version: '3' tasks: subshell: desc: invoke a subshell w/ correct AWS variables set cmds: - cmd: | eval `okta-aws-cli web`; AWS_ENVIRONMENT="$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')" zsh - cmd: rm -f {{ .USER_WORKING_DIR }}/.session-env logout: desc: Invalidate the OKTA credential cmd: rm -f ${HOME}/.okta/awscli-access-token.json preconditions: - test -f ${HOME}/.okta/awscli-access-token.json list-secrets: desc: List all secrets cmd: | aws secretsmanager list-secrets | jq '[.SecretList[] | {"name" :.Name, "arn": .ARN, "desc": .Description}]' get-secret: desc: Get a secret - supply the name the secret as arg1 cmd: | aws secretsmanager get-secret-value --secret-id {{.CLI_ARGS}} --query SecretString --output text list-load-balancers: desc: List all load balancers cmd: aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerArn' list-listeners: desc: List all listners for a load balancer - supply the load balancer ARN as arg1 cmd: | aws elbv2 describe-listeners --load-balancer-arn {{.CLI_ARGS}} | jq -r '.Listeners[].ListenerArn' get-rules: desc: get rules - supply listener ARN as arg1 cmd: | aws elbv2 describe-rules --listener-arn {{.CLI_ARGS}} | gron |grep HostHeaderConfig.Values |grep -v '];' # get-policy: # desc: return the latest version of the specified policy # cmd: | # vars: # POLICY_NAME: # POLICY_ID: list-clusters: desc: list EKS clusters cmd: aws eks list-clusters | jq -r '.clusters[]' kubeconfig: desc: update kubeconfig for the given name cmd: aws eks update-kubeconfig --name {{.CLI_ARGS}} infer-kubeconfig: desc: infer kubeconfig based on ETS SRE conventions # cmd: aws eks update-kubeconfig --name {{.CLI_ARGS}} cmd: aws eks update-kubeconfig --name {{.CLUSTER_NAME}} vars: CLUSTER_NAME: sh: aws eks list-clusters | jq -r '.clusters[0]' connect-alloy-pod: desc: run a shell on an alloy pod cmd: kubectl exec -it alloy-6qflx --namespace grafana -- /bin/bash forward-alloy-pod: desc: port forward an alloy pod cmd: kubectl port-forward alloy-6qflx --address 0.0.0.0 12345:12345 --namespace grafana infer-alb-hosts: desc: infer hostnames supported by an ALB based on ETS SRE conventions silent: true cmd: | #!/bin/sh set -o errexit set -o pipefail alb_arn=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerArn' | grep awsingress) listener_arn=$(aws elbv2 describe-listeners --load-balancer-arn $alb_arn | jq -r '.Listeners[].ListenerArn') aws elbv2 describe-rules --listener-arn "$listener_arn" | gron | grep 'HostHeaderConfig.Values\[' | perl -nE 'say $1 if m/"(.+)"/' get-spacelift-runs: desc: return a list of all spacelift runs in the last 4 hours cmd: | aws cloudtrail lookup-events \ --lookup-attributes AttributeKey=EventName,AttributeValue=AssumeRoleWithWebIdentity \ --start-time "$(date -u -d '-240 minutes' '+%Y-%m-%dT%H:%M:%SZ')" \ --end-time "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ | jq -r '.Events[] | select(.Resources[].ResourceName | endswith(":role/spacelift")) | .Resources[] | select(.ResourceType == "AWS::STS::AssumedRole" and (.ResourceName | type == "string" and startswith("spacelift-run"))) | .ResourceName' get-spacelift-run: desc: get all events for a specific spacelift RUN id which occured in the last 24 hours cmd: | aws cloudtrail lookup-events \ --lookup-attributes AttributeKey=Username,AttributeValue=spacelift-run-{{ .RUN }} \ --start-time "$(date -u -d '-24 hours' '+%Y-%m-%dT%H:%M:%SZ')" \ --end-time "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ | jq '[.Events[] | .CloudTrailEvent | fromjson]' requires: vars: [RUN] # RUN like 01JCDYYWMQGA3R2XQWH6ZM2HZN get-userdata: desc: list userdata for an ec2 intance -- supply the instance ID as CLI args cmd: | aws ec2 describe-instance-attribute --instance-id {{.CLI_ARGS}} --attribute userData --output text --query "UserData.Value" | base64 --decode list-vpcs: desc: list vpc's and their cidr block cmd: | aws ec2 describe-vpcs --query 'Vpcs[*].{VpcId:VpcId,Name:Tags[?Key==`Name`].Value|[0],CidrBlock:CidrBlock}' --output text