So, #AWS #cloudformation vs #AWSCLI. Looks to be ending up the same as Azure #ARM vs #AzureCLI. If you already have the template, and deploy it once, it is good. But developing CLI scripts is quicker (debug one step at a time, rather than all at once). And templates run into the same dead ends: e.g. decides it needs to recreate the entire subnet, so it attempts to, but runs into an IP address conflict with the existing one, and the whole thing stops. There are things/changes that declarative approaches just can't do, and you need to use migrations (CLI scripts).
#aws #cloudformation #awscli #arm #AzureCLI
Use the AWS CLI? Get powered up with custom aliases and subcommands.
https://gist.github.com/earchibald-lv/f2a165c832f1f455061af74cfa8127b4
#aws #awscli #awsclialiases #awsclicustomsubcommands
I'm a few months late noticing, but I'm glad to see that the aws-cli has added the ability to display the current credentials, or credentials for a specific config profile.
aws configure export-credentials
Using options, the results can be formatted as environment variables for eval and use by other tools.
I think this is especially useful if the config profile assumes a (cross-account) role, or you are using `aws sso login`.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/export-credentials.html
Okay so now I want to migrate from my #minio service to something like #digitalocean or #wasabi. Has anyone successfully mirrored from a Minio Object Store to another Object store? I attempted to sync using #awscli from my minio to DO and it keeps throwing "NoSuchKey" when I attempt to switch. Not sure what is going on. Everything looks identical as far as the data is concerned, but it's not working as expected (I guess... I'm new to s3 object stores). Any ideas?
#minio #digitalocean #wasabi #awscli
When you are logged into the website, on the top right, chose "Security Credentials". Depending on permissions you can reset the password, get a new awscli key or reset the MFA device.
#aws #cloud #cloudhacking #awscli #hacking #infosec #cybersecurity #cloudsecurity #awssecurity
#aws #cloud #cloudhacking #awscli #hacking #infosec #cybersecurity #cloudsecurity #awssecurity
Let's do something "creative":
Where can you get AWS credentials from?
Add a new vector or give more details for an answer that's already there, e.g. (1) IMDS (2) Instance Metadata Service v1 creds directly from 169.254.169.254/latest/meta-data/iam/security-credentials/<role-name>
#aws #cloud #cloudhacking #awscli #hacking
#aws #cloud #cloudhacking #awscli #hacking
AWS CLI: S3 Commands
https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3-commands.html
#documentation #aws #awscli #s3 #invalidation
AWS CLI: Create CloudFront Invalidation
https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-invalidation.html
#documentation #aws #awscli #cloudfront #invalidation
Bonus:
Allow defaults for the parameter values in the config file, as in:
role_arn=arn:aws:iam::{{acct=123456789012}}:role/{{role=readonly}}
I want to be able to set up an aws-cli config profile that includes parameter substitutions, and then specify the values for those parameters with command line options.
The command line could be:
aws s3 ls \
--profile assumewithmfa \
--param acct=123456789012 \
--param role=s3-readonly
and the config:
[profile assumewithmfa]
source_profile=user-main
role_arn = arn:aws:iam::{{acct}}:role/{{role}}
mfa_serial=arn:aws:iam::987654321098:mfa/user
region=us-east-1
@raoul
`aws s3 sync` is built on boto, but adds extra logic like adding in a content-type attribute, which is critical for static website hosting in S3.
I had this all working on my python2.6 AWS Lambda function which team for years, but when I upgraded to Python 3.9 it broke calling the `aws` included in the ZIP file.
I may be able to figure out how to fix it, but was hoping the intervening years had brought about a more standard aws-cli in Lambda.
I'm working to upgrade some old AWS Lambda functions, and have a question:
Does the AWS Lambda environment for Python 3.9 include the aws-cli anywhere?
If not, are there any modern instructions on the best way to include the aws-cli in a Lambda function?
I'm hoping the word "layer" is not in the answer, but I'll look at that if I must.
Installing the AWS CLI
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
#tips #docs #awscli #installation #bookmarked