AWS

Destroy stuff from S3

# Delete buckets
buckets=(
    "bucket1"
    "bucket2"
)
for bucket in "${buckets[@]}";do
    bucketname=$(aws s3api list-buckets | jq -r '.Buckets[].Name | select(contains("'"$bucket"'"))')
    [[ -z "$bucketname" ]] && echo "Couldn't find bucket: $bucket" && continue
    echo "Emptying bucket: $bucketname"
    aws s3 rm "s3://$bucketname" --recursive --only-show-errors
    echo "Deleting bucket: $bucketname"
    aws s3api delete-bucket --bucket "$bucketname"
done

# Empty bucket with some string in the name
bucketname=$(aws s3api list-buckets | jq -r '.Buckets[].Name | select(contains("'"something"'"))')
if [ -n "$bucketname" ]; then
    echo "Emptying bucket: $bucketname"
    aws s3 rm "s3://$bucketname" --recursive --only-show-errors
fi

CodeBuild

# Start build
aws codebuild start-build --project-name name --source-version "main"

# Get status of latest build
aws codebuild batch-get-builds --ids $(aws codebuild list-builds-for-project --project-name name --query "ids[0]" --output text) | jq -r '.builds[] | {Name: .id, Status: .buildStatus}'

# Wait while build is in progress
while [[ $(aws codebuild batch-get-builds --ids $(aws codebuild list-builds-for-project --project-name name --query "ids[0]" --output text) | jq -r '.builds[].buildStatus') = "IN_PROGRESS" ]]; do
    echo -n "CodeBuild in progress, $(date)"
    for i in {1..10}; do
        sleep 6
        echo -n "."
    done
    echo
done
echo "❤️ CodeBuild completed ❤️"

CloudFormation DRIFT status

# Drifted stacks
aws cloudformation list-stacks --stack-status-filter 'UPDATE_COMPLETE' --query 'StackSummaries[?DriftInformation.StackDriftStatus==`DRIFTED`].StackName'

# Stack drift details
aws cloudformation describe-stack-resource-drifts --stack-name foobaz
# Not IN_SYNC
aws cloudformation describe-stack-resource-drifts --stack-name foobaz --query 'StackResourceDrifts[?StackResourceDriftStatus!=`IN_SYNC`]'
aws cloudformation describe-stack-resource-drifts --stack-name foobaz --query 'StackResourceDrifts[?StackResourceDriftStatus!=`IN_SYNC`]' --output yaml  # json,text,table,yaml


for drifted_stack in $(aws cloudformation list-stacks --stack-status-filter 'UPDATE_COMPLETE' --query 'StackSummaries[?DriftInformation.StackDriftStatus==`DRIFTED`].StackName' --output text);do
    echo "###"
    echo "# $drifted_stack"
    echo "###"
    aws cloudformation describe-stack-resource-drifts --stack-name $drifted_stack --query 'StackResourceDrifts[?StackResourceDriftStatus!=`IN_SYNC`]' --output yaml
done > drifted_stacks.yaml

Give access to sub

Create IAM role

OTHER_AWS_ACCOUNT=xxxx
NEW_ROLE_NAME=test-access
aws iam create-role --role-name "$NEW_ROLE_NAME" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::'$OTHER_AWS_ACCOUNT':root"},"Action":"sts:AssumeRole","Condition":{}}]}'
aws iam attach-role-policy --role-name "$NEW_ROLE_NAME" --policy-arn "arn:aws:iam::aws:policy/AdministratorAccess"
# New role Arn:
aws iam get-role --role-name $NEW_ROLE_NAME --query "Role.Arn" --output text

Assume role CLI

Set env vars (don’t use this)

ENV.use foobar-name  # Set env variables
aws sts get-caller-identity
export AWS_ROLE_ARN=arn:aws:iam::xxxx:role/foobar-access
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
        $(aws sts assume-role \
        --role-arn $AWS_ROLE_ARN \
        --role-session-name foobar \
        --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
        --output text))
aws sts get-caller-identity
aws s3 ls

Awsume with role

ENV.use foobar-name  # Set env variables
aws sts get-caller-identity
awsume --role-arn arn:aws:iam::xxxx:role/foobar-access
aws sts get-caller-identity
aws s3 ls

Create profile

[foobar-with-foobaz]
source_profile = foobar-name
role_arn = arn:aws:iam::xxxx:role/foobar-access

Awsume with profile

aws sts get-caller-identity
awsume foobar-with-foobaz
aws sts get-caller-identity
aws s3 ls

Get AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY when using profile

aws configure get aws_access_key_id
aws configure get aws_secret_access_key

ECR / Helm

# Login:
aws ecr get-login-password \
     --region us-east-1 | helm registry login \
     --username AWS \
     --password-stdin xxxx.dkr.ecr.us-east-1.amazonaws.com

# Pull
helm pull oci://xxxx.dkr.ecr.us-east-1.amazonaws.com/release/charts/some-chart --version 1.2.3
# creates file some-chart-1.2.3.tgz

# Push
helm push some-chart-1.2.3.tgz oci://xxxx.dkr.ecr.us-east-1.amazonaws.com/release/charts

Lambda

# Get big Lambdas
aws lambda list-functions --query "Functions[?CodeSize>to_number('1000000')].{CodeSize:CodeSize, FunctionName:FunctionName}" --output table