use SSM to start a port forwarded RDP session (only when SSM is installed and running)
aws ssm start-session --target <instance_id> --document-name AWS-StartPortForwardingSession --parameters "portNumber=3389, localPortNumber=9000" --profile profile_name
Get all running VM’s instance id’s, names and IP addresses
aws ec2 describe-instances --filter "Name=instance-state-name,Values=running" --query 'Reservations[].Instances[].[InstanceId,PrivateIpAddress,Tags[?Key==`Name`].Value|[0]]' --output text --profile profile_name
Get all VM’s OS type (ONLY SSM Managed instances)
aws ssm describe-instance-information --query 'InstanceInformationList[*].[InstanceId,PlatformType,PlatformName, IPAddress,Tags[?Key==`Name`].Value|[0]]' --output text --profile profile_name
List all available volumes and show the “Name” tag
aws ec2 describe-volumes --region eu-west-1 --filter Name=status,Values=available --query "Volumes[*].{ID:VolumeId,date:CreateTime,Name:Tags[?Key=='Name'].Value}" --output text
GP3 commands
Search
aws ec2 describe-volumes --query 'Volumes[?VolumeType==`gp2`].[VolumeId, VolumeType]' --output text
Change
aws ec2 modify-volume --volume-type gp3 --volume-id <volume_id> --profile Adur-Worthing-Live --region eu-west-1
Monitor
aws ec2 describe-volumes-modifications --filters Name=modification-state,Values="optimizing","completed" --query "VolumesModifications[?StartTime>='2021-04-09'].{ID:VolumeId,STATE:ModificationState}" --profile profile_name --region eu-west-1 --output table
SSM Agent Version Installed
aws ssm describe-instance-information --output table --query 'InstanceInformationList[*].{InstanceId:InstanceId,PlatformType:PlatformType,PlatformName:PlatformName,ComputerName:ComputerName,AgentVersion:AgentVersion,IsLatestVersion:IsLatestVersion,PingStatus:PingStatus}' --region eu-west-1 --profile profile_name
translate within AWS
aws translate translate-text --text "Hello, good morning" --source-language-code=en --target-language=de --profile profile_name
S3 copy bucket locally
aws s3 cp s3://bucket_name/ ./ --recursive
create Code Commit repo
aws codecommit create-repository --repository-name repo-${ACCOUNT_ID} --profile profile_name
Password Policy change
aws iam get-account-password-policy --profile profile_name
default password policy to use
aws iam update-account-password-policy --minimum-password-length 12 --require-numbers --require-symbols --require-uppercase-characters --require-lowercase-characters --allow-users-to-change-password --password-reuse-prevention 12 --max-password-age 60 --profile profile_name
reset to default as a backout plan
aws iam update-account-password-policy --minimum-password-length 8 --no-require-symbols --no-require-numbers --no-require-uppercase-characters --no-require-lowercase-characters --no-allow-users-to-change-password --password-reuse-prevention 0 --max-password-age 60 --profile profile_name
aws iam get-account-password-policy --profile profile_name
Modify Map Public IP on launch commands
aws ec2 describe-subnets --query 'Subnets[?MapPublicIpOnLaunch==`true`].[SubnetId]' --region eu-west-1 --output text --profile profile_name
aws ec2 describe-subnets --query 'Subnets[?MapPublicIpOnLaunch==`true`].[SubnetId]' --region eu-west-2 --output text --profile profile_name
aws ec2 modify-subnet-attribute --no-map-public-ip-on-launch --subnet-id <subnet_id> --profile profile_name --region eu-west-1
SNS topics list without encryption
aws sns list-topics --output text --profile profile_name --region ap-northeast-1
aws sns set-topic-attributes --topic-arn <topic_arn> --attribute-name KmsMasterKeyId --attribute-value "alias/aws/sns" --profile profile_name --region ap-northeast-1
aws sns set-topic-attributes --topic-arn <topic_arn> --attribute-name KmsMasterKeyId --attribute-value "alias/aws/sns" --profile profile_name --region ap-northeast-1