Skip to content

Instantly share code, notes, and snippets.

@GeeksikhSecurity

GeeksikhSecurity/awscli-cheatsheet.md

Forked from davidmoremad/awscli-cheatsheet.md
Created October 12, 2022 02:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save GeeksikhSecurity/220509694368d1027c64c606769dad92 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save GeeksikhSecurity/220509694368d1027c64c606769dad92 to your computer and use it in GitHub Desktop.
Download ZIP
The AWS CLI Cheatsheet
Raw
aws-cheatsheet.md

AWS CLI

Function Command
Install awscli pip3 install awscli --upgrade --user
Configuring awscli aws configure

EC2

UTIL - List all instances

aws ec2 describe-instances

UTIL - List specific fields of all instances

aws ec2 describe-instances \
    --query "Reservations[].Instances[].[InstanceId, PublicIpAddress, Tags[?Key=='Name']|[0].Value]"

UTIL - List all instances of a product

aws ec2 describe-instances \
    --filter "Name=tag:Name,Values=latch*" \
    --query "Reservations[].Instances[].[InstanceId, PublicIpAddress, Tags[?Key=='Name']|[0].Value]"

UTIL - List all stopped instances

aws ec2 describe-instances \
    --filters Name=instance-state-name,Values=stopped

UTIL - List all stopped instances with ElasticIP

aws ec2 describe-instances \
    --query "Reservations[*].Instances[*].PublicIpAddress" \
    --filters Name=instance-state-name,Values=stopped

UTIL - List all snapshots in the date specified

aws ec2 describe-snapshots \
    --filters Name=start-time,Values=2019-01-05*

SEC - List all snapshots without encryption

aws ec2 describe-snapshots \
    --filters "Name=encrypted,Values=false"

SEC - List SecurityGroups with SSH open to Internet

aws ec2 describe-security-groups \
    --filters Name=ip-permission.from-port,Values=22 Name=ip-permission.to-port,Values=22 Name=ip-permission.cidr,Values='0.0.0.0/0'  \
    --query 'SecurityGroups[*].{Name:GroupName}' \
    --output table

IAM

UTIL - List certificates

aws iam list-server-certificates

UTIL - List policies

aws iam list-policies

UTIL - List policies attached to a group

aws iam list-attached-group-policies \
    --group-name ec2-Users

UTIL - List users of a group

aws iam get-group \
    --group-name ec2-users \
    --query "Users[]"

UTIL - List groups of a user

aws iam list-groups-for-user --user-name aws-admin2

SEC - Rotate Keys. Created date of an AccessKey

aws iam list-access-keys \
    --user-name aws-admin2 \
    --query 'AccessKeyMetadata[?Status=="Active"].[CreateDate]'

#### SEC - Check if user has MFA enabled

if [[ $(aws iam list-mfa-devices --user-name root --output text) ]]; then echo "MFA Enabled"; else echo "MFA Disabled";fi

S3

Util

Function Command
List all s3 buckets aws s3 ls

Security

Function Command
Check for public READ s3 buckets `aws s3api list-buckets --query 'Buckets[*].[Name]' --output text
Check for public WRITE s3 buckets `aws s3api list-buckets --query 'Buckets[*].[Name]' --output text
Check for public FULL_CONTROL s3 buckets `aws s3api list-buckets --query 'Buckets[*].[Name]' --output text

RDS

Security

Function Command
List Databases without DeletionProtection enabled `aws rds describe-db-instances --query 'DBInstances[*].[DBInstanceIdentifier]' --output text
List Public Databases aws rds describe-db-instances --query 'DBInstances[?PubliclyAccessible==true].[DBInstanceIdentifier,Endpoint.Address]'`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment