stephanfuchs · June 10, 2024 07:06
diff --git a/awscli_jq_tricks.sh b/awscli_jq_tricks.sh
 #List EC2 AMI's group by ID and TagName handling with null values
 aws ec2 describe-images --owners <owner-id> --region sa-east-1 | jq '.Images[] | [.ImageId,.Tags[]?.Value] | join(";")'

 #List EC2 Instances group by Tag Name and InstanceType
 aws ec2 describe-instances --region sa-east-1 | jq '.Reservations[].Instances[] | [.InstanceType,.Tags[].Value] | join(";")'

 #List EC2 Snapshots
 aws ec2 describe-snapshots --region <the-region> --owner-id <123456789> | jq -r '.Snapshots[] | [.SnapshotId,.Description] | join(" ")' | sort

 #List ECS Clusters by Name
 aws ecs list-clusters --region <region> | jq -r '.clusterArns[]' | cut -d/ -f2

 #List ECS List ServiceNames by Cluster
 aws ecs list-services --cluster <cluster-name> --region sa-east-1 | jq -r '.serviceArns[]' | cut -d/ -f3

 #List EventBridge Event Buses
 aws events list-event-buses --region <region> | jq -r '.EventBuses[].Name'

 #List EventBridge Rules
 aws events list-rules --region us-east-1 | jq -r '.Rules[].Name'

 #List IAM Policies Custom Managed
 aws iam list-policies --scope Local | jq -r '.Policies[] | .PolicyName'

 #List IAM Roles
 aws iam list-roles | jq -r '.Roles[] | .RoleName'

 #List IAM Users
 aws iam list-users | jq -r '.Users[] | .UserName'

 #List Lambda Function by Name
 aws lambda list-functions --region sa-east-1 | jq -r '.Functions[] | .FunctionName'

 #Listing RDS Instances group by Name and InstanceType
 aws rds describe-db-instances --region sa-east-1 | jq -r '.DBInstances[]|[.DBInstanceIdentifier,.DBInstanceClass] | join(";")'

 #List RDS Snapshots group by SnapshotIdentifier and InstanceIdentifier
 aws rds describe-db-snapshots --region sa-east-1 | jq '.DBSnapshots[] | [.DBSnapshotIdentifier,.DBInstanceIdentifier] | join (";")'

 #List Secrets Manager
 aws secretsmanager list-secrets | jq '.SecretList[]'

 #List SNS Subscription group by ARN and Endpoint
 aws sns list-subscriptions --region sa-east-1 | jq -r '.Subscriptions[] | [.SubscriptionArn,.Endpoint] | join(";")'

 #List SNS Topic group by Name
 ws sns list-subscriptions --region sa-east-1 | jq -r '.Subscriptions[].TopicArn'  | cut -d: -f6 | sort


 #List SQS Queues group by Name
 aws sqs list-queues --region sa-east-1 | jq -r '.QueueUrls[]' | cut -d/ -f5


 #List Load Balancers Classic group by LBName and DNSName
 aws elb describe-load-balancers --region sa-east-1 | jq -r '.LoadBalancerDescriptions[] | [.LoadBalancerName,.DNSName] | join(";")

 #List Load Balancers V2 (NBL, ALB)
 aws elbv2 describe-load-balancers --region <region> | jq -r '.LoadBalancers[]| [.LoadBalancerName,.Type] | join(";")'

 #List API Gateways by Name
 aws apigateway get-rest-apis --region sa-east-1 | jq -r '.items[].name'

 #List / Describe AWS Regions group by RegionName
 aws ec2 describe-regions --region us-east-1 | jq -r '.Regions[].RegionName'

 #List DyamoDB Table Names
 aws dynamodb list-tables --region sa-east-1 | jq -r '.TableNames[]' | sort

 #List Elasticache Clusters
 aws elasticache describe-cache-clusters --region sa-east-1 | jq -r '.CacheClusters[].CacheClusterId' | sort

 #List EC2 Volumes group by TagsName, VolumeId and InstanceId
 aws ec2 describe-volumes --region sa-east-1 | jq '.Volumes[] | {Name:.Tags[]?.Value,Specs:([.Attachments[].VolumeId,.Attachments[].InstanceId] | join(";"))} | join(";")'

 #List Parameters Store by Name
 aws ssm describe-parameters | jq -r ".Parameters[] | .Name" 

 #List S3 Buckets showing only Name
 aws s3 ls | awk '{for(i=3;i<=NF;++i)print $i}'

 #List Transit Gateways by TagName
 aws ec2 describe-transit-gateways --region sa-east-1 | jq -r .'TransitGateways[] | .Tags[]?.Value'

 #List VPC's by name
 aws ec2 describe-vpcs --region us-east-1 | jq -r '.Vpcs[].Tags[] | select(.Key == "Name") | .Value'

 #Empty and Delete Bucket S3
 BUCKET=<bucket> ; echo $BUCKET ; aws s3 rm s3://${BUCKET} --recursive --profile dev && aws s3api delete-bucket --bucket ${BUCKET} ; echo $?

 #Delete CloudFormation Stacks
 for i in $(aws cloudformation list-stacks |jq -r '.StackSummaries[] | {StackName} | join(" ")')
 do echo aws cloudformation delete-stack --stack-name $i #remove echo to delete
 done

 #Get Buckets s3 and concatenating it with its policy
 for x in $(aws s3 ls | awk '{for(i=3;i<=NF;++i)print $i}') 
 do 
  echo aws s3api get-bucket-policy-status --bucket $x
 done

 #Get ECS Services group by ServiceName
 aws ecs describe-services --cluster <cluster-name --service <service-name> --region sa-east-1 | jq -r '.services[] | [.serviceName,.desiredCount,.runningCount] | join(",")'

 #Get Lambda Functions and Policy from them
 for x in $(aws lambda list-functions --region sa-east-1 | jq -r '.Functions[].FunctionName')
 do
  echo aws lambda get-policy --region sa-east-1 --function-name $x
 done

 #Get Logs filtered by Lambdas log-group
 aws logs describe-log-groups | jq -r '.logGroups[].logGroupName' | egrep -e /aws/lambda

 #Get Logs from Lambdas concatenating LogroupName + Last Log Stream of them
 #!/bin/bash

 # LOG_GROUP=$(aws logs describe-log-groups --region sa-east-1 | jq -r '.logGroups[].logGroupName' | egrep -e /aws/lambda | sort)
 # LOG_STREAM=" "

 # for x in $LOG_GROUP 
 # do
 #   LOG_STREAM="$LOG_STREAM$(aws logs describe-log-streams --log-group-name $x --max-items 1 --order-by LastEventTime --descending | jq -r '.logStreams[].logStreamName')"
 # done

 # read $LOG_GROUP $LOG_STREAM
 # R="$LOG_GROUP ; $LOG_STREAM"
 # echo $R

 LOG_GROUP=$(aws logs describe-log-groups --region sa-east-1| jq -r '.logGroups[].logGroupName' | egrep -e /aws/lambda | sort)

 for x in $LOG_GROUP 
 do
  echo "$x;$(aws logs describe-log-streams --log-group-name $x --max-items 1 --order-by LastEventTime --descending | jq -r '.logStreams[].logStreamName')"
 done

 #Get SQS Queue Name
 aws sqs list-queue-tags --region sa-east-1 --queue-url <queue-url>| jq -r '.Tags.Name'

 # Validate if all SNS Topics are encrypted with KMS
 for x in $(aws sns list-subscriptions --profile dev| jq -r '.Subscriptions[].TopicArn' | sort) 
 do
    echo $(aws sns get-topic-attributes --topic-arn $x --profile dev | jq -r '.Attributes | [.TopicArn,.KmsMasterKeyId] | join(" -> ")')
 done

 # Enable encrypt for SQS Queues previously created
 for x in $(aws sqs list-queues --profile prd --region us-east-1 | jq -r ".QueueUrls[]")                                                                                                  ─╯
 do
    aws sqs set-queue-attributes --queue-url $x --attributes '{"KmsMasterKeyId":"....","KmsDataKeyReusePeriodSeconds":"300"}' --profile prd --region us-east-1
 done
	#List EC2 AMI's group by ID and TagName handling with null values
	aws ec2 describe-images --owners <owner-id> --region sa-east-1 \| jq '.Images[] \| [.ImageId,.Tags[]?.Value] \| join(";")'

	#List EC2 Instances group by Tag Name and InstanceType
	aws ec2 describe-instances --region sa-east-1 \| jq '.Reservations[].Instances[] \| [.InstanceType,.Tags[].Value] \| join(";")'

	#List EC2 Snapshots
	aws ec2 describe-snapshots --region <the-region> --owner-id <123456789> \| jq -r '.Snapshots[] \| [.SnapshotId,.Description] \| join(" ")' \| sort

	#List ECS Clusters by Name
	aws ecs list-clusters --region <region> \| jq -r '.clusterArns[]' \| cut -d/ -f2

	#List ECS List ServiceNames by Cluster
	aws ecs list-services --cluster <cluster-name> --region sa-east-1 \| jq -r '.serviceArns[]' \| cut -d/ -f3

	#List EventBridge Event Buses
	aws events list-event-buses --region <region> \| jq -r '.EventBuses[].Name'

	#List EventBridge Rules
	aws events list-rules --region us-east-1 \| jq -r '.Rules[].Name'

	#List IAM Policies Custom Managed
	aws iam list-policies --scope Local \| jq -r '.Policies[] \| .PolicyName'

	#List IAM Roles
	aws iam list-roles \| jq -r '.Roles[] \| .RoleName'

	#List IAM Users
	aws iam list-users \| jq -r '.Users[] \| .UserName'

	#List Lambda Function by Name
	aws lambda list-functions --region sa-east-1 \| jq -r '.Functions[] \| .FunctionName'

	#Listing RDS Instances group by Name and InstanceType
	aws rds describe-db-instances --region sa-east-1 \| jq -r '.DBInstances[]\|[.DBInstanceIdentifier,.DBInstanceClass] \| join(";")'

	#List RDS Snapshots group by SnapshotIdentifier and InstanceIdentifier
	aws rds describe-db-snapshots --region sa-east-1 \| jq '.DBSnapshots[] \| [.DBSnapshotIdentifier,.DBInstanceIdentifier] \| join (";")'

	#List Secrets Manager
	aws secretsmanager list-secrets \| jq '.SecretList[]'

	#List SNS Subscription group by ARN and Endpoint
	aws sns list-subscriptions --region sa-east-1 \| jq -r '.Subscriptions[] \| [.SubscriptionArn,.Endpoint] \| join(";")'

	#List SNS Topic group by Name
	ws sns list-subscriptions --region sa-east-1 \| jq -r '.Subscriptions[].TopicArn' \| cut -d: -f6 \| sort


	#List SQS Queues group by Name
	aws sqs list-queues --region sa-east-1 \| jq -r '.QueueUrls[]' \| cut -d/ -f5


	#List Load Balancers Classic group by LBName and DNSName
	aws elb describe-load-balancers --region sa-east-1 \| jq -r '.LoadBalancerDescriptions[] \| [.LoadBalancerName,.DNSName] \| join(";")

	#List Load Balancers V2 (NBL, ALB)
	aws elbv2 describe-load-balancers --region <region> \| jq -r '.LoadBalancers[]\| [.LoadBalancerName,.Type] \| join(";")'

	#List API Gateways by Name
	aws apigateway get-rest-apis --region sa-east-1 \| jq -r '.items[].name'

	#List / Describe AWS Regions group by RegionName
	aws ec2 describe-regions --region us-east-1 \| jq -r '.Regions[].RegionName'

	#List DyamoDB Table Names
	aws dynamodb list-tables --region sa-east-1 \| jq -r '.TableNames[]' \| sort

	#List Elasticache Clusters
	aws elasticache describe-cache-clusters --region sa-east-1 \| jq -r '.CacheClusters[].CacheClusterId' \| sort

	#List EC2 Volumes group by TagsName, VolumeId and InstanceId
	aws ec2 describe-volumes --region sa-east-1 \| jq '.Volumes[] \| {Name:.Tags[]?.Value,Specs:([.Attachments[].VolumeId,.Attachments[].InstanceId] \| join(";"))} \| join(";")'

	#List Parameters Store by Name
	aws ssm describe-parameters \| jq -r ".Parameters[] \| .Name"

	#List S3 Buckets showing only Name
	aws s3 ls \| awk '{for(i=3;i<=NF;++i)print $i}'

	#List Transit Gateways by TagName
	aws ec2 describe-transit-gateways --region sa-east-1 \| jq -r .'TransitGateways[] \| .Tags[]?.Value'

	#List VPC's by name
	aws ec2 describe-vpcs --region us-east-1 \| jq -r '.Vpcs[].Tags[] \| select(.Key == "Name") \| .Value'

	#Empty and Delete Bucket S3
	BUCKET=<bucket> ; echo $BUCKET ; aws s3 rm s3://${BUCKET} --recursive --profile dev && aws s3api delete-bucket --bucket ${BUCKET} ; echo $?

	#Delete CloudFormation Stacks
	for i in $(aws cloudformation list-stacks \|jq -r '.StackSummaries[] \| {StackName} \| join(" ")')
	do echo aws cloudformation delete-stack --stack-name $i #remove echo to delete
	done

	#Get Buckets s3 and concatenating it with its policy
	for x in $(aws s3 ls \| awk '{for(i=3;i<=NF;++i)print $i}')
	do
	echo aws s3api get-bucket-policy-status --bucket $x
	done

	#Get ECS Services group by ServiceName
	aws ecs describe-services --cluster <cluster-name --service <service-name> --region sa-east-1 \| jq -r '.services[] \| [.serviceName,.desiredCount,.runningCount] \| join(",")'

	#Get Lambda Functions and Policy from them
	for x in $(aws lambda list-functions --region sa-east-1 \| jq -r '.Functions[].FunctionName')
	do
	echo aws lambda get-policy --region sa-east-1 --function-name $x
	done

	#Get Logs filtered by Lambdas log-group
	aws logs describe-log-groups \| jq -r '.logGroups[].logGroupName' \| egrep -e /aws/lambda

	#Get Logs from Lambdas concatenating LogroupName + Last Log Stream of them
	#!/bin/bash

	# LOG_GROUP=$(aws logs describe-log-groups --region sa-east-1 \| jq -r '.logGroups[].logGroupName' \| egrep -e /aws/lambda \| sort)
	# LOG_STREAM=" "

	# for x in $LOG_GROUP
	# do
	# LOG_STREAM="$LOG_STREAM$(aws logs describe-log-streams --log-group-name $x --max-items 1 --order-by LastEventTime --descending \| jq -r '.logStreams[].logStreamName')"
	# done

	# read $LOG_GROUP $LOG_STREAM
	# R="$LOG_GROUP ; $LOG_STREAM"
	# echo $R

	LOG_GROUP=$(aws logs describe-log-groups --region sa-east-1\| jq -r '.logGroups[].logGroupName' \| egrep -e /aws/lambda \| sort)

	for x in $LOG_GROUP
	do
	echo "$x;$(aws logs describe-log-streams --log-group-name $x --max-items 1 --order-by LastEventTime --descending \| jq -r '.logStreams[].logStreamName')"
	done

	#Get SQS Queue Name
	aws sqs list-queue-tags --region sa-east-1 --queue-url <queue-url>\| jq -r '.Tags.Name'

	# Validate if all SNS Topics are encrypted with KMS
	for x in $(aws sns list-subscriptions --profile dev\| jq -r '.Subscriptions[].TopicArn' \| sort)
	do
	echo $(aws sns get-topic-attributes --topic-arn $x --profile dev \| jq -r '.Attributes \| [.TopicArn,.KmsMasterKeyId] \| join(" -> ")')
	done

	# Enable encrypt for SQS Queues previously created
	for x in $(aws sqs list-queues --profile prd --region us-east-1 \| jq -r ".QueueUrls[]") ─╯
	do
	aws sqs set-queue-attributes --queue-url $x --attributes '{"KmsMasterKeyId":"....","KmsDataKeyReusePeriodSeconds":"300"}' --profile prd --region us-east-1
	done