'Memo/AmazonWebServices/awscli/EC2/' には、下位層のページがありません。
PROFILE=example REGION=ap-northeast-1 aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=instance-lifecycle,Values=spot" --profile $PROFILE --region $REGION
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[].Instances[?InstanceLifecycle==null]' --profile $PROFILE --region $REGION
profile=example region=ap-northeast-1 aws ec2 describe-addresses \ --profile $profile \ --region $region \ --output json \ | jq '.Addresses[] | select(.AssociationId == null)' { "PublicIp": "xxx.xxx.xxx.xxx", "AllocationId": "eipalloc-abcdef12", "Domain": "vpc", "PublicIpv4Pool": "amazon", "NetworkBorderGroup": "ap-northeast-1" } ...
profile=example region=ap-northeast-1 vol_id=vol-1234567890 aws ec2 describe-instances \ --filters "Name=block-device-mapping.volume-id,Values=${vol_id}" \ --query 'Reservations[].Instances[].{InstanceId:InstanceId, Name:Tags[?Key==`Name`].Value|[0]}' \ --output text \ --profile $profile \ --region $region
awscliでjsonで出力した後に、jqで一部分だけを取得したい場合
jq -r '.Reservations[].Instances[].Tags[] | select(.Key == "Name") | .Value' ec2.json
PROFILE=example aws ec2 describe-instances --profile $PROFILE --filters "Name=platform,Values=windows"
--query 'Reservations[].Instances[].{C010:(Platform||Tags[?Key==`Platform`].Value)|[0]}'
AWS_PROFILE=default AWS_REGION=ap-northeast-1 INSTANCE_ID=i-xxxxxxxxxxx NAME="test-web-01.$(date +%Y%m%d)" aws --profile $AWS_PROFILE --region $AWS_REGION ec2 create-image --instance-id $INSTANCE_ID --no-reboot --name $NAME
aws ec2 describe-instances \ --region ap-northeast-1 \ --query 'sort_by(Reservations[].Instances[].{A_Name:Tags[?Key==`Name`].Value|[0],B_InstanceId:InstanceId,C_PublicDnsName:PublicDnsName,D_State:State.Name}, &D_State)' \ --output text
--filters "Name=instance-state-name,Values=running"
--output text | sort
AWS_PROFILE=default aws --profile $AWS_PROFILE --region ap-northeast-1 ec2 create-volume --size 10 --volume-type gp2 --availability-zone ap-northeast-1b # vol-xxxx aws --profile $AWS_PROFILE --region ap-northeast-1 ec2 attach-volume --device /dev/sdf --volume-id vol-xxxx --instance-id i-xxxx
sudo mkdir /mnt/ebs0 sudo mkfs.ext4 /dev/xvdf sudo mount /dev/xvdf /mnt/ebs0 # /etc/fstab に追加 sudo vim /etc/fstab -- /dev/xvdf /ext/ebs0 ext4 defaults,nofail 0 0 --
AWS_REGION=ap-northeast-1 AWS_PROFILE=example aws ec2 modify-volume --volume-id vol-xxxx --size 20 --profile $AWS_PROFILE --region ap-northeast-1
aws ec2 modify-volume --volume-id vol-xxxx --size 20 --volume-type gp2 --profile $AWS_PROFILE --region $AWS_REGION
df -h
sudo resize2fs /dev/xvdf
aws --profile default --region ap-northeast-1 ec2 describe-instances \ --filters 'Name=private-dns-name,Values=ip-01-02-03-04.ap-northeast-1.compute.internal' \ --query "Reservations[].Instances[].{InstanceId:InstanceId,Tags:Tags[],PublicDnsName:PublicDnsName,State:State.Name}" [ { "InstanceId": "i-123456", "State": "running", "PublicDnsName": "ec2-01-02-03-04.ap-northeast-1.compute.amazonaws.com", "Tags": [ { "Value": "web01", "Key": "Name" } ] } ]
AWS_PROFILE=default AWS_REGION=ap-northeast-1 AWS_VPC_ID=vpc-xxxx AWS_VPC_SG="sg-xxxx" AWS_EC2_ID="i-xxxx01 i-xxxx02" aws --profile $AWS_PROFILE --region $AWS_REGION ec2 enable-vpc-classic-link --vpc-id $AWS_VPC_ID for id in $AWS_EC2_ID; do \ echo "---- $id: ";aws --profile $AWS_PROFILE --region $AWS_REGION ec2 attach-classic-link-vpc --instance-id $id --vpc-id $AWS_VPC_ID --groups $AWS_VPC_SG done
AWS_EC2_ID=$(aws --profile $AWS_PROFILE \ --region $AWS_REGION \ ec2 describe-instances \ --filters "Name=instance-state-name,Values=running" "Name=tag-key,Values=Name" "Name=tag-value,Values=web*" \ --query 'Reservations[].Instances[].InstanceId' \ --output text)
aws ec2 describe-instances \ --region ap-northeast-1 \ --instance-ids i-12345678 i-90123456 \ --query "Reservations[].Instances[].{InstanceId:InstanceId,Tags:Tags[],PublicDnsName:PublicDnsName,State:State.Name}" [ { "InstanceId": "i-12345678", "State": "running", "PublicDnsName": "ec2-12-34-56-78.ap-northeast-1.compute.amazonaws.com", "Tags": [ { "Value": "host01", "Key": "Name" }, ] }, { ... } ]
PROFILE=example REGION=ap-northeast-1 aws ec2 describe-instances \ --filters "Name=tag:Name,Values=*web*" \ --query 'Reservations[].Instances[].{A_Name:Tags[?Key==`Name`].Value|[0],B_InstanceId:InstanceId,C_IamInstanceProfile_Arn:IamInstanceProfile.Arn,D_IamInstanceProfile_Id:IamInstanceProfile.Id}' \ --profile $PROFILE \ --region $REGION \ --output text
TAG_VALUE=web* PROFILE=example REGION=ap-northeast-1 EC2_ID=$(aws --profile $PROFILE \ --region $REGION \ ec2 describe-instances \ --filters "Name=tag-key,Values=Name" "Name=tag-value,Values=${TAG_VALUE}" \ --query 'Reservations[].Instances[].InstanceId' \ --output text) for id in $EC2_ID; do \ echo "# $id"; \ aws ec2 modify-instance-attribute --instance-id $id --no-disable-api-termination --profile $PROFILE --region $REGION; \ done
AWS_PROFILE=test-user for region in $(aws --profile $AWS_PROFILE ec2 describe-regions --query "Regions[].[RegionName]" --output text); do \ echo "---- $region"; aws --profile $AWS_PROFILE --region $region ec2 describe-security-groups --query 'SecurityGroups[].{GroupName:GroupName, IpRanges:IpPermissions[].IpRanges[]}' > $AWS_PROFILE.$region.ec2.security-groups.json; \ aws --profile $AWS_PROFILE --region $region rds describe-db-security-groups --query 'DBSecurityGroups[].{GroupName:DBSecurityGroupName, IpRanges:IPRanges[]}' > $AWS_PROFILE.$region.rds.security-groups.json; \ done
SECURITY_GROUPS_FILTER='"0.0.0.0/32","1.2.3.4/32"' for file in $(ls $AWS_PROFILE.*.ec2.security-groups.json); do \ echo "---- $file"; cat $file | jq -r ".[]|select(.IpRanges[].CidrIp|contains($SECURITY_GROUPS_FILTER))"; \ done > filtered.$AWS_PROFILE.ec2.security-groups.json for file in $(ls $AWS_PROFILE.*.rds.security-groups.json); do \ echo "---- $file"; cat $file | jq -r ".[]|select(.IpRanges[].CIDRIP|contains($SECURITY_GROUPS_FILTER))"; \ done > filtered.$AWS_PROFILE.rds.security-groups.json
# security group idを指定する場合 aws ec2 authorize-security-group-ingress \ --group-id sg-xxxx1 \ --ip-permissions "FromPort=24224,ToPort=24224,IpProtocol=tcp,UserIdGroupPairs={GroupId=sg-xxxx2,Description=web.fluentd}" \ --profile example \ --region ap-northeast-1 # CIDRを指定する場合 aws ec2 authorize-security-group-ingress \ --group-id sg-859c6ae0 \ --ip-permissions "FromPort=24224,ToPort=24224,IpProtocol=tcp,IpRanges=[{CidrIp=xxx.xxx.xxx.xxx/32,Description=web.fluentd},{CidrIp=xxx.xxx.xxx.xxx/32,Description=log.fluentd}]" \ --profile example \ --region ap-northeast-1
aws --profile test-user ec2 authorize-security-group-ingress \ --group-name MySecurityGroup \ --protocol tcp \ --port 22 \ --source-group GatewaySecurityGroup
aws --profile test-user ec2 authorize-security-group-ingress \ --group-name MySecurityGroup \ --protocol tcp \ --port 0-65535 \ --group-owner amazon-elb \ --source-group amazon-elb-sg
aws --profile test-user ec2 authorize-security-group-ingress \ --group-name MySecurityGroup \ --source-security-group-owner-id amazon-elb \ --source-security-group-name amazon-elb-sg
AWS_PROFILE=example AWS_REGION=ap-northeast-1 AWS_EC2_SG=sg-xxxx AWS_EC2_SG_CIDR="203.0.113.0/24" AWS_EC2_SG_DESCRIPTION="web01 td-agent" aws ec2 authorize-security-group-ingress \ --profile $AWS_PROFILE \ --region $AWS_REGION \ --group-id $AWS_EC2_FLUENTD_SG \ --ip-permissions "$(printf '[{"IpProtocol": "tcp", "FromPort": 24224, "ToPort": 24224, "IpRanges": [{"CidrIp": "%s", "Description": "%s"}]}]' "${AWS_EC2_SG_CIDR}" "${AWS_EC2_SG_DESCRIPTION}")"
aws ec2 describe-security-groups --group-id sg-123456 \ --query 'SecurityGroups[].IpPermissions[?contains(IpProtocol, `tcp`)].IpRanges' \ --output text