Upload Server Certificate

aws iam upload-server-certificate --server-certificate-name example.com \
  --certificate-body=file://example.com.crt \
  --private-key file://example.com.key


name id
canonical 099720109477
rhel 309956199498
fedora 125523088429

Install CLI

pip install awscli --upgrade --user # make sure to add $HOME/.local/bin to your path!

List Ubuntu Images

aws ec2 describe-images --owners 099720109477 \
  --filters 'Name=name,Values=ubuntu/images/hvm/ubuntu-*-14.04-amd64-*' \
| jq -c -r '.Images[] | {name: .Name, id: .ImageId }' \
| sort -r | less

List own Images

aws ec2 describe-images --owner=self --region eu-central-1 \
| jq -r -c '.Images[] | {id:.ImageId, state:.State, Name:.Name}'

List Instances

aws ec2 describe-instances | jq -c -r '.Reservations[] | .Instances[] | { id: .InstanceId, name: .Tags[] | select(.Key == "Name") | .Value, state: .State.Name, ip: .PublicIpAddress }'

Create Tags

aws ec2 create-tags --resources i-b280590e --tags Key=Name,Value=gm

S3 Storage Classes


EC2 Metadata Address

Security Credentials


Instance ID


Upload asset with public read

aws s3 cp --acl public-read

Run instances

aws ec2 run-instances --user-data $(echo $ud | base64) \
--image-id ami-e25e6cff --key-name tschwab \
--associate-public-ip-address --instance-type t2.small

Attached Policies

aws iam list-policies | jq -c -r '.Policies[] | select(.AttachmentCount != 0)'

List RDS instances with status

aws rds describe-db-instances  | jq '.DBInstances[] | {id: .DBInstanceIdentifier, version: .EngineVersion, class: .DBInstanceClass, status: .DBInstanceStatus, address: .Endpoint.Address}' -c -r

IAM list Users

aws iam list-users | jq -c -r '.Users[] | .UserName'

Volume Management

aws ec2 create-volume --availability-zone eu-west-1a --size 100 --volume-type gp2

# wait for volume to be available
aws ec2 describe-volumes --volume-id=$vol_id

aws ec2 attach-volume --volume-id=$vol_id --instance-id=i-8eaade05 --device /dev/xvdb
# wair for volume to be available

DB Versions

aws rds describe-db-engine-versions | jq '.DBEngineVersions[] | .' -c -r | grep mysql | jq '.EngineVersion' -c -r | sort

S3 Reverse

"%08x" % ((Time.at(0) + 0xffffffff) - Time.now).to_i

List SSL Certificate of load balancers

aws elb describe-load-balancers | jq '.LoadBalancerDescriptions[] | {name: .LoadBalancerName, cert: .ListenerDescriptions[] | .Listener | select(.LoadBalancerPort = 443) | .SSLCertificateId} | select(.cert != null)' -c -r

Register instances with load balancer by instance name

aws elb register-instances-with-load-balancer \
--load-balancer-name phraseapp-k8s-v2 \
--instances "[$(aws ec2 describe-instances | jq '.Reservations[] | .Instances[] | { InstanceId: .InstanceId, name: .Tags[] | select(.Key == "Name") | .Value} | select(.name == "k8s-minion") | {InstanceId}' -c -r | paste -sd ,)]"


Owner: 125523088429
Pattern: Fedora-Cloud-Base-25-*HVM-gp2-0

aws ec2 describe-images --owner 125523088429 \
--region eu-central-1 \
--filters 'Name=name,Values=Fedora-Cloud-Base-25*HVM*gp2*' \
| jq '.Images[] | {CreationDate,ImageId,Name}' -c -r | sort

Follow cloud-config

journalctl -u cloud-final -f

update hostname

sed -s "s/^*/ localhost $(ec2metadata --instance-id)/g" -i /etc/hosts
ec2metadata --instance-id > /etc/hostname
hostname -F /etc/hostname