Follow dba-ninja.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

dba-ninja.com Links

Dba_db2_button

Sqlserver_dba_button

AWS CLI Cheatsheet - RDS, AWS Backup , DMS, IAM, Security Token Service,KMS,EC2, DynamoDB,VPC,Aurora, Aurora Global,RESOURCEGROUPSTAGGINGAPI,DocumentDB

15 September,2022 by Rambler

AWS CLI  commands and queries I use on a regular basis 

 

RDS CLI commands
AWS Backup CLI commands
AWS Database Management Service (DMS) CLI commands
Identity & Access Management (IAM) CLI commands
Security Token Service CLI commands
Key Management Service (KMS) CLI commands
EC2 CLI commands
DynamoDB CLI commands
VPC - Security Groups CLI commands
Aurora CLI commands
Aurora Global CLI commands
RESOURCEGROUPSTAGGINGAPI CLI commands
DocumentDB CLI commands

--get the aws cli help pages  

aws help

--get the service command list , example for Database Management Service (DMS)

aws dms commands

--get the current region

aws configure get region

RDS

--list all RDS instances 

aws rds describe-db-instances 

--List rds with the Aurora engine starting with "aurora", Note : for pattern matching back ticks required 

aws rds describe-db-instances --query "DBInstances[?starts_with(Engine,'aurora')==`true`].DBInstanceIdentifier"

--List rds based  on the  DBInstanceIdentifier starting with a certain string

aws rds describe-db-instances --query "DBInstances[?starts_with(DBInstanceIdentifier,'MyValue')==`true`].DBInstanceIdentifier"

--list details for one RDS instance

aws rds describe-db-instances --db-instance-identifier <replace_with_my_rds_instance_name>

--list all RDS instances endpoints

aws rds describe-db-instances --query "DBInstances[].Endpoint[]"

--list the RDS DB Parameter Group Name for a specific RDS

aws rds describe-db-instances --db-instance-identifier <REPLACE_WITH_RDS_INSTANCE> --query "DBInstances[].{Name:DBParameterGroups[0].DBParameterGroupName}"

--Grab the  ds.force_ssl from the ParamaterGroup associated to the RDS

aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH-PARAMETER_GROUP> --query "Parameters[?ParameterName=='ssl'].[ParameterName,ParameterValue]"

--Grab the  rds.force_ssl from the ParamaterGroup associated to the RDS

aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH_PARAMATER_GROUP> --query "Parameters[?ParameterName=='rds.force_ssl'].[ParameterName,ParameterValue]"

--Grab the  ssl from the ParamaterGroup associated to the RDS

aws rds describe-db-parameters --db-parameter-group-name <REPLACE_WITH_PARAMATER_GROUP> --query "Parameters[?ParameterName=='ssl'].[ParameterName,ParameterValue]"

--list the RDS instance DBSubnet Group

aws rds describe-db-instances --db-instance-identifier <replace_rds_db_instance> --query "DBInstances[].DBSubnetGroup.DBSubnetGroupName" 

--list the VPC Security GroupId

aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].{ID:VpcSecurityGroups[0].VpcSecurityGroupId}" 

--list the DB Instance Class

aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].DBInstanceClass" 

--list the DB Instance Engine

aws rds describe-db-instances --db-instance-identifier <replace_rds_instance> --query "DBInstances[*].Engine" 

--list the DB KMS KeyId

aws rds describe-db-instances --db-instance-identifier <replace_with_rds_instance> --query "DBInstances[].KmsKeyId" 

--list the RDS Amazon Resource Name (ARN)

aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier=='<replace_with_DBInstanceIdentifier>'].DBInstanceArn"

--list all RDS DBInstanceIdentifier and DBInstance ARN

aws rds describe-db-instances --query "DBInstances[*].[DBInstanceIdentifier,DBInstanceArn]"

--list RDS instance Endpoint  & Port number for a specific RDS . 

aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier=='<replace_with_DDBInstanceIdentifier>'].Endpoint[]"

--list all RDS DBInstanceIdentifier & Status 

aws rds describe-db-instances --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus] "

--list a single RDS DBInstanceIdentifier & Status 

aws rds describe-db-instances --db-instance-identifier <replace_with_rds_instance> --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus] "

--start RDS instance 

aws rds start-db-instance --db-instance-identifier <replace_with_DBInstanceIdentifier>

--list the RDS VpcId of a single RDS Instance

aws rds describe-db-instances --query "DBInstances[*].DBSubnetGroup.VpcId" --db-instance-  <replace_rds_db_instance> --output text

--list all the DBParameterGroupName

aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" 

--list all the DBSubnet group names

aws rds describe-db-subnet-groups  --query "DBSubnetGroups[].DBSubnetGroupName" 

--list the RDS DBSubnetGroupName 

aws rds describe-db-instances --db-instance-identifier  <replace_rds_db_instance> --query "DBInstances[].DBSubnetGroup.DBSubnetGroupName" --output text

--list the RDS tags 

aws rds list-tags-for-resource --resource-name <replace_with_resource_arn>

--add tags to an RDS instance

aws rds add-tags-to-resource --resource-name <replace_with_resource_arn> --tags "[{\"Key\": \"MyKey\",\"Value\": \"MyValue\"}]"

--modify RDS multi-AZ to true

 RDS modify Multi AZ to true

--List the AwsBackupRecoveryPointArn

aws rds describe-db-instances --db-instance-identifier <replace_with_DBIdentifier> --query "DBInstances[].AwsBackupRecoveryPointArn"

--Enable automated backups for RDS

aws rds modify-db-instance --db-instance-identifier <replace_with_dbinstance identifier>   --backup-retention-period 3 --apply-immediately

--RDS Backup-LatestRestorableTime

aws rds describe-db-instances --db-instance-identifier <replace_with_DBIdentifier> --query "DBInstances[].LatestRestorableTime"

--View RDS automated backups 

aws rds describe-db-instance-automated-backups --db-instance-identifier  <replace_with_dbinstance identifier>

--Disable RDS automated backups 

aws rds modify-db-instance --db-instance-identifier <replace_with_dbinstance identifier>  --backup-retention-period 0 --apply-immediately

--Check if RDS automated backups are disabled.  backup retention = 0 and mydbinstance status is available

aws rds describe-db-instances --db-instance-identifier <replace_with_dbinstance identifier> --query "DBInstances[*].[DBInstanceIdentifier,DBInstanceStatus,BackupRetentionPeriod]"

--create RDS DB snapshot

aws rds create-db-snapshot --db-instance-identifier myRDS --db-sn apshot-identifier myRDSsnapshotIdentifier

--List DBSnapshot details for a specific RD Instance

aws rds describe-db-snapshots --query "DBSnapshots[?DBInstanceIdentifier=='<repalce_with_resource_id>'']"

--List DBSnapshot for a specific RDS , returning DBSnapshotIdentifier,SnapshotCreateTime,SnapshotType

aws rds describe-db-snapshots --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "DBSnapshots[].[DBSnapshotIdentifier,SnapshotCreateTime,SnapshotType]"

--List the latest DBSnapshot for a specific RDS - returning the DBSnapshotIdentifier 

aws rds describe-db-snapshots --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "sort_by(DBSnapshots, &SnapshotCreateTime)[-1].{id:DBSnapshotIdentifier,time:SnapshotCreateTime}"

--List Domain Membership 

aws rds describe-db-instances --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --query "DBInstances[].[DomainMemberships]"

--check the current RDS Deletion Protection status , true or false

aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier==' <REPLACE_WITH_RDS_IDENTIFIER> '].DeletionProtection"

--Disable deletion protection on an RDS Instance 

aws rds modify-db-instance --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --no-deletion-protection

--Delete the RDS Instance 

aws rds delete-db-instance --db-instance-identifier <REPLACE_WITH_RDS_IDENTIFIER> --final-db-snapshot-identifier <REPLACE_WITH_RDS_FINAL_SNAP_NAME> 

--Delete the RDS Instance  (with --no-delete-automated-backups ) 

aws rds delete-db-instance --db-instance-identifier test-run-instance --final-db-snapshot-identifier test-run-instance230123 --no-delete-automated-backups

---To identify the supported engine & version combinations -  execute the following command . Check --engine , --version , --region 

aws rds describe-orderable-db-instance-options --engine <replace_with_engine> --engine-version <replace_with_engine_version> --query "OrderableDBInstanceOptions[].{DBInstanceClass:DBInstanceClass,SupportedEngineModes:SupportedEngineModes[0]}" --output table --region <replace_with_region>

--Create RDS Read Replica  & Promote to a standalone RDS Instance

Manage Cross Region RDS Read Replicas with AWS CLI

AWS BACKUP SERVICE

--list all backup plans

aws backup list-backup-plans

--list all backup plans BackupPlanName only 

aws backup list-backup-plans --query "BackupPlansList[].BackupPlanName[]"

--list all backup plans BackupPlanName & BackupPlanID

aws backup list-backup-plans --query "BackupPlansList[].[BackupPlanName,BackupPlanId]"

--return metadata for a Backup Plan 

aws backup list-backup-selections --backup-plan-id <replace_with_backup_plan_id>

--return metadata of the resources associated with the backup plan. For example - Tags 

aws backup get-backup-selection --backup-plan-id <REPLACE_WITH_BACKUP_PLAN_ID> --selection-id <REPLACE_WITH_SELECTION_ID>

--Get Backup Rules for a specific  Backup Plan - Rules, EnableContinuousBackup,TargetBackupvaultName,Lifecycle

aws backup get-backup-plan --backup-plan-id "<replace_with_backup_plan_id>"

--list resources selection for a backup plan 

aws backup list-backup-selections --backup-plan-id "<replace_with_backup_plan_id>"

--get tags for a backup selection i.e resources assignment

aws backup get-backup-selection --backup-plan-id "<replace_with_backup_plan_id>"  --selection-id "<replace_with_selection_id>"

--delete a Backup Plan (delete resource assignment , delete backup plan)

# Step 1 : Delete backup selection
aws backup delete-backup-selection --backup-plan-id  "989898988 --selection-id "89879879877"

# Step 2 : Delete backup plan
aws backup delete-backup-plan ----backup-plan-id  "989898988 

--Create an on-demand backup of RDS 

aws backup start-backup-job --backup-vault-name Default --resource-arn <replace_with_DBInstanceARN> --iam-role-arn xxxxxxxxxxxxxxxxxxxxxxxx 

--List protected resources

aws backup list-protected-resources 

--List protected resources , filtering for a specific resource type, - in this example I'm filtering on  RDS

aws backup list-protected-resources --query "Results[?ResourceType=='RDS']"

aws backup list-protected-resources --query "Results[?ResourceType=='DynamoDB']"

--List protected resources , filtering for a wildcard search on ResourceArn 

aws backup list-protected-resources --query "Results[?contains(ResourceArn,'<REPLACE_WITH_RESOURCE_NAME')]

--List Recovery Points based on Backup Vault , using the --query filter to isolate based on a resource arn , continuous backup & status = Available

aws backup  list-recovery-points-by-backup-vault --backup-vault-name <REPLACE_WITH_BACKUP_VAULT> --query "RecoveryPoints[?ResourceArn=='<REPLACE_WITH_RDS_INSTANCE_NAME>' && Status=='AVAILABLE' && contains(RecoveryPointArn,'continuous')]

aws backup list-recovery-points-by-backup-vault --backup-vault-name TRV-Backup-Vault --query "RecoveryPoints[].RecoveryPointArn,ResourceArn,CreationDate,CompletionDate,ResourceType,StatusMessage,Status]"

--Create a backup 

aws backup start-backup-job --backup-vault-name Default --resource-arn <replace_with_targeted_resource_arn> --iam-role-arn <replace_with_valid_iam_role>

-- Restore: Create a new DB instance from the DB snapshot , this process requires a few steps so added link to another post

How do I restore my AWS RDS? aws backup start-restore-job example

--Monitor currently RUNNING Restore Jobs 

aws backup list-restore-jobs --by-status RUNNING

--List COMPLETED restore jobs for a specific RESOURCE based on ResourceArn 

aws backup list-backup-jobs --by-state COMPLETED --query "BackupJobs[?ResourceArn == '<replace_with_RDS_Resource_ARN>'].[ResourceType,CompletionDate,RecoveryPointArn]"

--List COMPLETED restore jobs for a specific RESOURCE based on ResourceName

aws backup list-backup-jobs --by-state COMPLETED --query "BackupJobs[?ResourceName == '<replace_with_resource_name>'].[CompletionDate,RecoveryPointArn]"

--List Backup  Jobs including AccountId,BackupVaultName, State , ResourceType,IamRoleArn ,StatusMessage, by default will be the last 30 days 

aws backup list-backup-jobs --query "BackupJobs[*].[AccountId,CompletionDate,BackupVaultName, State , ResourceType,IamRoleArn ,StatusMessage]"

--List FAILED Backup Jobs 

aws backup list-backup-jobs --by-state FAILED

--List Backup Vaults 

aws backup list-backup-vaults

--View resource tags for resources in AWS Backup 

 How to view resource tags in AWS Backup using list-tags

Database Management Service (DMS)

 

--list subnet group configuration for DMS

aws dms describe-replication-subnet-groups

--list replication instances

aws dms describe-replication-instances

--Check status and version 

aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='ReplicationInstance'].[ReplicationInstanceIdentifier,ReplicationInstanceStatus,EngineVersion]"

--List all Replication Instances , ReplicationInstanceArnm associated EngiveVersion

aws dms describe-replication-instances --query "ReplicationInstances[].[ReplicationInstanceIdentifier,ReplicationInstanceArn,EngineVersion]"

--Modify the the Replication Instance Engine Version  This will cause an outage , via apply-immediately .Check there are no jobs running on the Replication Instance

aws dms modify-replication-instance --replication-instance-arn <REPLACE_WITH_REPLICATION_INSTANCE_ARN> --engine-version <REPLACE_WITH_ENGINE_VERSION> --allow-major-version-upgrade --apply-immediately

--list DMS replication tasks - display only the task name (identifier) & the  ReplicationTaskArn

aws dms describe-replication-tasks --query "ReplicationTasks[*].[ReplicationTaskIdentifier,ReplicationTaskArn]"

 

--start a DMS replication task - first time (start-replication)

aws dms start-replication-task --replication-task-arn <replace_with_replication_task_arn> --start-replication-task-type start-replication

--restart a DMS replication task - (reload-target)

aws dms start-replication-task --replication-task-arn <replace_with_replication_task_arn> --start-replication-task-type reload-target

--list Endpoints - Endpoint name

aws dms describe-endpoints --query "Endpoints[].EndpointIdentifier[]"

--get Replication Instance Class
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].ReplicationInstanceClass" --output table

--get Replication Storage
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].AllocatedStorage" --output table

--get MultiAZ status
aws dms describe-replication-instances --query "ReplicationInstances[?ReplicationInstanceIdentifier=='<myReplicationInstance>'].MultiAZ" --output table

Identity & Access Management (IAM)

 

---Validate user’s permission on the SecretAccessRole using the IAM get-role command.

aws iam get-role --role-name ROLE_NAME

--Validate user’s permission on the secret using the Secrets Manager describe-secret
command.
aws secretsmanager describe-secret --secret-id SECRET_NAME OR SECRET_ARN --region=REGION_NAME

--Get the secret value 

 Get secret value from AWS Secrets Manager

--List policies limited to customer-managed 

aws iam list-policies --scope Local

--Get the role details 

aws iam get-role --role-name <replace_with_role_name>

--Get attached policies to a specific Role

aws iam list-attached-role-policies --role-name <replace_with_role_name>

--Get inline policies attached to a ROLE

aws iam list-role-policies --role-name <replace_with_iam_role>

--get the details of the policy  . Note: will need the policy ARN, get from list-attached-role-policies

aws iam get-policy --policy-arn <replace_with_policy_ARN>

 

--create a policy. Need a prepared policy file to place in a .json file

aws iam create-policy --policy-name <replace_with_a_policy_name>  --policy-document file://location.json

--delete a policy . Need the policy arn - use Get the ARN value of the policy created 

aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MySamplePolicy

--Get the ARN value of the policy created 
aws iam list-policies --query "Policies[?PolicyName=='my-policy-name'].Arn" --output text

Create the IAM role  and attach the trust relationship. Need to place the trust relationship in a json 
aws iam create-role --role-name MY_ROLE_NAME --assume-role-policy-document file://assume_role_policy_document.json

Attach a policy to an existing Role

aws iam put-role-policy --role-name <replace_with_role_name> --policy-name <replace_with_policy> --policy-document file://location.json

--Get the ARN of a Role

aws iam list-roles --query "Roles[?RoleName=='my-role'].Arn" --output text

--Create a IAM Role ARN dynamically. Need jq installed 

aws sts get-caller-identity | jq -r --arg prefix "arn:aws:iam::" --arg suffix ":role/<replace_with_role_name>" ". = $prefix + .Account + $suffix"

--Detach a policy from an IAM role 

aws iam detach-role-policy --role-name <my_iam_role> --policy-arn <replace_with_policy_arn>

--Delete inline policy 

aws iam delete-role-policy --role-name <replace_with_role_name> --policy-name <replace_with_policy_name>

Security Token Service

--To get details about the current IAM identity

aws sts get-caller-identity

Key Management Service (KMS)

 

--List all the aws encryption key ARN, returns KeyID & KeyArn

aws kms list-keys

--Lists all aliases in the caller's Amazon Web Services account and region.Includes returning the TargetKeyID

aws kms list-aliases

--Return a list of identifiers within a certain Region

aws kms list-aliases --region us-east-1 --query "Aliases[*].TargetKeyId"

--Use the KMS alias name , this command will return details of an alias e.g aws/secretsmanager .
aws kms list-aliases --region us-east-1 --query "Aliases[?contains(AliasName,'aws/secretsmanager')]

--KMS describe-key ,In this example using key-id “alias/aws/secretsmanager” as an example. replace key-id with relevant key 
aws kms describe-key --key-id alias/aws/secretsmanager --query "KeyMetadata.Arn"

--KMS disable-key 

aws kms disable-key --key-id <REPLACE_WITH_VALID_KEY_ARN>

--KMS enable-key 

aws kms enable-key --key-id <REPLACE_WITH_VALID_KEY_ARN>

EC2

--List VPCId of current logged on Account

aws ec2 describe-vpcs --query "Vpcs[*].{VpcId:VpcId}" --output text

--List  VPC ID, CIDR Block and Name  of ALL the VPCs in an account

aws ec2 describe-vpcs --query "Vpcs[*].{VpcId:VpcId,Name:Tags[?Key=='Name'].Value|[0],CidrBlock:CidrBlock}" --output text

--List  VPC ID, CIDR Block and Name  of  a specific VPC in an account

aws ec2 describe-vpcs --query "Vpcs[?VpcId=='<replace_with_vpc_id>'].{VpcId:VpcId,Name:Tags[?Key=='Name'].Value|[0],CidrBlock:CidrBlock}"

--List all availability zone names only

aws ec2 describe-availability-zones --query "AvailabilityZones[*].ZoneName" 

DynamoDB

--Dynamodb list  tables 

aws dynamodb list-tables

--Get Table ARN for a DynamoDB table 

aws dynamodb describe-table --table-name <replace_with_table_name> --query Table.TableArn

--List tags of resource 

aws dynamodb list-tags-of-resource --resource-arn <replace_with_resource_arn>

--Adding tags to a DynamoDB table

aws dynamodb tag-resource --resource-arn <replace_with_resource_arn --tags Key=MyKey,Value=MyValue

--Get the Time-to-Live settings

aws dynamodb describe-time-to-live --table-name myTblName --query TimeToLiveDescription.[TimeToLiveStatus,AttributeName]

--Adding to Time to Live   

aws dynamodb update-time-to-live --table-name <REPLACE_WITH_TABLE_NAME> --time-to-live-specification "Enabled=true, AttributeName=<replace_with_attribute_name>"

--Check Continuous backup  & PointInTimeRecoveryStatus of a DynamoDB table

aws dynamodb describe-continuous-backups --table-name <replace_with_Table_name>

--Get the DynamoDB Point-in-time recovery settings

aws dynamodb describe-continuous-backups --table-name myTblName --query ContinuousBackupsDescription.PointInTimeRecoveryDescription.PointInTimeRecoveryStatus

--Enable Point in Time Recovery on a DynamoDB table

aws dynamodb update-continuous-backups --table-name <replace_with_Table_name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

--Restore DynamoDB to the latest Point In Time 

aws dynamodb restore-table-to-point-in-time --source-table-name <replace_with_source_Table_name> --target-table-name <replace_with_target_Table_name>  --use-latest-restorable-time

--DynamoDB Backup & Restore

Amazon DynamoDB Backup & Restore

--Delete  DynamoDB table 

aws dynamodb delete-table --table-name <replace_with_dynamodb_table_name>

VPC - Security Groups 

--Describe security Groups for a specific security group

aws ec2 describe-security-groups --group-ids sg-903004f9

--Create a new security in a specific VPC

aws ec2 create-security-group --group-name <replace_with_group_name> --description "rules for SQL Server" --vpc-id  <replace_with_vpc_id>

--Add a Name tag to the Security Group 

aws ec2 create-tags --resources <replace_with_security_group> --tags Key=Name,Value=<replace_with_security_group_name_tag>

--Create an ingress rule and associate with a security group

aws ec2 authorize-security-group-ingress --group-id <replace_with_security_group> --protocol <place_protocol_eg_tcp> --port <place_port_number> --cidr  <ip_range>

--Delete security group

aws ec2 delete-security-group --group-id  <security_group_id>

--Putting it all together to create a security group

How do I create a security group in AWS command line?

AURORA

--List all the Aurora DBClusters - with some extra details 

aws rds describe-db-clusters --query "DBClusters[?contains(Engine,'aurora')].[DBClusterIdentifier]"

--Get the ARN for the Cluster 

aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "*[].{DBClusterArn:DBClusterArn}" --output text

--List the endpoints of a specific  Aurora Cluster 

aws rds describe-db-clusters --db-cluster-identifier  <REPLACE_WITH_CLUSTER_NAME> --query "*[].{Endpoint:Endpoint,ReaderEndpoint:ReaderEndpoint,CustomEndpoints:CustomEndpoints}"

--List the endpoints of a all  Aurora Clusters

aws rds describe-db-clusters  --query "*[].{Endpoint:Endpoint,ReaderEndpoint:ReaderEndpoint,CustomEndpoints:CustomEndpoints}"

--List the AwsBackupRecoveryPointArn of an Aurora Cluster if it has an AWS Backup Continuous Backup 

aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[].AwsBackupRecoveryPointArn"

--List the tags for all Aurora DBClusters 

aws rds describe-db-clusters --query "DBClusters[?contains(Engine,'aurora')].[DBClusterIdentifier,TagList]"

--list the Aurora Cluster DBSubnetGroupName

aws rds describe-db-clusters --db-cluster-identifier  <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[].DBSubnetGroup" --output text --output text

--list the VPC Security GroupId

aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[*].{ID:VpcSecurityGroups[0].VpcSecurityGroupId}" --output text

--list the DBClusterParameterGroup

aws rds describe-db-clusters --db-cluster-identifier  <REPLACE_WITH_CLUSTER_NAME> --query "DBClusters[*].DBClusterParameterGroup" --output text

--Get the Writer and Reader Instances of the Cluster

aws rds describe-db-clusters --db-cluster-identifier babelfish-poc --query "DBClusters[*].{ID:DBClusterMembers[*].[DBInstanceIdentifier,IsClusterWriter]}"

--Get the Aurora KMS Primary Cluster Key Id 

aws rds describe-db-clusters --db-cluster-identifier my-cluster-prim --query "DBClusters[*].KmsKeyId" --output text

--Add tags to a Resource 

aws rds add-tags-to-resource --resource-name <REPLACE_WITH_CLUSTER_ARN> --tags Key=mykey,Value=myvalue 

--View Aurora Earliest Restorable time & Latest restore time for Restore

aws rds describe-db-clusters --db-cluster-identifier <REPLACE_WITH_DBCLUSTER_ID> --query "DBClusters[*].[DBClusterIdentifier,EarliestRestorableTime,LatestRestorableTime]"

--Get the Aurora Cluster Port 

aws rds describe-db-clusters --db-cluster-identifier my-cluster-prim --query "DBClusters[*].Port"

--Get the AWS Backup Recovery Point ARN - i.e when AWS Backup is managing the Point in Time Recovery Backup 

aws rds describe-db-cluster-automated-backups --db-cluster-identifier  <replace_with_dbcluster_id> --query "DBClusterAutomatedBackups[*].AwsBackupRecoveryPointArn"

--Create a DB cluster snapshot 

aws rds create-db-cluster-snapshot --db-cluster-identifier <REPLACE_WITH_DB_CLUSTER> --db-cluster-snapshot-identifier <REPLACE_WITH_SNAPSHOT_IDENTIFIER>

--Add a Read replica to an existing DB Cluster

aws rds create-db-instance --db-instance-identifier <REPLACE_WITH_NEW_READ_REPLICA_NAME> --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --engine <REPLACE_WITH_ENGINE> --db-instance-class <REPLACE_WITH_IINSTANCE_CLASS e.g  db.r5.large> --availability-zone <EXAMPLE_us-east-1c>

--Disable deletion protection on an Aurora Cluster  

aws rds modify-db-cluster --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --no-deletion-protection

--Delete the Aurora Cluster 

aws rds delete-db-cluster --db-cluster-identifier <REPLACE_WITH_CLUSTER_NAME> --no-skip-final-snapshot --final-db-snapshot-identifier <REPLACE_WITH_CLUSTER_NAME_FINAL-SNAPSHOT_NAME>

***Note : You may get this error message : Be sure to delete all instances associated with the cluster before you delete the cluster.

Be sure to delete all instances associated with the cluster before you delete the cluster.

--Delete an instance related to the Aurora Cluster 

aws rds delete-db-instance --db-instance-identifier <REPLACE_WITH_THE_IDENTIFIER>

AURORA GLOBAL

--list all Aurora Global Cluster  returning  GlobalClusterIdentifier,Engine,EngineVersion,DatabaseName,StorageEncrypted,Status,DeletionProtection

aws rds describe-global-clusters --query "GlobalClusters[*].[GlobalClusterIdentifier,Engine,EngineVersion,DatabaseName,StorageEncrypted,Status,DeletionProtection]"

--Get details for a single Aurora Global Cluster 

aws rds describe-global-clusters --global-cluster-identifier <replace_with_global_cluster_identifier>

--Get the Aurora Global Cluster members

aws rds describe-global-clusters --global-cluster-identifier <replace_with_global_cluster_identifier> --query "GlobalClusters[*].{ID:GlobalClusterMembers[*].[DBClusterArn,IsWriter]}"

RESOURCEGROUPSTAGGINGAPI

--list out all resourcesrces defined as RDS db , in preparation for tagging . Other resource-type-filter: rds:cluster , 

-- there is an issue with returning resources that have no tags /

aws resourcegroupstaggingapi get-resources --resource-type-filters rds:db --query "ResourceTagMappingList[*].ResourceARN" --output table

--list out all resources with a specific : Key & Value   combination.

aws resourcegroupstaggingapi get-resources --tag-filters Key=MyKey,Values=MyValue --query "ResourceTagMappingList[*].ResourceARN"

--tag the resources listed in --resource-arn-list   with the defined Key\Value pairing 

aws resourcegroupstaggingapi tag-resources --resource-arn-list --tags  MyKey=MyValue --resource-arn-list "arn:1" "arn:2"

 

DocumentDB

--List DocumentDB Clusters with full description

aws docdb describe-db-clusters --query "DBClusters[?Engine=='docdb']"

--List DocumentDB Clusters with DBCluster Name 

aws docdb describe-db-clusters --query "DBClusters[?Engine=='docdb'].[DBClusterIdentifier]"

--Get ResourceArn of a DocumentDB Cluster 

aws docdb describe-db-clusters --db-cluster-identifier <replace_with_cluster_id> --query "DBClusters[].DBClusterArn"

--List tags for the DocumentDB DBCluster 

aws docdb list-tags-for-resource --resource-name <replace_with_resource_arn>

 

--Cluster Members (Readers & Writers) 

aws docdb describe-db-clusters --db-cluster-identifier   <replace_with_DBCluster_name> --query "DBClusters[].DBClusterMembers[].[DBInstanceIdentifier,IsClusterWriter]"

--List DocDB DBSubnetGroup 

aws docdb describe-db-clusters --db-cluster-identifier <replace_with_DBCluster_name> --query "DBClusters[].DBSubnetGroup" --output text --output text

--Get the Docdb cluster : EarliestRestorableTime  & LatestRestorableTime - Useful for Point-In-Time-Recovery restore 

 aws docdb describe-db-clusters --db-cluster-identifier <replace_with_dbcluster_id>  --query "DBClusters[*].[EarliestRestorableTime,LatestRestorableTime]"


Author: Rambler (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on AWS CLI Cheatsheet - RDS, AWS Backup , DMS, IAM, Security Token Service,KMS,EC2, DynamoDB,VPC,Aurora, Aurora Global,RESOURCEGROUPSTAGGINGAPI,DocumentDB


dba-ninja.com