Skip to content

Instantly share code, notes, and snippets.

@patlachance

patlachance/howto.md

Last active September 6, 2021 10:24
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save patlachance/11318895554df00616fa5709a110720a to your computer and use it in GitHub Desktop.
Save patlachance/11318895554df00616fa5709a110720a to your computer and use it in GitHub Desktop.
Download ZIP
AWS Cli - Useful commands
Raw
howto.md

KMS

Get all keys

for k in $(aws kms list-keys | jq -r '.[] | .[].KeyId'); 
  do aws kms describe-key --key-id $k | jq -r '.KeyMetadata)';
done

Output

{
  "AWSAccountId": "xxxxxxxxxxxx",
  "KeyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "KeyId": "2d52f6f5-6b78-45fe-b210-853331c16c54",
  "Arn": "arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "CreationDate": 1584877130.475,
  "Enabled": true,
  "Description": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "KeyUsage": "ENCRYPT_DECRYPT",
  "KeyState": "Enabled",
  "Origin": "AWS_KMS",
  "KeyManager": "CUSTOMER",
  "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
  "EncryptionAlgorithms": [
    "SYMMETRIC_DEFAULT"
  ]
}

Describe all customer keys

for k in $(aws kms list-keys | jq -r '.[] | .[].KeyId'); 
  do aws kms describe-key --key-id $k | jq -r '.KeyMetadata | select(.KeyManager=="CUSTOMER")';
done

Output

{
  "AWSAccountId": "xxxxxxxxxxxx",
  "KeyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "KeyId": "2d52f6f5-6b78-45fe-b210-853331c16c54",
  "Arn": "arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "CreationDate": 1584877130.475,
  "Enabled": true,
  "Description": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "KeyUsage": "ENCRYPT_DECRYPT",
  "KeyState": "Enabled",
  "Origin": "AWS_KMS",
  "KeyManager": "CUSTOMER",
  "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
  "EncryptionAlgorithms": [
    "SYMMETRIC_DEFAULT"
  ]
}

Describe all customer keys and extract specific attributes

for k in $(aws kms list-keys | jq -r '.[] | .[].KeyId'); 
  do aws kms describe-key --key-id $k | jq -r '.KeyMetadata | select(.KeyManager=="CUSTOMER") \
       | {keyId: .KeyId, CreationDate: .CreationDate, Description: .Description} | .CreationDate |= (todate)';
done

Output

{
  "keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "CreationDate": "2020-03-22T11:38:50Z",
  "Description": "xxxxxxxxxxxxxxxxxxxxxxx"
}

Describe all customer keys and extract specific attributes and format as table

for k in $(aws kms list-keys | jq -r '.[] | .[].KeyId'); 
  do aws kms describe-key --key-id $k | jq -r '.KeyMetadata | select(.KeyManager=="CUSTOMER") \
      | {keyId: .KeyId, CreationDate: .CreationDate, Description: .Description} \
      | .CreationDate |= (todate) | [.]';
done | jq -r '[.[]| with_entries( .key |= ascii_downcase ) ] \
             | (.[0] |keys_unsorted | @tsv), (.[]|.|map(.) |@tsv)' \
     | column -t```

Output

keyid creationdate description
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2020-03-22T11:38:50Z xxxxxxxxxxxx


## List Internet Gateways in all regions

$ for region in $(aws ec2 describe-regions | jq -r '.[] | .[] | .RegionName'); do echo region: $region; aws --region $region ec2 describe-internet-gateways | jq -r '.[] | .[] | .InternetGatewayId'; done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment