AWS

Link  Git Repo AWS Scripts with Boto3

AWS CLI Shortcuts

Certificates	Security Group	S3 Bucket	MFA and Authentication
Disks	DNS - Route53

Certificates
Upload a certificate
aws iam upload-server-certificate --server-certificate-name vettom-wildcard-20160516    \
--certificate-body file://content.digital4danone.com.X509.txt    \
--private-key file://content.digital4danone.com.key    \
--certificate-chain file://cert-chain.cer    \
--path /cloudfront/stage/

Listing Certificates in IAM 
#aws iam list-server-certificates —profile=$PROFILE | awk '{ print $3 "\t" $6 }' | sort 

Delete Certificate from IAM
#aws iam delete-server-certificate —profile=$PROFILE \
 --server-certificate-name “Name of Certificate"


Security Group
Add Rule to Security Group.
aws ec2 authorize-security-group-ingress --group-id $SGID --protocol tcp \
 --port 80 --cidr 86.159.30.122/32

List All IP in Sg
aws ec2 describe-security-groups --group-id sg-56f3ec32  \
 --filters "Name=ip-permission.to-port,Values=4502"

S3 Bucket
Calculate S3 size 
aws s3 --region eu-central-1 ls s3://vettom --recursive --human-readable --summarize 

MFA and Authentication
List MFA Device
Note: Have to list all and grep it
aws iam list-virtual-mfa-devices | grep -i user

Delete MFA device. Virtual MFA is different from MFA
aws iam delete-virtual-mfa-device --serial-number 

Disks

Copy Snapshot to another REGION
aws ec2 copy-snapshot \
    --region ap-southeast-1 \
    --source-region eu-west-1 \
    --source-snapshot-id snap-056a9e1b3a45d3e7 \
    --description "Copy of stage65-publish1euwest1 snapshot."

Sharing snapshot with another account
aws ec2 modify-snapshot-attribute --snapshot-id $SNAP \
--attribute createVolumePermission --user-ids $ACCOUNTID \
--operation-type add

Display Snapshot permissions
aws ec2 describe-snapshot-attribute --snapshot-id $SNAP --attribute createVolumePermission
DNS - Route53
List all DNS Record in ZoneID
#aws route53 list-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --output=json



IAM
Add a new user and set password
#aws iam create-user --profile=default --user-name $USER  --tags Key="USER ORG",Value="Company"
#aws iam create-login-profile  --profile=default  --user-name $USER --password "$PASS"  --no-password-reset-required 

Add user to group
aws iam add-user-to-group  --profile=default --user-name $USER --group-name GROUP 

How to check if a specific IP is whitelisted or not.

Python + Boto3 Script for ELB/ALB : https://github.com/vettom/Aws-Boto3/blob/master/lb-whitelistcheck.py

Python + Boto3 Script for EC2  : https://github.com/vettom/Aws-Boto3/blob/master/ec2-whitelistcheck.py

Script requires Python 3 with Boto3, Argparse, netaddr modules. AWS credential file.