Basis
Command Structure
aws serviceName commandsGeneral structure of a command.
--region us-east-1Set the region for this command (change from default).
--no-sign-requestAccess to public objects (no signing in).
--profile myProfileSet profile ot use for this command (change from default).
Profile Configuration
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
Profile configuration are stored in two files:
~/.aws/config
[default]
region=eu-west-1
output=json
~/.aws/credentials
[default]
aws_access_key_id=[ACCESS_KEY_ID]
aws_secret_access_key=[SECRET_ACCESS_KEY]
aws configure list-profilesList created profiles.
aws configure list --profile myProfileNameShow details for the specified profile.
aws configure --profile myProfileNameCreate or modify a profile.
aws configure set aws_session_token MY_AWS_SESSION_TOKEN --profile myProfileNameSet a
AWS_SESSION_TOKEN(afteraws configure).
aws configure sso --profile myProfileNameCreate or modify an SSO profile.
Query
--query 'Jobs[? WorkerType==`Standard`]'Filter results based on a condition.
--query 'Jobs[].[Name,WorkerType]'Only returning selected properties.
--query 'Jobs[].{JobName:Name,WorkerType:WorkerType}' --out tableOnly return selected properties as a table and with custom names for columns.
IAM
Basis
aws sts get-access-key-info --access-key-id [MY_ACCESS_KEY_ID]Return Account ID of the access key.
aws sts get-caller-identityReturn User ID, Account ID, and ARN of the selected profile.
{ "UserId": "AIDATAAH6Q3WAYKDXJV5B", "Account": "206175110892", "Arn": "arn:aws:iam::206175110892:user/myUserName" }
Roles
aws sts assume-role --role-arn [MY_ROLE_ARN] --role-session-name mySessionNameReturn temporary credentials for the role.
export AWS_ACCESS_KEY_ID="[OUTPUT_FROM_ASSUME_ROLE_COMMAND]" export AWS_SECRET_ACCESS_KEY="[OUTPUT_FROM_ASSUME_ROLE_COMMAND]" export AWS_SESSION_TOKEN="[OUTPUT_FROM_ASSUME_ROLE_COMMAND]"Use credentials of the assumed role.
Cognito
Basis
aws cognito-identity get-id --identity-pool-id [MY_IDENTOTY_POOL_ID]Return the Cognito ID for the specified identity pool ID.
{ "IdentityId": "us-east-1:1b0bcc16-b32f-44c1-8f1e-14e8d4c5f7af" }
Secret Manager
List
aws secretsmanager list-secrets --query "SecretList[].{Name:Name}" --out tableList Secrets Names
Get
aws secretsmanager get-secret-value --secret-id "myNewValue"Get a secret value (
--secret-idcan be the secret name or the arn).
Update
aws secretsmanager update-secret --secret-id "my/secret/name" --secret-string "myNewValue"Update secret value.
aws secretsmanager update-secret --secret-id "my/secret/name" --secret-string file://myFileUpdate a secret value using a file.
EC2
Basis
aws ec2 describe-instances --output text --profile myProfileNameListing all EC2 instances running within a profile.
EKS
Kubeconfig
aws eks update-kubeconfig --name my-clusterUpdate
~/.kube/configfile to be able to connect to the cluster.
Addons
aws eks describe-addon-versions --addon-name aws-ebs-csi-driver --region myRegionShow latest version of the addon (region is mandatory).
Lambda
Basis
aws lambda invoke --function-name my-lambdaExecute a Lambda.
S3
Create Bucket
aws s3 mb s3://myBucketURLCreate a bucket (mb = make bucket).
Copy
aws s3 cp s3://myBucketURL/myFile ./Copies a bucket file to my current local directory.
aws s3 sync myFile s3://myBucketURLSynchronize a local file or directory to the buckets.
aws s3 sync s3://myBucketURL/myFolder /myLocalFolderSynchronize bucket folder to local directory.
Delete
aws s3 rm s3://myBucketURL/myPrefix/myFileRemove a file.
aws s3 rm --recursive s3://myBucketURL/myPrefix/Remove all file from the given profile.
S3API
aws s3api put-bucket-policy s3://myBucketURL myPolicyFileAdd policy config file to the bucket.
aws s3api put-bucket-website s3://myBucketURL myIndexFileSets the default file to be served when using the bucket as a static web server.
DynamoDB
Basis
aws dynamodb list-tablesList tables.
aws dynamodb describe-table --table-name my-tableReturn information about selected table.
aws dynamodb scan --table-name my-tableReturn items (and their attributes) stored in the selected table.
CloudWatch
Basis
aws logs describe-log-streams --log-group-name my-log-groupRetrieve information about log streams in a specific log group.
aws logs get-log-events --log-group-name my-log-group --log-stream-name some-log-streamRetrieve log events from a log stream in a specific log group.
Security Hub
Basis
aws securityhub enable-security-hub --no-enable-default-standards --control-finding-generator SECURITY_CONTROLEnable Security Hub with no Standards enabled by default, and findings are generated based on Controls (only one finding if the controls exist in multiple Standards).
Standards
aws securityhub describe-standardsList available Standards (packs of controls like CIS or NSIT) and whether they're enabled or not.
aws securityhub get-enabled-standardsList enabled Standards.
aws securityhub batch-enable-standards --standards-subscription-requests '{"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}'Enable a Standard using it's ARN.
aws securityhub describe-standards-controls --standards-subscription-arn arn:aws:securityhub:eu-west-1:123456789123:subscription/cis-aws-foundations-benchmark/v/1.2.0List control in a standard, and show whether they are enabled or not.
Controls
aws securityhub list-security-control-definitionsList Security Controls IDs (and description ...).
aws securityhub list-security-control-definitions --standards-arn "arn:aws:securityhub:us-east-1::standards/cis-aws-foundations-benchmark/v/1.4.0"List Security Controls IDs (and description ...) of the specified Standards.
aws securityhub list-standards-control-associations --security-control-id CloudTrail.1List Standards that cover the given Control (ControlId). This will only return Controls that belong in an enabled Standard.
aws securityhub batch-get-standards-control-associations --standards-control-association-ids [{"SecurityControlId": "ACM.1", "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, ...]For a given Control return associated Standards Controls (with ARNs) for the specified standard.