Difference between revisions of "AWS/CLI"
< AWS
Jump to navigation
Jump to search
| Line 33: | Line 33: | ||
=== IAM server certificates === | === IAM server certificates === | ||
List IAM server certificates, delete a certificate | List IAM server certificates, delete a certificate | ||
aws iam list-server-certificates | grep ServerCertificateName | <source lang="bash"> | ||
aws iam list-server-certificates --output text --query 'ServerCertificateMetadataList[*].[Expiration,ServerCertificateName]' | sort | |||
aws iam list-server-certificates | grep <ServerCertificateName> | |||
aws iam delete-server-certificate --server-certificate-name <ServerCertificateName> | |||
</source> | |||
Upload a certificate to IAM | Upload a certificate to IAM | ||
aws iam upload-server-certificate --server-certificate-name | <source lang="bash"> | ||
aws iam upload-server-certificate --server-certificate-name cert_name --certificate-body file://cert_name.crt \ | |||
--certificate-chain file://cert_name.pem --private-key file://cert_name.key | |||
</source> | |||
Check expiry date | |||
<source lang="bash"> | |||
certificate_name=<ServerCertificateName> | |||
aws iam get-server-certificate --server-certificate-name $certificate_name --output text --query 'ServerCertificate.CertificateBody' | openssl x509 -text | less | |||
</source> | |||
=== List all instances and their status === | === List all instances and their status === | ||
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[State.Name,InstanceId,Tags[?Key==`Name`].Value]' --output text | aws ec2 describe-instances --query 'Reservations[*].Instances[*].[State.Name,InstanceId,Tags[?Key==`Name`].Value]' --output text | ||
Revision as of 13:13, 5 July 2018
Install AWS cli (command line)
curl -O https://bootstrap.pypa.io/get-pip.py python get-pip.py pip install awscli
or
sudo apt-get install awscli #it will update a lot of packages to Python3 but will leave 2.7 as default
Configure AWS credentials
Create default profile in ~/.aws/credentials file and ~/.aws/config file, the values are processed in this order.
aws configure aws ec2 describe-regions #to get a list all available regions
The /.aws/config profile sections must have the format of [profile profile-name], except for the default profile. For example:
# Example ~/.aws/config file [default] aws_access_key_id=*** aws_secret_access_key=*** [profile dev] aws_access_key_id=*** aws_secret_access_key=***
You can also use environment variables with handy described here
Examples
Create a reusable delegation set with a unique string '20170409'
aws route53 create-reusable-delegation-set --caller-reference 20170409
List the reusable-delegation-set created in ~/.aws/credentials profile
aws route53 list-reusable-delegation-sets --profile terraform-profile
IAM server certificates
List IAM server certificates, delete a certificate
aws iam list-server-certificates --output text --query 'ServerCertificateMetadataList[*].[Expiration,ServerCertificateName]' | sort aws iam list-server-certificates | grep <ServerCertificateName> aws iam delete-server-certificate --server-certificate-name <ServerCertificateName>
Upload a certificate to IAM
aws iam upload-server-certificate --server-certificate-name cert_name --certificate-body file://cert_name.crt \
--certificate-chain file://cert_name.pem --private-key file://cert_name.key
Check expiry date
certificate_name=<ServerCertificateName> aws iam get-server-certificate --server-certificate-name $certificate_name --output text --query 'ServerCertificate.CertificateBody' | openssl x509 -text | less
List all instances and their status
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[State.Name,InstanceId,Tags[?Key==`Name`].Value]' --output text
References
- AWScli config files
- [create-reusable-delegation-set http://docs.aws.amazon.com/cli/latest/reference/route53/create-reusable-delegation-set.html] aws . route53 cli
- [Configuring White Label Name Servers http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html] AWS docs