Volumes[].CreateTime' | wc -l) | |
| if [ ! -z $DEBUG ]; then | |
| aws ec2 describe-volumes --profile $PROFILE | jq -r '.Volumes[].CreateTime' | |
| fi | |
| echo "β has iam users" $(aws iam list-users --profile $PROFILE | jq -r '.Users | length') | |
| if aws iam list-users --profile $PROFILE | jq -r '.Users' | grep hypershift_operator >/dev/null; then | |
| echo "β has hypershift_operator user" | |
| # aws iam list-user-policies --user-name hypershift_operator --profile $PROFILE | |
| # aws iam list-attached-user-policies --user-name hypershift_operator --profile $PROFILE | |
| # echo "β has policies attached to hypershift_operator" | |
| # HYPERSHIFT_POLICY_ARN=$(aws iam list-policies --profile $PROFILE | jq -r '.Policies[] | select(.PolicyName=="HyperShiftVpcEndpointFullAccess") | .Arn') | |
| echo "β hypershift policy arn" $(aws iam list-policies --profile $PROFILE | jq -r '.Policies[] | select(.PolicyName=="HyperShiftVpcEndpointFullAccess") | .Arn') | |
| fi | |
| # echo "β has hypershift-operator role" $(aws iam list-policies --profile $PROFILE | jq -r '.Policies[] | select(.PolicyName=="hypershift-operator")') | |
| # echo "β STS" | |
| echo "β has hypershift-operator roles exists " $(aws iam list-roles --profile $PROFILE | jq -r '.Roles[] | select(.Arn | contains("hypershift-operator")) | .RoleName') | |
| echo "β has policy attached to role " $(aws --profile $PROFILE iam list-attached-role-policies --role-name hypershift-operator | jq -r 'length') | |
| echo "β role AWSServiceRoleForElasticLoadBalancing CreateDate: " $(aws iam get-role --role-name AWSServiceRoleForElasticLoadBalancing --profile $PROFILE | jq -r '.Role.CreateDate') | |
| # KUBE=/Users/cdoan/workspace/2022/sprint-23/ocm_config_osdfleetmanager_integration | |
| # cluster_name=$(OCM_CONFIG=$KUBE ocm get /api/osd_fleet_mgmt/v1/management_clusters/$PROFILE 2>/dev/null | jq -r '.name') | |
| # if [ -z $cluster_name ]; then | |
| # cluster_name=$(OCM_CONFIG=$KUBE ocm get /api/osd_fleet_mgmt/v1/service_clusters/$PROFILE 2>/dev/null | jq -r '.name') | |
| # if [ -z $cluster_name ]; then | |
| # echo "β account claim associated with local FM" | |
| # else | |
| # echo "β ocm cluster name: " $cluster_name | |
| # fi | |
| # else | |
| # echo "β ocm cluster name: " $cluster_name | |
| # fi | |
| # echo "Check ACL" | |
| echo "----" | |
| # aws iam get-policy-version --policy-arn $HYPERSHIFT_POLCIY_ARN --profile $PROFILE --version-id v1 | |
| # echo "β hypershift policy v1" | |
| # # aws iam detach-user-policy --user-name osdCcsAdmin --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --profile $PROFILE | |
| # # aws iam delete-user --user-name osdCcsAdmin --profile $PROFILE | |
| # # aws iam detach-user-policy --user-name hypershift_operator --policy-arn "arn:aws:iam::546743646276:policy/HyperShiftVpcEndpointFullAccess" --profile $PROFILE | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment