AWS CLI Examples

aws-cli.sh

# ********** EC2 ***********

# describe ec2 instances
aws ec2 describe-instances \
    --query 'Reservations[*].Instances[*].[InstanceId,Tags[?Key==`Name`].Value|[0],State.Name,
            PrivateIpAddress,PublicIpAddress]' \
    --output table

# stopped instances
aws ec2 describe-instances --filter Name=instance-state-name,Values=stopped \
    --query 'Reservations[].Instances[].{ID:InstanceId, Name:Tags[?Key==`Name`].Value|[0]}' \
    --output table

# matching pattern
PATTERN=__REPLACE_ME__
aws ec2 describe-instances --filter "Name=tag:Name,Values=$PATTERN" \
    --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value'

# ********** Security Group ***********

# find security group id from group name
GROUP_NAME=__REPLACE_ME__
VPC_ID=__REPLACE_ME__
aws ec2 describe-security-groups \
    --filters Name=group-name,Values=$GROUP_NAME \
        Name=vpc-id,Values=$VPC_ID \
    --query 'SecurityGroups[*].GroupId' \
    --output text

# ********** RDS ***********

# describe rds instances
aws rds describe-db-instances \
    --query 'DBInstances[*].{ID:DBInstanceIdentifier,Name:DBName,EngineName:Engine,Version:EngineVersion,
            Public:PubliclyAccessible,Type:DBInstanceClass,OptionGroup:OptionGroupMemberships[*].OptionGroupName|[0],
            VpcId:DBSubnetGroup.VpcId}'  \
    --output table

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# modify RDS instances matching pattern DB_SEARCH_TERM
# changes: option group, publicly accessible, master password and update vpc security group

OPTION_GROUP_NAME=__REPLACE_ME__
MASTER_PASSWORD=__REPLACE_ME__
SECURITY_GROUP_PREFIX=__REPLACE_ME__
DB_SEARCH_TERM=__REPLACE_ME__

DATABASE_INSTANCE_LIST=$(aws rds describe-db-instances \
    --query 'DBInstances[*].{ID:DBInstanceIdentifier}' \
    --output text | grep $DB_SEARCH_TERM | tr '\n' ' ')

for db in ${DATABASE_INSTANCE_LIST}; do
    vpc_id=$(aws rds describe-db-instances \
        --db-instance-identifier $db \
        --query 'DBInstances[*].DBSubnetGroup.VpcId' \
        --output text)

    existing_vpc_security_group_ids=$(aws rds describe-db-instances \
        --db-instance-identifier $db \
        --query 'DBInstances[*].VpcSecurityGroups[*].VpcSecurityGroupId' \
        --output text)

    new_security_group_id=$(aws ec2 describe-security-groups \
        --filters Name=group-name,Values=${SECURITY_GROUP_PREFIX}${vpc_id} Name=vpc-id,Values=${vpc_id} \
        --query 'SecurityGroups[*].GroupId' \
        --output text)

    # option group, public, master pwd, apply immediately
    aws rds modify-db-instance \
        --db-instance-identifier $db \
        --apply-immediately \
        --option-group-name $OPTION_GROUP_NAME \
        --publicly-accessible \
        --master-user-password $MASTER_PASSWORD \
        --vpc-security-group-ids $existing_vpc_security_group_ids $new_security_group_id
done 2>&1 | tee modify-db.log.2


# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# ********** S3 ***********

# Copy files from S3 matching pattern
BUCKET_NAME=__REPLACE_ME__
FOLDER_NAME=__REPLACE_ME__
PATTERN="__REPLACE_ME*__"
aws s3 cp s3://${BUCKET_NAME}/${FOLDER_NAME}/ . --recursive --exclude "*" --include "${PATTERN}"

# list objects matching pattern
BUCKET_NAME=__REPLACE_ME__
PATTERN=__REPLACE_ME__
aws s3api list-objects --bucket ${BUCKET_NAME} --prefix "${PATTERN}" --query 'Contents[*].{fn:Key,lm:LastModified}' --output table

# ********** Load Balancer ***********

# Policies attachced to listeners
aws elb describe-load-balancers --query LoadBalancerDescriptions[*].[LoadBalancerName,ListenerDescriptions]  | grep -i policy

# Policies attachced to backend
aws elb describe-load-balancers --query LoadBalancerDescriptions[*].[LoadBalancerName,BackendServerDescriptions]  | grep -i policy