Browse Source

initial aws cli aliases

master
ojizero 8 months ago
parent
commit
ac164cdbae
2 changed files with 138 additions and 0 deletions
  1. 131
    0
      .aws/cli/alias
  2. 7
    0
      .gitignore

+ 131
- 0
.aws/cli/alias View File

@@ -0,0 +1,131 @@
[toplevel]

whoami = sts get-caller-identity

create-assume-role =
!f() {
aws iam create-role --role-name "${1}" \
--assume-role-policy-document \
"{\"Statement\":[{\
\"Action\":\"sts:AssumeRole\",\
\"Effect\":\"Allow\",\
\"Principal\":{\"Service\":\""${2}".amazonaws.com\"},\
\"Sid\":\"\"\
}],\
\"Version\":\"2012-10-17\"\
}";
}; f


running-instances = ec2 describe-instances \
--filter Name=instance-state-name,Values=running \
--output table \
--query 'Reservations[].Instances[].{ID: InstanceId,Hostname: PublicDnsName,Name: Tags[?Key==`Name`].Value | [0],Type: InstanceType, Platform: Platform || `Linux`}'

ebs-volumes= ec2 describe-volumes \
--query 'Volumes[].{VolumeId: VolumeId,State: State,Size: Size,Name: Tags[0].Value,AZ: AvailabilityZone}' \
--output table

amazon-linux-amis = ec2 describe-images \
--filter \
Name=owner-alias,Values=amazon \
Name=name,Values="amzn-ami-hvm-*" \
Name=architecture,Values=x86_64 \
Name=virtualization-type,Values=hvm \
Name=root-device-type,Values=ebs \
Name=block-device-mapping.volume-type,Values=gp2 \
--query "reverse(sort_by(Images, &CreationDate))[*].[ImageId,Name,Description]" \
--output text

list-sgs = ec2 describe-security-groups --query "SecurityGroups[].[GroupId, GroupName]" --output text

sg-rules = !f() { aws ec2 describe-security-groups \
--query "SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,join(',',IpRanges[].CidrIp)]" \
--group-id "$1" --output text; }; f

tostring =
!f() {
cat "${1}" | jq 'tostring'
}; f

authorize-my-ip =
!f() {
ip=$(aws myip)
aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
}; f

get-group-id =
!f() {
aws ec2 describe-security-groups --filters Name=group-name,Values=${1} --query SecurityGroups[0].GroupId --output text
}; f

authorize-my-ip-by-name =
!f() {
group_id=$(aws get-group-id "${1}")
aws authorize-my-ip "$group_id"
}; f

# list all security group port ranges open to 0.0.0.0/0
public-ports = ec2 describe-security-groups \
--filters Name=ip-permission.cidr,Values=0.0.0.0/0 \
--query 'SecurityGroups[].{
GroupName:GroupName,
GroupId:GroupId,
PortRanges:
IpPermissions[?contains(IpRanges[].CidrIp, `0.0.0.0/0`)].[
join(`:`, [IpProtocol, join(`-`, [to_string(FromPort), to_string(ToPort)])])
][]
}'

# List or set your region
region = !f() { [[ $# -eq 1 ]] && aws configure set region "$1" || aws configure get region; }; f

find-access-key = !f() {
clear_to_eol=$(tput el)
for i in $(aws iam list-users --query "Users[].UserName" --output text); do
printf "\r%sSearching...$i" "${clear_to_eol}"
result=$(aws iam list-access-keys --output text --user-name "${i}" --query "AccessKeyMetadata[?AccessKeyId=='${1}'].UserName";)
if [ -n "${result}" ]; then
printf "\r%s%s is owned by %s.\n" "${lear_to_eol}" "$1" "${result}"
break
fi
done
if [ -z "${result}" ]; then
printf "\r%sKey not found." "${clear_to_eol}"
fi
}; f

docker-ecr-login =
!f() {
region=$(aws configure get region)
endpoint=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].proxyEndpoint)
passwd=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].authorizationToken | base64 --decode | cut -d: -f2)
docker login -u AWS -p $passwd $endpoint
}; f

myip =
!f() {
dig +short myip.opendns.com @resolver1.opendns.com
}; f

allow-my-ip =
!f() {
my_ip=$(aws myip)
aws ec2 authorize-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
}; f

revoke-my-ip =
!f() {
my_ip=$(aws myip)
aws ec2 revoke-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
}; f

allow-my-ip-all =
!f() {
aws allow-my-ip ${1} all all
}; f

revoke-my-ip-all =
!f() {
aws revoke-my-ip ${1} all all
}; f

+ 7
- 0
.gitignore View File

@@ -86,3 +86,10 @@ Temporary Items
.apdisk

# End of https://www.gitignore.io/api/git,zsh,visualstudiocode

### AWSCLI ###
# Credentials
.aws/credentials

# Config
.aws/config

Loading…
Cancel
Save