jswank/taskfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
taskfiles/cfa-taskfiles/aws.yml
Jason Swank 8700494b9b initial commit
2024-12-31 20:31:25 -05:00

100 lines
4.4 KiB
YAML
Raw Permalink Blame History

version: '3'
tasks:
subshell:
desc: invoke a subshell w/ correct AWS variables set
cmds:
- cmd: |
eval `okta-aws-cli web`; AWS_ENVIRONMENT="$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')" zsh
- cmd: rm -f {{ .USER_WORKING_DIR }}/.session-env
logout:
desc: Invalidate the OKTA credential
cmd: rm -f ${HOME}/.okta/awscli-access-token.json
preconditions:
- test -f ${HOME}/.okta/awscli-access-token.json
list-secrets:
desc: List all secrets
cmd: |
aws secretsmanager list-secrets | jq '[.SecretList[] | {"name" :.Name, "arn": .ARN, "desc": .Description}]'
get-secret:
desc: Get a secret - supply the name the secret as arg1
cmd: |
aws secretsmanager get-secret-value --secret-id {{.CLI_ARGS}} --query SecretString --output text
list-load-balancers:
desc: List all load balancers
cmd: aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerArn'
list-listeners:
desc: List all listners for a load balancer - supply the load balancer ARN as arg1
cmd: |
aws elbv2 describe-listeners --load-balancer-arn {{.CLI_ARGS}} | jq -r '.Listeners[].ListenerArn'
get-rules:
desc: get rules - supply listener ARN as arg1
cmd: |
aws elbv2 describe-rules --listener-arn {{.CLI_ARGS}} | gron |grep HostHeaderConfig.Values |grep -v '];'
# get-policy:
# desc: return the latest version of the specified policy
# cmd: |
# vars:
# POLICY_NAME:
# POLICY_ID:
list-clusters:
desc: list EKS clusters
cmd: aws eks list-clusters | jq -r '.clusters[]'
kubeconfig:
desc: update kubeconfig for the given name
cmd: aws eks update-kubeconfig --name {{.CLI_ARGS}}
infer-kubeconfig:
desc: infer kubeconfig based on ETS SRE conventions
# cmd: aws eks update-kubeconfig --name {{.CLI_ARGS}}
cmd: aws eks update-kubeconfig --name {{.CLUSTER_NAME}}
vars:
CLUSTER_NAME:
sh: aws eks list-clusters | jq -r '.clusters[0]'
connect-alloy-pod:
desc: run a shell on an alloy pod
cmd: kubectl exec -it alloy-6qflx --namespace grafana -- /bin/bash
forward-alloy-pod:
desc: port forward an alloy pod
cmd: kubectl port-forward alloy-6qflx --address 0.0.0.0 12345:12345 --namespace grafana
infer-alb-hosts:
desc: infer hostnames supported by an ALB based on ETS SRE conventions
silent: true
cmd: |
#!/bin/sh
set -o errexit
set -o pipefail
alb_arn=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[].LoadBalancerArn' | grep awsingress)
listener_arn=$(aws elbv2 describe-listeners --load-balancer-arn $alb_arn | jq -r '.Listeners[].ListenerArn')
aws elbv2 describe-rules --listener-arn "$listener_arn" | gron | grep 'HostHeaderConfig.Values\[' | perl -nE 'say $1 if m/"(.+)"/'
get-spacelift-runs:
desc: return a list of all spacelift runs in the last 4 hours
cmd: |
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=AssumeRoleWithWebIdentity \
--start-time "$(date -u -d '-240 minutes' '+%Y-%m-%dT%H:%M:%SZ')" \
--end-time "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \
| jq -r '.Events[]
| select(.Resources[].ResourceName
| endswith(":role/spacelift"))
| .Resources[]
| select(.ResourceType == "AWS::STS::AssumedRole" and (.ResourceName | type == "string" and startswith("spacelift-run")))
| .ResourceName'
get-spacelift-run:
desc: get all events for a specific spacelift RUN id which occured in the last 24 hours
cmd: |
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=Username,AttributeValue=spacelift-run-{{ .RUN }} \
--start-time "$(date -u -d '-24 hours' '+%Y-%m-%dT%H:%M:%SZ')" \
--end-time "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \
| jq '[.Events[] | .CloudTrailEvent | fromjson]'
requires:
vars: [RUN] # RUN like 01JCDYYWMQGA3R2XQWH6ZM2HZN
get-userdata:
desc: list userdata for an ec2 intance -- supply the instance ID as CLI args
cmd: |
aws ec2 describe-instance-attribute --instance-id {{.CLI_ARGS}} --attribute userData --output text --query "UserData.Value" | base64 --decode
list-vpcs:
desc: list vpc's and their cidr block
cmd: |
aws ec2 describe-vpcs --query 'Vpcs[*].{VpcId:VpcId,Name:Tags[?Key==`Name`].Value|[0],CidrBlock:CidrBlock}' --output text
Reference in New Issue View Git Blame Copy Permalink