list cidrs for VPC’s accross accounts
for acct in acct1 acct2 acct3 acct4 acct5 acct6; do aws ec2 describe-vpcs --profile ${acct} --region us-east-1 | jq '.Vpcs[] | if .Tags then [.OwnerId, (.Tags[]|select(.Key | startswith("Name")).Value), .CidrBlock] else [.OwnerId, "Default", .CidrBlock] end'; done
list instances with instanceId, launchTime, state and stateReason
aws ec2 describe-instances --region us-east-2 |
jq "[.Reservations | .[] | .Instances | .[] |
{instanceId: .InstanceId, launchTime: .LaunchTime,
state: .State, stateReason: .StateReason}]"
ec2 list instances with State and stateReason and launchTime
aws ec2 describe-instances --region us-east-2 |
jq "[.Reservations | .[] | .Instances | .[] |
{instanceId: .InstanceId, launchTime: .LaunchTime,
state: .State, stateReason: .StateReason}]"
ec2 list instances that are running with instanceId and launchTime
aws ec2 describe-instances --region us-east-2 |
select(.State.Name == \"running\")" | jq "[ .Reservations | .[] |
.Instances | .[] |
{instanceId: .InstanceId, launchTime: .LaunchTime,
state: .State, stateReason: .StateReason} ]"
ec2 list VPC’s and CIDRs
aws ec2 describe-vpcs | jq "[.Vpcs | .[] | .CidrBlock ]"
ec2 lisit subnets with subnetId and AZ
aws ec2 describe-subnets | jq '[.Subnets|.[]|{Subnet:.SubnetId,AZ:.AvailabilityZone}]'
ec2 list amiId , instanceId and privateIp
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 |
jq -c '.Reservations | .[] | .Instances | .[] |
select (.ImageId == ${AMIID}) | .InstanceId,.PrivateIpAddress'
ConfigService get rule names that do not contain a string
aws configservice describe-config-rules --profile $PROFILE_NAME --region us-east-1 |
jq -c '.ConfigRules| .[] | select(.ConfigRuleName |
test("AWSControlTower") | not) | .ConfigRuleName'
ec2 describe-key-pairs that start with string
aws ec2 describe-key-pairs
--profile $PROFILE_NAME --region us-east-1
| jq -c '.KeyPairs | .[] | select( .KeyName | startswith("test-string"))'
ec2 describe-instances select “Name” tags, launchTime, PubDNSName
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 \
| jq '.Reservations | .[] | .Instances | .[] \
| [(.Tags[]|select(.Key=="Name")|.Value), .LaunchTime, .PublicDnsName ]'
[
"instance1",
"2021-07-30T18:55:23+00:00",
"ec2-3-86-245-113.compute-1.amazonaws.com"
]
[
"instance2",
"2021-07-30T18:55:23+00:00",
"ec2-52-91-167-140.compute-1.amazonaws.com"
]
Name Tags
aws ec2 describe-instances --profile ${PROFILE_NAME} --region us-east-1 | jq '.Reservations | .[] | .Instances | .[] | [(.Tags[]|select(.Key=="Name")|.Value)]'
PrivateIpAddress
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 | jq '.Reservations | .[] | .Instances | .[] | [(.Tags[]|select(.Key=="Name")|.Value), .LaunchTime, .PrivateIpAddress ]'
KeyName and PrivateIpAddress
% aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 | jq '.Reservations | .[] | .Instances | .[] | [(.Tags[]|select(.Key=="Name")|.Value), .KeyName, .PrivateIpAddress ]'
Add All Users to a Specific Group
for i in `aws iam list-users --profile $PROFILE_NAME | jq ".[] | .[] | .UserName" | sed 's/"//g'`; do aws iam add-user-to-group --user-name ${i} --group-name ReadOnly --profile $PROFILE_NAME; done
Search for an IAM user across multiple profiles
for i in dev qa production; do echo $i; aws iam list-users --profile $i | jq '.[] | .[] | select(.UserName | startswith("jdoe"))'; done
Search for instances with Name tags
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 | jq -c '.Reservations | .[] | .Instances |.[] | [(.Tags[]|select(.Key=="Name")|.Value), .LaunchTime, .PublicDnsName ]'
Search for instances with Name and Patch Group tags
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 | jq -c '.Reservations | .[] | .Instances |.[] | [(.Tags[]|select(.Key=="Patch Group")|.Value), (.Tags[]|select(.Key=="Name")|.Value), .LaunchTime ]' ["dev-windows","windows_server","2022-04-07T05:10:41+00:00"]
Search for instances, return Name, LaunchTime, InstanceId, PrivateIp, KeyName
aws ec2 describe-instances --profile $PROFILE_NAME --region us-east-1 | jq '.Reservations | .[] | .Instances | .[] | [(.Tags[]|select(.Key=="Name")|.Value), .LaunchTime, .InstanceId, .PrivateIpAddress, .KeyName ]'
List instance profiles (Roles)####
aws ec2 describe-instances --region us-east-1 --profile $PROFILE_NAME | jq '.Reservations | .[] | .Instances | .[] | (.Tags[]|select(.Key=="Name")|.Value), .IamInstanceProfile'
List instances with searched Tag Values
Returns InstanceId for all instances, maybe try a –query to limit?
aws ec2 describe-instances --profile tools-dev --region us-east-1 | jq '.Reservations | .[] | .Instances | .[] | (.Tags[]|select(.Value | startswith("tools"))), .InstanceId'
List Lambda Functions on Python 3.6
aws lambda list-functions --function-version ALL --region us-east-1 --output text --query "Functions[?Runtime=='python3.6'].FunctionArn" --profile tools-root
List CloudFormation Stacks
aws cloudformation list-stacks --profile ${PROFILE} --region us-west-2 | jq -c '.StackSummaries | .[] | (select(.StackStatus | contains("COMPLETE")))' | grep ${STRING_TO_GREP_FOR}
Scratch – Searching on Tag Names
for PROFILE in dev prod; do echo $PROFILE; do aws ec2 describe-instances --profile $PROFILE --region us-east-1 | jq -c '.Reservations | .[] | .Instances |.[] | [(.Tags[]|select(.Value | contains("tools"))), .State ]'; done
aws ec2 describe-instances --profile tools-dev --region us-east-1 | jq '.Reservations[].Instances[] | (.Tags[]|select(.Value | contains("bastion"))), .InstanceId'
"i-0c2438fb1429c3e35"
"i-0d5e202b039b57392"
"i-0ad65948bfcb6f0b7"
"i-094507623837eef6f"
{
"Key": "Name",
"Value": "dev-tools"
}
aws ec2 describe-instances --query 'Reservations[].Instances[].{InstanceId:InstanceId, Tag:Tags[?Key==`Name`].Value}' --profile ${PROFILE} --region us-east-1
[
{
"InstanceId": "i-0c2438fb1429c3e35",
"Tag": [
"windows-tools"
]
},
{
"InstanceId": "i-0d5e202b039b57392",
"Tag": [
"tools-1"
]
},
Select Users from AWS IdentityStory
aws identitystore list-users --identity-store-id d-12345678 --profile ${PROFILE} | jq '.Users[] | select(.UserName | contains("davidhullster"))'
