aws.alias

[toplevel]

aliases = 
  !f() {
    grep "^[a-z-][a-z0-9-]* = *" ~/.aws/cli/alias | awk '{print $1}' | sort
  }; f

apikeys = apigateway get-api-keys --query "items[*].[name,description]" --output text
# doit = iam list-roles --query "Roles[?ends_with(RoleName, 'lambdaRole')].Arn | join(' ', @)"

s3-tags = 
  !f() {
    bucket=$1
    aws s3api get-bucket-tagging --bucket --output text $bucket
  }; f

s3-tags-add = 
  !f() {
    bucket=$1
    additionalTagsFile=$2
    currentTagsFile=$(mktemp)
    newTagsFile=$(mktemp)
    currentTagsFile=file1
    newTagsFile=newtags
    aws s3api get-bucket-tagging --bucket $bucket > $currentTagsFile
    jq -s '.[0] * .[1]' $currentTagsFile $additionalTagsFile > $newTagsFile
    #cat $newTagsFile
    #echo aws s3api put-bucket-tagging --bucket $bucket --tagging $newTagsFile
    #aws s3api put-bucket-tagging --bucket $bucket --tagging file://$newTagsFile
    #rm $currentTagsFile $newTagsFile
  }; f

whoami = sts get-caller-identity

upolicies = iam list-policies --scope Local --query '
    Policies[?AttachmentCount==`0`] | [].Arn
  ' --output text

vpcs = ec2 describe-vpcs --query '
    Vpcs[].[Tags[?Key==`Name`]
      | [0].Value, CidrBlock, VpcId]
  '

lambda-roles = iam list-roles --query "Roles[?ends_with(RoleName, 'lambdaRole')].RoleName"

lambda-env = lambda list-functions --query "Functions[].{FunctionName: FunctionName, Environment: Environment.Variables}"

lambda-subnets = lambda list-functions --function-version ALL --query "Functions[?VpcConfig.SubnetIds != `null`].[FunctionName, Version, VpcConfig.SubnetIds | join(',', @)]" --output table

lambda-handlers = lambda list-functions --query "Functions[].{FunctionName: FunctionName, Handler: Handler}" --output text

doit = iam list-roles --query "Roles[?ends_with(RoleName, 'lambdaRole')].Arn | join(' ', @)"

secrets = secretsmanager list-secrets --query "SecretList[].ARN"

get_secret = 
  !f() {
    aws secretsmanager get-secret-value --secret-id ${1}
  }; f

put_secret = 
  !f() {
    aws secretsmanager put-secret-value --secret-id ${1} --secret-string ${2}
  }; f

create-assume-role =
  !f() {
    aws iam create-role --role-name "${1}" \
      --assume-role-policy-document \
        "{\"Statement\":[{\
            \"Action\":\"sts:AssumeRole\",\
            \"Effect\":\"Allow\",\
            \"Principal\":{\"Service\":\""${2}".amazonaws.com\"},\
            \"Sid\":\"\"\
          }],\
          \"Version\":\"2012-10-17\"\
        }";
  }; f


running-instances = ec2 describe-instances \
    --filter Name=instance-state-name,Values=running \
    --output table \
    --query 'Reservations[].Instances[].{ID: InstanceId,Hostname: PublicDnsName,Name: Tags[?Key==`Name`].Value | [0],Type: InstanceType, Platform: Platform || `Linux`}'

ebs-volumes= ec2 describe-volumes \
    --query 'Volumes[].{VolumeId: VolumeId,State: State,Size: Size,Name: Tags[0].Value,AZ: AvailabilityZone}' \
    --output table

amazon-linux-amis = ec2 describe-images \
    --filter \
      Name=owner-alias,Values=amazon \
      Name=name,Values="amzn-ami-hvm-*" \
      Name=architecture,Values=x86_64 \
      Name=virtualization-type,Values=hvm \
      Name=root-device-type,Values=ebs \
      Name=block-device-mapping.volume-type,Values=gp2 \
    --query "reverse(sort_by(Images, &CreationDate))[*].[ImageId,Name,Description]" \
    --output text

list-sgs = ec2 describe-security-groups --query "SecurityGroups[].[GroupId, GroupName]" --output text

sg-rules = !f() { aws ec2 describe-security-groups \
    --query "SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,join(',',IpRanges[].CidrIp)]" \
    --group-id "$1" --output text; }; f

tostring =
  !f() {
    jp -f "${1}" 'to_string(@)'
  }; f

tostring-with-jq =
  !f() {
    cat "${1}" | jq 'tostring'
  }; f

authorize-my-ip =
  !f() {
    ip=$(aws myip)
    aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
  }; f

get-group-id =
  !f() {
    aws ec2 describe-security-groups --filters Name=group-name,Values=${1} --query SecurityGroups[0].GroupId --output text
  }; f

authorize-my-ip-by-name =
  !f() {
    group_id=$(aws get-group-id "${1}")
    aws authorize-my-ip "$group_id"
  }; f

# list all security group port ranges open to 0.0.0.0/0
public-ports = ec2 describe-security-groups \
  --filters Name=ip-permission.cidr,Values=0.0.0.0/0 \
  --query 'SecurityGroups[].{
    GroupName:GroupName,
    GroupId:GroupId,
    PortRanges:
      IpPermissions[?contains(IpRanges[].CidrIp, `0.0.0.0/0`)].[
        join(`:`, [IpProtocol, join(`-`, [to_string(FromPort), to_string(ToPort)])])
      ][]
  }'

# List or set your region
region = !f() { [[ $# -eq 1 ]] && aws configure set region "$1" || aws configure get region; }; f

find-access-key = !f() {
    clear_to_eol=$(tput el)
    for i in $(aws iam list-users --query "Users[].UserName" --output text); do
      printf "\r%sSearching...$i" "${clear_to_eol}"
      result=$(aws iam list-access-keys --output text --user-name "${i}" --query "AccessKeyMetadata[?AccessKeyId=='${1}'].UserName";)
      if [ -n "${result}" ]; then
         printf "\r%s%s is owned by %s.\n" "${lear_to_eol}" "$1" "${result}"
         break
      fi
    done
    if [ -z "${result}" ]; then
      printf "\r%sKey not found." "${clear_to_eol}"
    fi
  }; f

docker-ecr-login =
  !f() {
    region=$(aws configure get region)
    endpoint=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].proxyEndpoint)
    passwd=$(aws ecr get-authorization-token --region $region --output text --query authorizationData[].authorizationToken | base64 --decode | cut -d: -f2)
    docker login -u AWS -p $passwd $endpoint
  }; f

myip =
  !f() {
    dig +short myip.opendns.com @resolver1.opendns.com
  }; f

allow-my-ip =
  !f() {
    my_ip=$(aws myip)
    aws ec2 authorize-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
  }; f

revoke-my-ip =
  !f() {
    my_ip=$(aws myip)
    aws ec2 revoke-security-group-ingress --group-name ${1} --protocol ${2} --port ${3} --cidr $my_ip/32
  }; f

allow-my-ip-all =
  !f() {
    aws allow-my-ip ${1} all all
  }; f

revoke-my-ip-all =
  !f() {
    aws revoke-my-ip ${1} all all
  }; f