README
¶
AWS tools
Collection of tools to make working with AWS a bit easier without having to depend on awscli and python.
List of tools
| Tool | Overview |
|---|---|
| aws-dump | Dumps (a subset of) AWS resources metadata to JSON and optionally check if they are in terraform state. |
| iam-session | Creates new IAM session with role assumption and MFA support. |
| iam-public-keys | Returns the public SSH keys of an IAM user. |
| iam-auth-proxy | Use IAM as identity provider for services. |
| iam-sync-users | Create Linux users from IAM |
| cloudwatch-put-metric-data | Basic sending a metric value to cloudwatch |
| ec2-describe-instances | Describe EC2 instances by id or filter |
| ec2-ip-from-name | Given an EC2 name, list up to -max-results IPs associated with instances with that name |
| ecr-get-login | Prints out the command to run to auth with docker ECR. Check output flag for other options |
| ecs-dashboard | Shows ECS services and their version across multiple AWS accounts. |
| ecs-locate | Returns ip:port for containers of an ECS service |
| ecs-deploy | Update the container images of a task and update services to use it |
| ecs-run-task | Runs a task definition |
elb-resolve-elb-external-url |
ELB classic only (no ALB). Given a name returns the zone53 record associated with the ELB, including scheme (https returned if both available) and port. |
elb-resolve-alb-external-url |
Both ELB classic and ALB. Given a name, returns route53 record associated with the ELB. Does not include scheme or port as it doesn't check listeners. |
lambda-ping |
Pings a URL with lambda and publish a custom cloudwatch metric with the result. |
s3-download |
Download a single file from s3. |
| kms-env | Decrypts environment variables from SSM, KMS or Secret Manager and runs a command. |
Authentication
Every tool supports the standard AWS authentication as well as sts sessions with the following options
--region: Choose the aws-region to use--assume-role-arn: Assume the role before running. This is useful for cross account access.--mfa-serial-number: The new session will have its 2FA flag set.--mfa-token-code: The token code to use when using--mfa-serial-number. If not provided the tool will prompt for it.
Releases
The releases are only available for linux amd64 at the moment.
Checking release signatures
Download the signature from the release and use GPG to verify it
#!/usr/bin/env bash
version=5.0
wget https://github.com/hamstah/awstools/releases/download/v${version}/ec2-ip-from-name
wget https://github.com/hamstah/awstools/releases/download/v${version}/ec2-ip-from-name.asc
gpg --verify ec2-ip-from-name.asc ec2-ip-from-name
The signing key is
Primary key fingerprint: 5FC5 40A9 A2F2 B87B 9C49 3D9E 7D40 F516 7D5C 7058
Checking the sha256 of binaries
- Get the
SHA256SUMSfiles#!/usr/bin/env bash version=5.0 wget https://github.com/hamstah/awstools/releases/download/v${version}/SHA256SUMS wget https://github.com/hamstah/awstools/releases/download/v${version}/SHA256SUMS.asc gpg --verify SHA256SUMS.asc SHA256SUMS - Check the sha256 of downloaded binaries
find . -type f ! -name "*.asc" ! -name SHA256SUMS | xargs -Ifile grep file SHA256SUMS | sha256sum --check
Directories
¶
| Path | Synopsis |
|---|---|
|
aws
|
|
|
dump
command
|
|
|
cloudwatch
|
|
|
put-metric-data
command
|
|
|
ec2
|
|
|
describe-instances
command
|
|
|
ip-from-name
command
|
|
|
ecr
|
|
|
get-login
command
|
|
|
ecs
|
|
|
dashboard
command
|
|
|
deploy
command
|
|
|
locate
command
|
|
|
run-task
command
|
|
|
elb
|
|
|
resolve-alb-external-url
command
|
|
|
resolve-elb-external-url
command
|
|
|
iam
|
|
|
auth-proxy
command
|
|
|
public-ssh-keys
command
|
|
|
session
command
|
|
|
sync-users
command
|
|
|
request-ssh-key-signature
module
|
|
|
kms
|
|
|
env
command
|
|
|
lambda
|
|
|
ping
command
|
|
|
sign-ssh-key
module
|
|
|
s3
|
|
|
download
command
|
Click to show internal directories.
Click to hide internal directories.