15 September,2022 by Rambler
AWS CLI commands and queries I use on a regular basis
RDS CLI commands
AWS Backup CLI commands
AWS Database Management Service (DMS) CLI commands
Identity & Access Management (IAM) CLI commands
Security Token Service CLI commands
Key Management Service (KMS) CLI commands
EC2 CLI commands
DynamoDB CLI commands
VPC - Security Groups CLI commands
Aurora CLI commands
Aurora Global CLI commands
RESOURCEGROUPSTAGGINGAPI CLI commands
DocumentDB CLI commands
Cloudtrail CLI Commands
Route 53
--get the aws cli help pages
aws help
--get the service command list , example for Database Management Service (DMS)
aws dms commands
--get the current region
aws configure get region
RDS
--list all RDS instances
aws rds describe-db-instances
--List rds with the Aurora engine starting with "aurora", Note : for pattern matching back ticks required, Will be part of a DBCluster
aws rds describe-db-instances --query "DBInstances[?starts_with(Engine,'aurora')==`true`].DBInstanceIdentifier"
--List rds Instance with the postgres. Return DB InstanceIdentifier
aws rds describe-db-instances --query "DBInstances[?starts_with(Engine,'postgres')==`true`].DBInstanceIdentifier"
--List rds Instance with the mysql. Return DB InstanceIdentifier
aws rds describe-db-instances --query "DBInstances[?starts_with(Engine,'mysql')==`true`].DBInstanceIdentifier"
--List rds based on the DBInstanceIdentifier starting with a certain string
aws rds describe-db-instances --query "DBInstances[?starts_with(DBInstanceIdentifier,'MyValue')==`true`].DBInstanceIdentifier"
--list details for one RDS instance
aws rds describe-db-instances --db-instance-identifier <replace_with_my_rds_instance_name>
--list all RDS instances endpoints
aws rds describe-db-instances --query "DBInstances[].Endpoint[]"
--list the RDS DB Parameter Group Name for a specific RDS
aws rds describe-db-instances --db-instance-identifier <REPLACE_WITH_RDS_INSTANCE> --query "DBInstances[].{Name:DBParameterGroups[0].DBParameterGroupName}"
--Grab the ds.force_ssl from the ParamaterGroup associated to the RDS
aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH-PARAMETER_GROUP> --query "Parameters[?ParameterName=='ssl'].[ParameterName,ParameterValue]"
--Grab the rds.force_ssl from the ParamaterGroup associated to the RDS
aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH_PARAMATER_GROUP> --query "Parameters[?ParameterName=='rds.force_ssl'].[ParameterName,ParameterValue]"
--Grab the ssl from the ParamaterGroup associated to the RDS
aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH_PARAMATER_GROUP> --query "Parameters[?ParameterName=='ssl'].[ParameterName,ParameterValue]"
--list the RDS instance DBSubnet Group
aws rds describe-db-instances --db-instance-identifier <replace_rds_db_instance> --query "DBInstances[].DBSubnetGroup.DBSubnetGroupName"
--list the VPC Security GroupId
aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].{ID:VpcSecurityGroups[0].VpcSecurityGroupId}"
--list the DB Instance Class
aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].DBInstanceClass"
--list the RDS MultiAZ status for a specific instance
aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].MultiAZ"
Convert Single-AZ AWS RDS to Multi-AZ
--list the RDS Secondary Availability Zone for a specific instance - if MultiAZ is used
aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].SecondaryAvailabilityZone"
--list the DB Instance Engine
aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].Engine"
--list the DB KMS KeyId
aws rds describe-db-instances --db-instance-identifier <replace_with_rds_instance> --query "DBInstances[].KmsKeyId"
--list the RDS Amazon Resource Name (ARN)
aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier=='<replace_with_DBInstanceIdentifier>'].DBInstanceArn"
--list all RDS DBInstanceIdentifier and DBInstance ARN
aws rds describe-db-instances --query "DBInstances[*].[DBInstanceIdentifier,DBInstanceArn]"
--list RDS instance Endpoint & Port number for a specific RDS .
aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier=='<replace_with_DDBInstanceIdentifier>'].Endpoint[]"
--list all RDS DBInstanceIdentifier & Status
aws rds describe-db-instances --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus] "
--list a single RDS DBInstanceIdentifier & Status
aws rds describe-db-instances --db-instance-identifier <replace_with_rds_instance> --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus] "
--start RDS instance
aws rds start-db-instance --db-instance-identifier <replace_with_DBInstanceIdentifier>
--list the RDS VpcId of a single RDS Instance
aws rds describe-db-instances --query "DBInstances[*].DBSubnetGroup.VpcId" --db-instance- <replace_rds_db_instance> --output text
--list all the DBParameterGroupName
aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName"
--list all the DBSubnet group names
aws rds describe-db-subnet-groups --query "DBSubnetGroups[].DBSubnetGroupName"
--list the RDS DBSubnetGroupName
aws rds describe-db-instances --db-instance-identifier <replace_rds_db_instance> --query "DBInstances[].DBSubnetGroup.DBSubnetGroupName" --output text
--list the RDS tags
aws rds list-tags-for-resource --resource-name <replace_with_resource_arn>
--add tags to an RDS instance
aws rds add-tags-to-resource --resource-name <replace_with_resource_arn> --tags "[{\"Key\": \"MyKey\",\"Value\": \"MyValue\"}]"
--modify RDS multi-AZ to true
--List the AwsBackupRecoveryPointArn for an RDS Instance
aws rds describe-db-instances --db-instance-identifier <replace_with_DBIdentifier> --query "DBInstances[].AwsBackupRecoveryPointArn"
--Enable automated backups for RDS
aws rds modify-db-instance --db-instance-identifier <replace_with_dbinstance identifier> --backup-retention-period 3 --apply-immediately
--RDS Backup-LatestRestorableTime
aws rds describe-db-instances --db-instance-identifier <replace_with_DBIdentifier> --query "DBInstances[].LatestRestorableTime"
--View RDS automated backups
aws rds describe-db-instance-automated-backups --db-instance-identifier <replace_with_dbinstance identifier>
--Disable RDS automated backups
aws rds modify-db-instance --db-instance-identifier <replace_with_dbinstance identifier> --backup-retention-period 0 --apply-immediately
--Check if RDS automated backups are disabled. backup retention = 0 and mydbinstance status is available
aws rds describe-db-instances --db-instance-identifier <replace_with_dbinstance identifier> --query "DBInstances[*].[DBInstanceIdentifier,DBInstanceStatus,BackupRetentionPeriod]"
--create RDS DB snapshot
aws rds create-db-snapshot --db-instance-identifier myRDS --db-sn apshot-identifier myRDSsnapshotIdentifier
--List DBSnapshot details for a specific RD Instance
aws rds describe-db-snapshots --query "DBSnapshots[?DBInstanceIdentifier=='<repalce_with_resource_id>'']"
--List DBSnapshot for a specific RDS , returning DBSnapshotIdentifier,SnapshotCreateTime,SnapshotType
aws rds describe-db-snapshots --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "DBSnapshots[].[DBSnapshotIdentifier,SnapshotCreateTime,SnapshotType]"
--List the latest DBSnapshot for a specific RDS - returning the DBSnapshotIdentifier
aws rds describe-db-snapshots --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "sort_by(DBSnapshots, &SnapshotCreateTime)[-1].{id:DBSnapshotIdentifier,time:SnapshotCreateTime}"
--List Domain Membership
aws rds describe-db-instances --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "DBInstances[].[DomainMemberships]"
--check the current RDS Deletion Protection status , true or false
aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier==' <REPLACE_WITH_RDS_IDENTIFIER> '].DeletionProtection"
--Disable deletion protection on an RDS Instance
aws rds modify-db-instance --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --no-deletion-protection
--Delete the RDS Instance
aws rds delete-db-instance --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --final-db-snapshot-identifier <REPLACE_WITH_RDS_FINAL_SNAP_NAME>
--Delete the RDS Instance (with --no-delete-automated-backups )
aws rds delete-db-instance --db-instance-identifier test-run-instance --final-db-snapshot-identifier test-run-instance230123 --no-delete-automated-backups
---To identify the supported engine & version combinations - execute the following command . Check --engine , --version , --region
aws rds describe-orderable-db-instance-options --engine <replace_with_engine> --engine-version <replace_with_engine_version> --query "OrderableDBInstanceOptions[].{DBInstanceClass:DBInstanceClass,SupportedEngineModes:SupportedEngineModes[0]}" --output table --region <replace_with_region>
--Create RDS Read Replica & Promote to a standalone RDS Instance
Manage Cross Region RDS Read Replicas with AWS CLI
AWS BACKUP SERVICE
--list all backup plans
aws backup list-backup-plans
--list all backup plans BackupPlanName only
aws backup list-backup-plans --query "BackupPlansList[].BackupPlanName[]"
--list all backup plans BackupPlanName & BackupPlanID
aws backup list-backup-plans --query "BackupPlansList[].[BackupPlanName,BackupPlanId]"
--return metadata for a Backup Plan
aws backup list-backup-selections --backup-plan-id <replace_with_backup_plan_id>
--return metadata of the resources associated with the backup plan. For example - Tags
aws backup get-backup-selection --backup-plan-id <REPLACE_WITH_BACKUP_PLAN_ID> --selection-id <REPLACE_WITH_SELECTION_ID>
--Get Backup Rules for a specific Backup Plan - Rules, EnableContinuousBackup,TargetBackupvaultName,Lifecycle
aws backup get-backup-plan --backup-plan-id "<replace_with_backup_plan_id>"
--list resources selection for a backup plan
aws backup list-backup-selections --backup-plan-id "<replace_with_backup_plan_id>"
--get tags for a backup selection i.e resources assignment
aws backup get-backup-selection --backup-plan-id "<replace_with_backup_plan_id>" --selection-id "<replace_with_selection_id>"
--delete a Backup Plan (delete resource assignment , delete backup plan)
# Step 1 : Delete backup selection
aws backup delete-backup-selection --backup-plan-id "989898988 --selection-id "89879879877"
# Step 2 : Delete backup plan
aws backup delete-backup-plan ----backup-plan-id "989898988
--Create an on-demand backup of RDS
aws backup start-backup-job --backup-vault-name Default --resource-arn <replace_with_DBInstanceARN> --iam-role-arn xxxxxxxxxxxxxxxxxxxxxxxx
--List protected resources
aws backup list-protected-resources
--List protected resources , filtering for a specific resource type, - in this example I'm filtering on RDS
aws backup list-protected-resources --query "Results[?ResourceType=='RDS']"
aws backup list-protected-resources --query "Results[?ResourceType=='DynamoDB']"
--List protected resources , filtering for a wildcard search on ResourceArn
aws backup list-protected-resources --query "Results[?contains(ResourceArn,'<REPLACE_WITH_RESOURCE_NAME')]
--List Recovery Points based on Backup Vault , for a specific Resouce and "continuous" in the RecoveryPointARN
aws backup list-recovery-points-by-backup-vault --backup-vault-name <REPLACE_WITH_BACKUP_VAULT> --query "RecoveryPoints[?ResourceArn=='<REPLACE_WITH_RDS_INSTANCE_NAME>' && Status=='AVAILABLE' && contains(RecoveryPointArn,'continuous')]
--List all Recovery Points based on Backup Vault ,
aws backup list-recovery-points-by-backup-vault --backup-vault-name <REPLACE_WITH_BACKUP_VAULT> --query "RecoveryPoints[].RecoveryPointArn,ResourceArn,CreationDate,CompletionDate,ResourceType,StatusMessage,Status]"
--List all Recovery Points based on Backup Vault for DynamoDB for a specific data range
aws backup list-recovery-points-by-backup-vault --backup-vault-name <REPLACE_WITH_BACKUP_VAULT> --query "RecoveryPoints[?ResourceType=='DynamoDB' && SourceBackupVaultArn==null ].[ResourceName,CreationDate]" --by-created-after "2024-04-19T00:00:01+01:00" --by-created-before "2024-04-19T23:59:59+01:00"
--Create a backup
aws backup start-backup-job --backup-vault-name Default --resource-arn <replace_with_targeted_resource_arn> --iam-role-arn <replace_with_valid_iam_role>
-- Restore: Create a new DB instance from the DB snapshot , this process requires a few steps so added link to another post
How do I restore my AWS RDS? aws backup start-restore-job example
--Monitor currently RUNNING Restore Jobs
aws backup list-restore-jobs --by-status RUNNING
--List COMPLETED restore jobs for a specific RESOURCE based on ResourceArn
aws backup list-backup-jobs --by-state COMPLETED --query "BackupJobs[?ResourceArn == '<replace_with_RDS_Resource_ARN>'].[ResourceType,CompletionDate,RecoveryPointArn]"
--List COMPLETED restore jobs for a specific RESOURCE based on ResourceName
aws backup list-backup-jobs --by-state COMPLETED --query "BackupJobs[?ResourceName == '<replace_with_resource_name>'].[CompletionDate,RecoveryPointArn]"
--List Backup Jobs including AccountId,BackupVaultName, State , ResourceType,IamRoleArn ,StatusMessage, by default will be the last 30 days
aws backup list-backup-jobs --query "BackupJobs[*].[AccountId,CompletionDate,BackupVaultName, State , ResourceType,IamRoleArn ,StatusMessage]"
--List Backup Jobs including by resource type , by backup-vault-name after a certain date
aws backup list-backup-jobs --query "BackupJobs[].[ResourceArn,CompletionDate]" --by-backup-vault-name MuBackupVault --by-resource-type DynamoDB --by-complete-after 2024-09-23T018:58:58.035000+01:00
--List FAILED Backup Jobs
aws backup list-backup-jobs --by-state FAILED
--List Backup Vaults
aws backup list-backup-vaults
--View resource tags for resources in AWS Backup
How to view resource tags in AWS Backup using list-tags
Database Management Service (DMS)
--list subnet group configuration for DMS
aws dms describe-replication-subnet-groups
--list replication instances
aws dms describe-replication-instances
--Check status and version
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='ReplicationInstance'].[ReplicationInstanceIdentifier,ReplicationInstanceStatus,EngineVersion]"
--List all Replication Instances , ReplicationInstanceArnm associated EngiveVersion
aws dms describe-replication-instances --query "ReplicationInstances[].[ReplicationInstanceIdentifier,ReplicationInstanceArn,EngineVersion]"
--Modify the the Replication Instance Engine Version This will cause an outage , via apply-immediately .Check there are no jobs running on the Replication Instance
aws dms modify-replication-instance --replication-instance-arn <REPLACE_WITH_REPLICATION_INSTANCE_ARN> --engine-version <REPLACE_WITH_ENGINE_VERSION> --allow-major-version-upgrade --apply-immediately
--list DMS replication tasks - display only the task name (identifier) & the ReplicationTaskArn
aws dms describe-replication-tasks --query "ReplicationTasks[*].[ReplicationTaskIdentifier,ReplicationTaskArn]"
--start a DMS replication task - first time (start-replication)
aws dms start-replication-task --replication-task-arn <replace_with_replication_task_arn> --start-replication-task-type start-replication
--restart a DMS replication task - (reload-target)
aws dms start-replication-task --replication-task-arn <replace_with_replication_task_arn> --start-replication-task-type reload-target
--list Endpoints - Endpoint name
aws dms describe-endpoints --query "Endpoints[].EndpointIdentifier[]"
--get Replication Instance Class
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].ReplicationInstanceClass" --output table
--get Replication Storage
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].AllocatedStorage" --output table
--get MultiAZ status
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].MultiAZ" --output table
Identity & Access Management (IAM)
---Validate user’s permission on the SecretAccessRole using the IAM get-role command.
aws iam get-role --role-name ROLE_NAME
--Validate user’s permission on the secret using the Secrets Manager describe-secret
command.
aws secretsmanager describe-secret --secret-id SECRET_NAME OR SECRET_ARN --region=REGION_NAME
--Get the secret value
Get secret value from AWS Secrets Manager
--List policies limited to customer-managed
aws iam list-policies --scope Local
--Get the role details
aws iam get-role --role-name <replace_with_role_name>
--Get attached policies to a specific Role
aws iam list-attached-role-policies --role-name <replace_with_role_name>
--Get inline policies attached to a ROLE
aws iam list-role-policies --role-name <replace_with_iam_role>
--get the details of the policy . Note: will need the policy ARN, get from list-attached-role-policies
aws iam get-policy --policy-arn <replace_with_policy_ARN>
--create a policy. Need a prepared policy file to place in a .json file
aws iam create-policy --policy-name <replace_with_a_policy_name> --policy-document file://location.json
--delete a policy . Need the policy arn - use Get the ARN value of the policy created
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MySamplePolicy
--Get the ARN value of the policy created
aws iam list-policies --query "Policies[?PolicyName=='my-policy-name'].Arn" --output text
Create the IAM role and attach the trust relationship. Need to place the trust relationship in a json
aws iam create-role --role-name MY_ROLE_NAME --assume-role-policy-document file://assume_role_policy_document.json
Attach a policy to an existing Role
aws iam put-role-policy --role-name <replace_with_role_name> --policy-name <replace_with_policy> --policy-document file://location.json
--Get the ARN of a Role
aws iam list-roles --query "Roles[?RoleName=='my-role'].Arn" --output text
--Create a IAM Role ARN dynamically. Need jq installed
aws sts get-caller-identity | jq -r --arg prefix "arn:aws:iam::" --arg suffix ":role/<replace_with_role_name>" ". = $prefix + .Account + $suffix"
--Detach a policy from an IAM role
aws iam detach-role-policy --role-name <my_iam_role> --policy-arn <replace_with_policy_arn>
--Delete inline policy
aws iam delete-role-policy --role-name <replace_with_role_name> --policy-name <replace_with_policy_name>
Security Token Service
--To get details about the current IAM identity
aws sts get-caller-identity
--To switch role access with aws cli
Key Management Service (KMS)
--List all the aws encryption key ARN, returns KeyID & KeyArn
aws kms list-keys
--Lists all aliases in the caller's Amazon Web Services account and region.Includes returning the TargetKeyID
aws kms list-aliases
--Return a list of identifiers within a certain Region
aws kms list-aliases --region us-east-1 --query "Aliases[*].TargetKeyId"
--Use the KMS alias name , this command will return details of an alias e.g aws/secretsmanager .
aws kms list-aliases --region us-east-1 --query "Aliases[?contains(AliasName,'aws/secretsmanager')]
--KMS describe-key ,In this example using key-id “alias/aws/secretsmanager” as an example. replace key-id with relevant key
aws kms describe-key --key-id alias/aws/secretsmanager --query "KeyMetadata.Arn"
--KMS disable-key
aws kms disable-key --key-id <REPLACE_WITH_VALID_KEY_ARN>
--KMS enable-key
aws kms enable-key --key-id <REPLACE_WITH_VALID_KEY_ARN>
EC2
--List VPCId of current logged on Account
aws ec2 describe-vpcs --query "Vpcs[*].{VpcId:VpcId}" --output text
--List VPC ID, CIDR Block and Name of ALL the VPCs in an account
aws ec2 describe-vpcs --query "Vpcs[*].{VpcId:VpcId,Name:Tags[?Key=='Name'].Value|[0],CidrBlock:CidrBlock}" --output text
--List VPC ID, CIDR Block and Name of a specific VPC in an account
aws ec2 describe-vpcs --query "Vpcs[?VpcId=='<replace_with_vpc_id>'].{VpcId:VpcId,Name:Tags[?Key=='Name'].Value|[0],CidrBlock:CidrBlock}"
--List all availability zone names only
aws ec2 describe-availability-zones --query "AvailabilityZones[*].ZoneName"
DynamoDB
--Dynamodb list tables
aws dynamodb list-tables
--Get Table ARN for a DynamoDB table
aws dynamodb describe-table --table-name <replace_with_table_name> --query Table.TableArn
--List tags of resource
aws dynamodb list-tags-of-resource --resource-arn <replace_with_resource_arn>
--Adding tags to a DynamoDB table
aws dynamodb tag-resource --resource-arn <replace_with_resource_arn --tags Key=MyKey,Value=MyValue
--Get the Time-to-Live settings
aws dynamodb describe-time-to-live --table-name myTblName --query TimeToLiveDescription.[TimeToLiveStatus,AttributeName]
--Get the DynamoDB table KMS Key status
aws dynamodb describe-table --table-name <replace_with_dynamodb_table> --query Table.SSEDescription
--Get the DynamoDB GlobalTableVersion
-- Version 2019.11.21 (Current) & --2017.11.29 (Legacy)
aws dynamodb describe-table --table-name <replace_with_dynamodb_table> --query Table.GlobalTableVersion
--Get the DynamoDB table Status
aws dynamodb describe-table --table-name <replace_with_dynamodb_table> --query Table.TableStatus
--Adding to Time to Live
aws dynamodb update-time-to-live --table-name <REPLACE_WITH_TABLE_NAME> --time-to-live-specification "Enabled=true, AttributeName=<replace_with_attribute_name>"
--Check Continuous backup & PointInTimeRecoveryStatus of a DynamoDB table
aws dynamodb describe-continuous-backups --table-name <replace_with_Table_name>
--Get the backup-arn from the List of backups . As the backup is a local snapshot , so the backup Type is USER. Make a note of the BackupArn
aws dynamodb list-backups --table-name <REPLACE_WITH_TABLE_NAME> --backup-type USER --region <replace_with_region>
--Get the backup-arn from the List of backups . Backup Type = System. Make a note of the BackupArn
aws dynamodb list-backups --table-name <REPLACE_WITH_TABLE_NAME> --backup-type SYSTEM --region <replace_with_region>
--Get the DynamoDB Point-in-time recovery settings
aws dynamodb describe-continuous-backups --table-name myTblName --query ContinuousBackupsDescription.PointInTimeRecoveryDescription.PointInTimeRecoveryStatus
--Enable Point in Time Recovery on a DynamoDB table
aws dynamodb update-continuous-backups --table-name <replace_with_Table_name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
--Restore DynamoDB to the latest Point In Time
aws dynamodb restore-table-to-point-in-time --source-table-name <replace_with_source_Table_name> --target-table-name <replace_with_target_Table_name> --use-latest-restorable-time
--DynamoDB Backup & Restore
Amazon DynamoDB Backup & Restore
--Delete DynamoDB table . Note: If this is a Global Table and version 2019.11.21 the replica won't be deleted
aws dynamodb delete-table --table-name <replace_with_dynamodb_table_name>
--Delete a Global DynamoDB table version 2019.11.21
How to delete a Global DynamoDB table
VPC - Security Groups
--get the vpcid for for the target
--Describe security Groups for a specific security group
aws ec2 describe-security-groups --group-ids sg-903004f9
--Create a new security group in a specific VPC
aws ec2 create-security-group --group-name <replace_with_group_name> --description "rules for SQL Server" --vpc-id <replace_with_vpc_id>
--Add a Name tag to the Security Group
aws ec2 create-tags --resources <replace_with_security_group> --tags Key=Name,Value=<replace_with_security_group_name_tag>
--Create an ingress rule and associate with a security group
aws ec2 authorize-security-group-ingress --group-id <replace_with_security_group> --protocol <place_protocol_eg_tcp> --port <place_port_number> --cidr <ip_range>
--Delete security group
aws ec2 delete-security-group --group-id <security_group_id>
--Putting it all together to create a security group
How do I create a security group in AWS command line?
AURORA
--List all the Aurora DBClusters - with some extra details
aws rds describe-db-clusters --query "DBClusters[?contains(Engine,'aurora')].[DBClusterIdentifier]"
--Get the ARN for the Cluster
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "*[].{DBClusterArn:DBClusterArn}" --output text
--Get the status of the Aurora Cluster
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "*[].Status" --output text
--Get the Backtracking window of the Aurora Cluster
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "*[].BacktrackWindow" --output text
--List the endpoints of a specific Aurora Cluster
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "*[].{Endpoint:Endpoint,ReaderEndpoint:ReaderEndpoint,CustomEndpoints:CustomEndpoints}"
--List the endpoints of a all Aurora Clusters
aws rds describe-db-clusters --query "*[].{Endpoint:Endpoint,ReaderEndpoint:ReaderEndpoint,CustomEndpoints:CustomEndpoints}"
--List the AwsBackupRecoveryPointArn of an Aurora Cluster if it has an AWS Backup Continuous Backup
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[].AwsBackupRecoveryPointArn"
--List the tags for all Aurora DBClusters
aws rds describe-db-clusters --query "DBClusters[?contains(Engine,'aurora')].[DBClusterIdentifier,TagList]"
--list the Aurora Cluster DBSubnetGroupName
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[].DBSubnetGroup" --output text --output text
--List the AwsBackupRecoveryPointArn for an Aurora Cluster
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[].AwsBackupRecoveryPointArn"
--list the VPC Security GroupId
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[*].{ID:VpcSecurityGroups[0].VpcSecurityGroupId}" --output text
--list the DBClusterParameterGroup
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[*].DBClusterParameterGroup" --output text
--Get the Writer and Reader Instances of the Cluster
aws rds describe-db-clusters --db-cluster-identifier babelfish-poc --query "DBClusters[*].{ID:DBClusterMembers[*].[DBInstanceIdentifier,IsClusterWriter]}"
--Get the Aurora KMS Primary Cluster Key Id
aws rds describe-db-clusters --db-cluster-identifier my-cluster-prim --query "DBClusters[*].KmsKeyId" --output text
--Add tags to a Resource
aws rds add-tags-to-resource --resource-name <REPLACE_WITH_CLUSTER_ARN> --tags Key=mykey,Value=myvalue
--View Aurora Earliest Restorable time & Latest restore time for Restore
aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_DBCLUSTER_ID> --query "DBClusters[*].[DBClusterIdentifier,EarliestRestorableTime,LatestRestorableTime]"
--Get the Aurora Cluster Port
aws rds describe-db-clusters --db-cluster-identifier my-cluster-prim --query "DBClusters[*].Port"
--Get the AWS Backup Recovery Point ARN - i.e when AWS Backup is managing the Point in Time Recovery Backup
aws rds describe-db-cluster-automated-backups --db-cluster-identifier <replace_with_dbcluster_id> --query "DBClusterAutomatedBackups[*].AwsBackupRecoveryPointArn"
--Create a DB cluster snapshot
aws rds create-db-cluster-snapshot --db-cluster-identifier <REPLACE_WITH_DB_CLUSTER> --db-cluster-snapshot-identifier <REPLACE_WITH_SNAPSHOT_IDENTIFIER>
--Add a Read replica to an existing DB Cluster
aws rds create-db-instance --db-instance-identifier <REPLACE_WITH_NEW_READ_REPLICA_NAME> --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --engine <REPLACE_WITH_ENGINE> --db-instance-class <REPLACE_WITH_IINSTANCE_CLASS e.g db.r5.large> --availability-zone <EXAMPLE_us-east-1c>
--Failover the database in a Cluster . This will failover the existing Writer Cluster to an RDS Read Replica
aws rds failover-db-cluster --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME>
--Disable deletion protection on an Aurora Cluster
aws rds modify-db-cluster --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --no-deletion-protection
--Delete the Aurora Cluster
aws rds delete-db-cluster --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --no-skip-final-snapshot --final-db-snapshot-identifier <REPLACE_WITH_CLUSTER_NAME_FINAL-SNAPSHOT_NAME>
***Note : You may get this error message : Be sure to delete all instances associated with the cluster before you delete the cluster.
Be sure to delete all instances associated with the cluster before you delete the cluster.
--Delete an instance related to the Aurora Cluster
aws rds delete-db-instance --db-instance-identifier <REPLACE_WITH_THE_IDENTIFIER>
AURORA GLOBAL
--list all Aurora Global Cluster returning GlobalClusterIdentifier,Engine,EngineVersion,DatabaseName,StorageEncrypted,Status,DeletionProtection
aws rds describe-global-clusters --query "GlobalClusters[*].[GlobalClusterIdentifier,Engine,EngineVersion,DatabaseName,StorageEncrypted,Status,DeletionProtection]"
--Get details for a single Aurora Global Cluster
aws rds describe-global-clusters --global-cluster-identifier <replace_with_global_cluster_identifier>
--Get the Aurora Global Cluster members
aws rds describe-global-clusters --global-cluster-identifier <replace_with_global_cluster_identifier> --query "GlobalClusters[*].{ID:GlobalClusterMembers[*].[DBClusterArn,IsWriter]}"
--Remove Primary Cluster from a Global Cluster
aws rds --region primary_region remove-from-global-cluster --db-cluster-identifier primary_cluster_ARN --global-cluster-identifier global_database_id
--Create a new Global Cluster with an existing Primary Cluster
aws rds create-global-cluster --global-cluster-identifier <NEW_GLOBAL_IDENTIFIER> --source-db-cluster-identifier <replace_with_source_db_cluster_ARN>
--SwitchOver Global Cluster - used for planned failovers
aws rds --region <replace_with_primary_region> switchover-global-cluster --global-cluster-identifier <REPLACE_WITH_GLOBAL_IDENTIFIER> --target-db-cluster-identifier <REPLACE_WITH_arn_of_secondary_to_promote>
--Failover Global Cluster - used for unplanned failovers
aws rds --region <replace_region_of_selected_secondary> failover-global-cluster --global-cluster-identifier <replace_global_database_id> --target-db-cluster-identifier <replace_arn_of_secondary_to_promote> --allow-data-loss
RESOURCEGROUPSTAGGINGAPI
--list out all resourcesrces defined as RDS db , in preparation for tagging . Other resource-type-filter: rds:cluster ,
-- there is an issue with returning resources that have no tags /
aws resourcegroupstaggingapi get-resources --resource-type-filters rds:db --query "ResourceTagMappingList[*].ResourceARN" --output table
--list out all resources with a specific : Key & Value combination.
aws resourcegroupstaggingapi get-resources --tag-filters Key=MyKey,Values=MyValue --query "ResourceTagMappingList[*].ResourceARN"
aws resourcegroupstaggingapi get-resources --tag-filters Key=MyBackupTag,Values=MyBackupValye --query "ResourceTagMappingList[*].ResourceARN" --resource-type-filters dynamodb:table
--tag the resources listed in --resource-arn-list with the defined Key\Value pairing
aws resourcegroupstaggingapi tag-resources --resource-arn-list --tags MyKey=MyValue --resource-arn-list "arn:1" "arn:2"
DocumentDB
--List DocumentDB Clusters with full description
aws docdb describe-db-clusters --query "DBClusters[?Engine=='docdb']"
--List DocumentDB Clusters with DBCluster Name
aws docdb describe-db-clusters --query "DBClusters[?Engine=='docdb'].[DBClusterIdentifier]"
--Get ResourceArn of a DocumentDB Cluster
aws docdb describe-db-clusters --db-cluster-identifier <replace_with_cluster_id> --query "DBClusters[].DBClusterArn"
--List tags for the DocumentDB DBCluster
aws docdb list-tags-for-resource --resource-name <replace_with_resource_arn>
--Add tags to DocumentDB resource
aws docdb add-tags-to-resource --resource-name <replace_with_resource_arn> --tags Key="MyKey",Value="MyValue"
--Cluster Members (Readers & Writers)
aws docdb describe-db-clusters --db-cluster-identifier <replace_with_DBCluster_name> --query "DBClusters[].DBClusterMembers[].[DBInstanceIdentifier,IsClusterWriter]"
--List DocDB DBSubnetGroup
aws docdb describe-db-clusters --db-cluster-identifier <replace_with_DBCluster_name> --query "DBClusters[].DBSubnetGroup" --output text --output text
--Get the Docdb cluster : EarliestRestorableTime & LatestRestorableTime - Useful for Point-In-Time-Recovery restore
aws docdb describe-db-clusters --db-cluster-identifier <replace_with_dbcluster_id> --query "DBClusters[*].[EarliestRestorableTime,LatestRestorableTime]"
Cloudtrail
How do I search logs in CloudTrail for a KMS key?
--Look for Aurora DB Deleted DB Clusters in Cloudtrail
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteDBCluster
Route 53
How to create a CNAME record for a Route 53 Domain
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |