- Installation
- EC2
- UTIL: List all instances
- UTIL: List specific fields of all instances
- UTIL: List all instances of a product
- UTIL: List all stopped instances
- UTIL: List all stopped instances with ElasticIP
- UTIL: List all snapshots in the date specified
- SEC: List all snapshots without encryption
- SEC: List SecurityGroups with SSH open to Internet
- IAM
- S3
- RDS
Ref: https://docs.aws.amazon.com/es_es/cli/latest/userguide/cli-chap-welcome.html
Function | Command |
---|---|
Install awscli | pip3 install awscli --upgrade --user |
Configuring awscli | aws configure |
aws ec2 describe-instances
aws ec2 describe-instances \
--query "Reservations[].Instances[].[InstanceId, PublicIpAddress, Tags[?Key=='Name']|[0].Value]"
aws ec2 describe-instances \
--filter "Name=tag:Name,Values=latch*" \
--query "Reservations[].Instances[].[InstanceId, PublicIpAddress, Tags[?Key=='Name']|[0].Value]"
aws ec2 describe-instances \
--filters Name=instance-state-name,Values=stopped
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].PublicIpAddress" \
--filters Name=instance-state-name,Values=stopped
aws ec2 describe-snapshots \
--filters Name=start-time,Values=2019-01-05*
aws ec2 describe-snapshots \
--filters "Name=encrypted,Values=false"
aws ec2 describe-security-groups \
--filters Name=ip-permission.from-port,Values=22 Name=ip-permission.to-port,Values=22 Name=ip-permission.cidr,Values='0.0.0.0/0' \
--query 'SecurityGroups[*].{Name:GroupName}' \
--output table
aws iam list-server-certificates
aws iam list-policies
aws iam list-attached-group-policies \
--group-name ec2-Users
aws iam get-group \
--group-name ec2-users \
--query "Users[]"
aws iam list-groups-for-user \
--user-name aws-admin2
aws iam list-access-keys \
--user-name aws-admin2 \
--query 'AccessKeyMetadata[?Status=="Active"].[CreateDate]'
if [[ $(aws iam list-mfa-devices --user-name root --output text) ]]; then echo "MFA Enabled"; else echo "MFA Disabled";fi
aws s3 ls
aws s3api list-objects \
--bucket pre-cdo-web-resources \
--query 'Contents[].{Key: Key, Size: Size}' \
--output text
aws s3api list-buckets \
--query 'Buckets[*].[Name]' \
--output text \
|xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then echo {} ; fi'
aws s3api list-buckets \
--query 'Buckets[*].[Name]' \
--output text \
|xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`WRITE`]'"'"' --output text) ]]; then echo {} ; fi'
aws s3api list-buckets \
--query 'Buckets[*].[Name]' \
--output text \
| xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then echo {} ; fi'
aws rds describe-db-instances \
--query 'DBInstances[].DBInstanceIdentifier'
aws rds describe-db-instances \
--query 'DBInstances[*].[DBInstanceIdentifier]' \
--output text \
| xargs -I {} bash -c 'if [[ $(aws rds describe-db-instances --db-instance-identifier {} --query '"'"'DBInstances[*].DeletionProtection'"'"' --output text) == False ]]; then echo {} ; fi'
aws rds describe-db-instances \
--query 'DBInstances[?PubliclyAccessible=="true"].[DBInstanceIdentifier,Endpoint.Address]'