Scribd
Upload
305 views8 pages

Aws Cheat Sheet

This document provides a summary of commands for interacting with AWS services via the AWS CLI. It includes sections on setting up the AWS CLI, managing IAM users, groups and policies, working with S3 buckets, EC2 keypairs and security groups, and using CloudTrail for auditing. Commands are shown for common tasks like creating, listing, modifying and deleting resources on each service.

Uploaded by

destiniprestini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
305 views8 pages

Aws Cheat Sheet

This document provides a summary of commands for interacting with AWS services via the AWS CLI. It includes sections on setting up the AWS CLI, managing IAM users, groups and policies, working with S3 buckets, EC2 keypairs and security groups, and using CloudTrail for auditing. Commands are shown for common tasks like creating, listing, modifying and deleting resources on each service.

Uploaded by

destiniprestini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

aws_cli_cheatsheet.

md
AWS CLI Cheatsheet

Setup
Overview
Virtualbox
Ubuntu 14.04 LTS VM, 64-bit http://releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso
create new machine, settings
System / Processor
Enable PAE/NX
System / Acceleration
Paravirtualization Interface: Default
Enable VT-x/AMD-V
Enable Nested Paging
Display / Screen
Video Memory: 128MB
Acceleration: Enable 3D Acceleration
boot
install
install Virtualbox Guest Additions, passwordless sudo
echo $USER
sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
sudo su
apt-get update
apt-get install -y build-essential dkms linux-headers-$(uname -r)
cd /media/aws-admin/
sh ./VBoxLinuxAdditions.run
shutdown now

install AWS CLI


sudo apt-get install -y python-dev python-pip
sudo pip install awscli
aws --version
aws configure

install AWS CLIv2


sudo apt-get install -y python-dev python-pip
sudo pip install awscli
aws --version
aws configure

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"


unzip awscliv2.zip
sudo ./aws/install

Bash one-liners
cat <file> # output a file
tee # split output into a file
cut -f 2 # print the 2nd column, per line
sed -n '5{p;q}' # print the 5th line in a file
sed 1d # print all lines, except the first
tail -n +2 # print all lines, starting on the 2nd
head -n 5 # print the first 5 lines
tail -n 5 # print the last 5 lines

expand # convert tabs to 4 spaces


unexpand -a # convert 4 spaces to tabs
wc # word count
tr ' ' \\t # translate / convert characters to other characters

sort # sort data


uniq # show only unique entries
paste # combine rows of text, by line
join # combine rows of text, by initial column value

Cloudtrail - Logging and Auditing


http://docs.aws.amazon.com/cli/latest/reference/cloudtrail/ 5 Trails total, with support for resource level permissions
# list all trails
aws cloudtrail describe-trails

# list all S3 buckets


aws s3 ls

# create a new trail


aws cloudtrail create-subscription \
--name awslog \
--s3-new-bucket awslog2016

# list the names of all trails


aws cloudtrail describe-trails --output text | cut -f 8

# get the status of a trail


aws cloudtrail get-trail-status \
--name awslog

# delete a trail
aws cloudtrail delete-trail \
--name awslog

# delete the S3 bucket of a trail


aws s3 rb s3://awslog2016 --force

# add tags to a trail, up to 10 tags


aws cloudtrail add-tags \
--resource-id awslog \
--tags-list "Key=log-type,Value=all"

# list the tags of a trail


aws cloudtrail list-tags \
--resource-id-list

# remove a tag from a trail


aws cloudtrail remove-tags \
--resource-id awslog \
--tags-list "Key=log-type,Value=all"
IAM
Users
https://blogs.aws.amazon.com/security/post/Tx15CIT22V4J8RP/How-to-rotate-access-keys-for-IAM-users
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html Limits = 5000 users, 100 group, 250 roles, 2 access keys
/ user
http://docs.aws.amazon.com/cli/latest/reference/iam/index.html
# list all user's info
aws iam list-users

# list all user's usernames


aws iam list-users --output text | cut -f 6

# list current user's info


aws iam get-user

# list current user's access keys


aws iam list-access-keys

# crate new user


aws iam create-user \
--user-name aws-admin2

# create multiple new users, from a file


allUsers=$(cat ./user-names.txt)
for userName in $allUsers; do
aws iam create-user \
--user-name $userName
done

# list all users


aws iam list-users --no-paginate

# get a specific user's info


aws iam get-user \
--user-name aws-admin2

# delete one user


aws iam delete-user \
--user-name aws-admin2

# delete all users


# allUsers=$(aws iam list-users --output text | cut -f 6);
allUsers=$(cat ./user-names.txt)
for userName in $allUsers; do
aws iam delete-user \
--user-name $userName
done

Password policy
http://docs.aws.amazon.com/cli/latest/reference/iam/
# list policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/get-account-password-policy.html
aws iam get-account-password-policy

# set policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/update-account-password-policy.html
aws iam update-account-password-policy \
--minimum-password-length 12 \
--require-symbols \
--require-numbers \
--require-uppercase-characters \
--require-lowercase-characters \
--allow-users-to-change-password
# delete policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/delete-account-password-policy.html
aws iam delete-account-password-policy

Access Keys
http://docs.aws.amazon.com/cli/latest/reference/iam/
# list all access keys
aws iam list-access-keys

# list access keys of a specific user


aws iam list-access-keys \
--user-name aws-admin2

# create a new access key


aws iam create-access-key \
--user-name aws-admin2 \
--output text | tee aws-admin2.txt

# list last access time of an access key


aws iam get-access-key-last-used \
--access-key-id AKIAINA6AJZY4EXAMPLE

# deactivate an acccss key


aws iam update-access-key \
--access-key-id AKIAI44QH8DHBEXAMPLE \
--status Inactive \
--user-name aws-admin2

# delete an access key


aws iam delete-access-key \
--access-key-id AKIAI44QH8DHBEXAMPLE \
--user-name aws-admin2

Groups, Policies, Managed Policies


http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html http://docs.aws.amazon.com/cli/latest/reference/iam/
# list all groups
aws iam list-groups

# create a group
aws iam create-group --group-name FullAdmins

# delete a group
aws iam delete-group \
--group-name FullAdmins

# list all policies


aws iam list-policies

# get a specific policy


aws iam get-policy \
--policy-arn <value>

# list all users, groups, and roles, for a given policy


aws iam list-entities-for-policy \
--policy-arn <value>

# list policies, for a given group


aws iam list-attached-group-policies \
--group-name FullAdmins

# add a policy to a group


aws iam attach-group-policy \
--group-name FullAdmins \
--policy-arn arn:aws:iam::aws:policy/AdministratorAccess
# add a user to a group
aws iam add-user-to-group \
--group-name FullAdmins \
--user-name aws-admin2

# list users, for a given group


aws iam get-group \
--group-name FullAdmins

# list groups, for a given user


aws iam list-groups-for-user \
--user-name aws-admin2

# remove a user from a group


aws iam remove-user-from-group \
--group-name FullAdmins \
--user-name aws-admin2

# remove a policy from a group


aws iam detach-group-policy \
--group-name FullAdmins \
--policy-arn arn:aws:iam::aws:policy/AdministratorAccess

# delete a group
aws iam delete-group \
--group-name FullAdmins

S3
https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html#cli-aws-s3api
# list existing S3 buckets
aws s3 ls

# create a bucket name, using the current date timestamp


bucket_name=test_$(date "+%Y-%m-%d_%H-%M-%S")
echo $bucket_name

# create a public facing bucket


aws s3api create-bucket --acl "public-read-write" --bucket $bucket_name

# verify bucket was created


aws s3 ls | grep $bucket_name

# check for public facing s3 buckets (should show the bucket name you created)

aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-a

# check for public facing s3 buckets, updated them to be private

aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-a

# check for public facing s3 buckets (should be empty)

aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-a

EC2
keypairs
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
# list all keypairs
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-key-pairs.html
aws ec2 describe-key-pairs

# create a keypair
# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-key-pair.html
aws ec2 create-key-pair \
--key-name <value> --output text

# create a new local private / public keypair, using RSA 4096-bit


ssh-keygen -t rsa -b 4096

# import an existing keypair


# http://docs.aws.amazon.com/cli/latest/reference/ec2/import-key-pair.html
aws ec2 import-key-pair \
--key-name keyname_test \
--public-key-material file:///home/apollo/id_rsa.pub

# delete a keypair
# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-key-pair.html
aws ec2 delete-key-pair \
--key-name <value>

Security Groups
http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html
# list all security groups
aws ec2 describe-security-groups

# create a security group


aws ec2 create-security-group \
--vpc-id vpc-1a2b3c4d \
--group-name web-access \
--description "web access"

# list details about a securty group


aws ec2 describe-security-groups \
--group-id sg-0000000

# open port 80, for everyone


aws ec2 authorize-security-group-ingress \
--group-id sg-0000000 \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/24

# get my public ip
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com);
echo $my_ip

# open port 22, just for my ip


aws ec2 authorize-security-group-ingress \
--group-id sg-0000000 \
--protocol tcp \
--port 80 \
--cidr $my_ip/24

# remove a firewall rule from a group


aws ec2 revoke-security-group-ingress \
--group-id sg-0000000 \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/24

# delete a security group


aws ec2 delete-security-group \
--group-id sg-00000000

Images
https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
# list all private AMI's, ImageId and Name tags
aws ec2 describe-images --filter "Name=is-public,Values=false" \
--query 'Images[].[ImageId, Name]' \
--output text | sort -k2

# delete an AMI, by ImageId


aws ec2 deregister-image --image-id ami-00000000

Instances
http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html
# list all instances (running, and not running)
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html
aws ec2 describe-instances

# list all instances running


aws ec2 describe-instances --filters Name=instance-state-name,Values=running

# create a new instance


# http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html
aws ec2 run-instances \
--image-id ami-f0e7d19a \
--instance-type t2.micro \
--security-group-ids sg-00000000 \
--dry-run

# stop an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html
aws ec2 terminate-instances \
--instance-ids <instance_id>

# list status of all instances


# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-status.html
aws ec2 describe-instance-status

# list status of a specific instance


aws ec2 describe-instance-status \
--instance-ids <instance_id>

# list all running instance, Name tag and Public IP Address


aws ec2 describe-instances \
--filters Name=instance-state-name,Values=running \
--query 'Reservations[].Instances[].[PublicIpAddress, Tags[?Key==`Name`].Value | [0] ]' \
--output text | sort -k2

Tags
# list the tags of an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-tags.html
aws ec2 describe-tags

# add a tag to an instance


# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-tags.html
aws ec2 create-tags \
--resources "ami-1a2b3c4d" \
--tags Key=name,Value=debian

# delete a tag on an instance


# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-tags.html
aws ec2 delete-tags \
--resources "ami-1a2b3c4d" \
--tags Key=Name,Value=
Cloudwatch
Log Groups
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html
http://docs.aws.amazon.com/cli/latest/reference/logs/index.html#cli-aws-logs
create a group
http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-group.html
aws logs create-log-group \
--log-group-name "DefaultGroup"

list all log groups


http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html
aws logs describe-log-groups

aws logs describe-log-groups \


--log-group-name-prefix "Default"

delete a group
http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-group.html
aws logs delete-log-group \
--log-group-name "DefaultGroup"

Log Streams
# Log group names can be between 1 and 512 characters long. Allowed
# characters include a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen),
# '/' (forward slash), and '.' (period).

# create a log stream


# http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-stream.html
aws logs create-log-stream \
--log-group-name "DefaultGroup" \
--log-stream-name "syslog"

# list details on a log stream


# http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-streams.html
aws logs describe-log-streams \
--log-group-name "syslog"

aws logs describe-log-streams \


--log-stream-name-prefix "syslog"

# delete a log stream


# http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-stream.html
aws logs delete-log-stream \
--log-group-name "DefaultGroup" \
--log-stream-name "Default Stream"

Cloudwatch - Monitoring
http://docs.aws.amazon.com/cli/latest/reference/cloudwatch/index.html

You might also like