# List clusters
aws eks list-clusters
aws eks describe-cluster --name <cluster-name>
aws eks list-node groups --cluster-name <cluster-name>
aws eks describe-nodegroup --cluster-name <cluster-name> --nodegroup-name <nodegroup-name>
# Add role to aws-auth ConfigMap
aws-iam-authenticator add role \
--rolearn <role-arn> --username <username> \
--groups system:masters --kubeconfig ~/.kube/config
aws-iam-authenticator add user \
--groups system:masters \
--kubeconfig ~/.kube/config \
--userarn arn:aws:iam::<account-id>:user/admin1 --username admin1
# Get worker node instance role arn
aws eks describe-nodegroup \
--cluster-name <cluster-name> \
--nodegroup-name <nodegroup-name> \
| jq -r .nodegroup.nodeRole
# Allow pods to publish log events to CloudWatch
aws iam attach-role-policy \
--role-name <worker-node-role-name> \
--policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
aws ec2 describe-vpcs
aws ec2 describe-vpcs | jq '.Vpcs[].Tags[]? | select (.Key == "Name") | .Value' | jq -s
aws ec2 describe-vpcs | jq '.Vpcs[].Tags[]? | select (.Key == "Name")' | jq -r .Value
# VPC Endpoint Services
aws ec2 describe-vpc-endpoint-services --no-paginate --region ap-southeast-1 | jq .ServiceNames
aws ec2 describe-vpc-endpoint-services --query ServiceNames --no-paginate --region ap-southeast-1
aws ec2 describe-subnets
aws ec2 describe-subnets \
--query "Subnets[*].{SubnetId:SubnetId,AvailaibilityZone:AvailabilityZone}" \
--output text
aws ec2 describe-subnets \
--filter "Name=availability-zone,Values=eu-west-1b" \
--query "Subnets[*].{SubnetId:SubnetId,AvailabilityZone:AvailabilityZone}" \
--output text
aws ec2 describe-subnets \
--filters "Name=tag-key,Values=<tag-key>" \
--query 'Subnets[*].{SubnetId:SubnetId,Name:Tags[?Key==`Name`]|[0].Value}' \
--output table
aws ec2 describe-subnets \
--filter "Name=tag-key,Values=<tag-key>" \
--query "Subnets[*].{SubnetId:SubnetId,AvailabilityZone:AvailabilityZone,Tags:Tags}" \
--output json
aws ec2 describe-security-groups \
| jq '[.SecurityGroups[] | {"GroupName", "GroupId"}]'
aws ec2 describe-instances \
| jq '[.Reservations[].Instances[] | {"InstanceId", "State", "LaunchTime"}]' \
| jq '.[] | select(.State.Name != "terminated")'
# Describe EC2 instance types
aws ec2 describe-instance-types --region ap-southeast-1 \
| jq '.InstanceTypes[] | select (.ProcessorInfo.SupportedArchitectures[] | contains("x86_64")) | select (.ProcessorInfo.SustainedClockSpeedInGhz >= 3) | {CurrentGeneration: .CurrentGeneration, InstanceType: .InstanceType, ClockSpeedInGhz: .ProcessorInfo.SustainedClockSpeedInGhz, EbsOptimizedSupport: .EbsInfo.EbsOptimizedSupport, BaselineThroughputInMBps: .EbsInfo.EbsOptimizedInfo.BaselineThroughputInMBps, BaselineIops: .EbsInfo.EbsOptimizedInfo.BaselineIops, MaximumThroughputInMBps: .EbsInfo.EbsOptimizedInfo.MaximumThroughputInMBps, MaximumIops: .EbsInfo.EbsOptimizedInfo.MaximumIops, NetworkPerformance: .NetworkInfo.NetworkPerformance, vCPU: .VCpuInfo.DefaultVCpus, RAM: (.MemoryInfo.SizeInMiB/1024), BareMetal: .BareMetal, Hypervisor: .Hypervisor}' \
| jq -s '.'
# Describe EC2 instance type
aws ec2 describe-instance-types --region ap-southeast-1 \
| jq '.InstanceTypes[] | select (.InstanceType == "i3.xlarge")'
# Describe EC2 instance type offering
aws ec2 describe-instance-type-offerings \
--location-type availability-zone \
--filters Name=instance-type,Values=x2iedn.2xlarge \
--region ap-southeast-1 \
--output table
# Describe EC2 instance type offering
aws ec2 describe-instance-type-offerings \
--location-type availability-zone \
--filters Name=instance-type,Values=z1d.2xlarge,i4i.2xlarge,r6i.2xlarge,c6i.2xlarge,i3en.2xlarge,d3.xlarge \
--region eu-west-1 \
| jq '[.InstanceTypeOfferings[]]'
# AWS meta-data
# Get security token
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
# List Instance Profile
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/info
aws elbv2 describe-load-balancers \
| jq '[.LoadBalancers[] | {LoadBalancerName, State: .State.Code, DNSName}]'
aws elbv2 describe-load-balancers \
| jq '[.LoadBalancers[] | {LoadBalancerName, State: .State.Code, DNSName} | select(.State == "active")]'
aws elbv2 describe-load-balancers \
| jq '[.LoadBalancers[] | {LoadBalancerName, State: .State.Code, DNSName} | select(.State == "active")] | length'
# Security groups can't be associated with NLBs
# List source IP address of NLB for traffic it forwards to target groups
# Reference: https://aws.amazon.com/premiumsupport/knowledge-center/elb-find-load-balancer-IP/
aws ec2 describe-network-interfaces \
--filters Name=description,Values="ELB net/<load-balancer-name>/<load-balancer-id>" \
--query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress' \
--output text
aws sts get-caller-identity
# List stacks
aws cloudformation list-stacks
aws cloudformation list-stacks \
--stack-status-filter DELETE_FAILED \
| jq '.StackSummaries[] | {"StackName", "StackStatus"}'
aws cloudformation list-stacks \
| jq '[.StackSummaries[] | {"StackName", "StackStatus"}]'
aws cloudformation list-stacks \
| jq '[.StackSummaries[] | {"StackName", "StackStatus"}]' \
| jq '.[] | select(.StackStatus != "DELETE_COMPLETE")'
# Describe stacks
aws cloudformation describe-stacks
# Delete stack
aws cloudformation delete-stack --stack-name <stack-name>
# List buckets
aws s3 ls
# Remove bucket
aws s3 rb --force s3://<bucket-name>
# Get role
aws iam get-role <role-name>
# List managed policies attached to a role
aws iam list-attached-role-policies --role-name <role-name>
# Get a policy by arn
aws iam get-policy --policy-arn <policy-arn>
# Create role with assume policy document
aws iam create-role \
--role-name <role-name> \
--assume-role-policy-document <file://trust-policy.json>
# Create policy
aws iam create-policy \
--policy-name <policy-name> \
--policy-document <file://policy.json>
# Attach policy to role
aws iam attach-role-policy \
--policy-arn <policy-arn> \
--role-name <role-name>
# List managed policies attached to a role
aws iam list-attached-role-policies \
--role-name <role-name>
# Create user
aws iam create-user --user-name <user-name>
# Configure user console password
aws iam create-login-profile --user-name <user-name> --password <password>
# Create table
aws dynamodb create-table \
--table-name Music \
--attribute-definitions \
AttributeName=Artist,AttributeType=S \
AttributeName=SongTitle,AttributeType=S \
--key-schema AttributeName=Artist,KeyType=HASH AttributeName=SongTitle,KeyType=RANGE \
--provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
--endpoint-url http://localhost:8000
aws cloudfront list-distributions \
| jq '[.DistributionList.Items[] | {"Id", "ARN", "DomainName", "Status"}]'
aws cloudfront list-distributions \
| jq '[.DistributionList.Items[] | {"Id", "ARN", "DomainName", "Status"}]' \
| jq '[.[] | select(.Status == "Deployed")]'
aws rds describe-db-clusters \
--db-cluster-identifier database-1 \
--region us-east-1 \
| jq '[.DBClusters[] | {DBClusterIdentifier, Status, DBClusterMembers}]'
aws rds describe-db-instances \
--db-instance-identifier database-1-instance-1 \
--region us-east-1 \
| jq '[.DBInstances[] | {DBInstanceIdentifier, DBInstanceStatus, Endpoint}]'
# Get names of all ETL jobs
aws glue get-jobs \
| jq -r ".Jobs[].Name"
# Get workflow runs
aws glue get-workflow-runs \
--name workflow-test01 \
| jq -r "[.Runs[] | {"WorkflowRunId", "Status"}]"
# Create Crawler
aws glue create-crawler \
--name test-crawler \
--role AWSGlueServiceRoleDefault \
--database-name db1 \
--targets "{\"S3Targets\": [{\"Path\": \"s3://<bucket-name>/db1\"} ]}" \
--configuration "{\"Version\":1,\"Grouping\":{\"TableLevelConfiguration\":3}}\"" \
--schema-change-policy UpdateBehavior=LOG,DeleteBehavior=LOG \
--recrawl-policy RecrawlBehavior=CRAWL_NEW_FOLDERS_ONLY \
--region us-east-1
aws glue create-crawler \
--name test-crawler \
--role AWSGlueServiceRoleDefault \
--database-name db1 \
--targets "{\"S3Targets\": [{\"Path\": \"s3://<bucket-name>/db1\"} ]}" \
--configuration "{\"Version\":1,\"Grouping\":{\"TableLevelConfiguration\":3}}\"" \
--schema-change-policy UpdateBehavior=UPDATE_IN_DATABASE,DeleteBehavior=DELETE_FROM_DATABASE \
--recrawl-policy RecrawlBehavior=CRAWL_EVERYTHING \
--region us-east-1
aws glue delete-crawler \
--name test-crawler \
--region us-east-1
aws glue delete-table \
--database-name db1 \
--name db1 \
--region us-east-1
# Login
aws ecr get-login-password --region ap-southeast-1 | sudo docker login --username AWS --password-stdin <aws-account-id>.dkr.ecr.ap-southeast-1.amazonaws.com
# Sync objects from one bucket into another
aws s3 sync s3://amazon-reviews-pds/parquet/ s3://keshavkb2-amazon-revies-pds/parquet/
aws s3 sync <source-s3-uri> <destination-s3-uri>
aws secretsmanager list-secrets \
| jq '.SecretList[] | {ARN}' \
| jq -r 'to_entries[] | [.key, .value] | @csv'
aws secretsmanager list-secrets \
| jq '.SecretList[] | {Name}' \
| jq -r 'to_entries[] | ["aws secretsmanager delete-secret --secret-id " + .value] | @csv' | jq -r . > delete-secrets.sh
# List services by region
curl -s https://api.regional-table.region-services.aws.a2z.com/index.json | jq '.prices[] | select (."attributes"."aws:region" == "ap-southeast-3") | .attributes."aws:serviceName"' | sort
# List ip-ranges for a region
curl https://ip-ranges.amazonaws.com/ip-ranges.json > ip-ranges.json
cat ip-ranges.json | jq -c '.prefixes[] | select(.region | contains("ap-southeast-1"))' > ap-southeast-1-ipranges.json
aws route53domains transfer-domain-to-another-aws-account --domain-name <domain-name> --account-id <target-account-id> --region us-east-1
aws route53domains accept-domain-transfer-from-another-aws-account --domain-name <domain-name> --password 'password' --region us-east-1