Merge pull request #6 from lamhaison/develop

LGTM

Author: lamhaison

README.md

@@ -8,13 +8,20 @@ This is the project to collect helpful aws cli commandline with complex options
 ## Setup dependencies
 Notes: This document is for macos environment.
 
-## Setup aws-cli
+### Setup aws-cli
 How to install aws cli - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
 ```
 aws --version
 aws-cli/2.8.1 Python/3.9.11 Darwin/22.1.0 exe/x86_64 prompt/off
 ```
 
+### Install jq
+```
+brew install jq
+jq --version
+jq-1.6
+```
+
 ### Install peco
 To allow searching by console.
 ![image](./images/aws_help.png)
@@ -40,8 +47,8 @@ echo "random_string" > ~/.password_assume_role_encrypted
 
 ## Settings when open terminal (I am using iterm)
 ```
-mkdir -p /opt/lamhaison-tools
-git clone git@github.com:lamhaison/aws-cli-utils.git
+mkdir -p /opt/lamhaison-tools && cd /opt/lamhaison-tools
+git clone https://github.com/lamhaison/helpful-commandlines.git
 echo "source /opt/lamhaison-tools/aws-cli-utils/main.sh" >> ~/.bashrc
 ```
 
@@ -71,10 +78,14 @@ mfa_serial = arn:aws:iam::ACCOUNT_NAME_MFA:mfa/ACCOUNT_NAME
 
 
 ## How to use
+### AssumeRole
+```
+Ctrl + @ and press enter and choose the assume role that you want to use.
+```
 ### List all functions
 ```
 aws_help
-You can search list function and after that you can run which funtion_name to get the detail of bashshell code
+You can search list function and after that you can run which funtion_name to get the detail of bashshell code.
 ```
 ### Other
 ```

common/common.sh

@@ -80,10 +80,9 @@ aws_run_commandline_with_logging() {
 		local detail_commandline_tee_command="${tee_command} > /dev/null"
 	fi
 
-	aws_commandline_result=$(aws_run_commandline_with_retry "${aws_commandline}" "${ignored_error_when_retry}")
-
 	echo "------------------------------STARTED--$(date '+%Y-%m-%d-%H-%M-%S')-----------------------------------------" | eval $tee_command >/dev/null
 	echo "Running commandline [ ${aws_commandline_logging} ]" | eval $detail_commandline_tee_command
+	aws_commandline_result=$(aws_run_commandline_with_retry "${aws_commandline}" "${ignored_error_when_retry}")
 	echo $aws_commandline_result | eval $tee_command
 	echo "------------------------------FINISHED-$(date '+%Y-%m-%d-%H-%M-%S')-----------------------------------------" | eval $tee_command >/dev/null
 }

common/help_ssh.sh

@@ -40,13 +40,14 @@ peco_commandline_input() {
 
 	local commandline="${1}"
 	local result_cached=$2
+	local input_expired_time="${3:=$peco_input_expired_time}"
 
 	local md5_hash=$(echo $commandline | md5)
-	local input_folder=${aws_cli_input_tmp}/${ASSUME_ROLE}
+	local input_folder="${aws_cli_input_tmp}/${ASSUME_ROLE:=NOTSET}"
 	mkdir -p ${input_folder}
 	local input_file_path="${input_folder}/${md5_hash}.txt"
 	local empty_file=$(find ${input_folder} -name ${md5_hash}.txt -empty)
-	local valid_file=$(find ${input_folder} -name ${md5_hash}.txt -mmin +${peco_input_expired_time})
+	local valid_file=$(find ${input_folder} -name ${md5_hash}.txt -mmin +${input_expired_time})
 
 	# The file is existed and not empty and the flag result_cached is not empty
 	if [ -z "${valid_file}" ] && [ -f "${input_file_path}" ] && [ -z "${empty_file}" ] && [ -n "${result_cached}" ]; then
@@ -116,6 +117,18 @@ peco_aws_list_db_parameter_groups() {
 	peco_aws_input 'aws rds describe-db-parameter-groups --query "*[].DBParameterGroupName"' 'true'
 }
 
+peco_aws_rds_list_db_cluster_snapshots() {
+	peco_aws_input 'aws rds describe-db-cluster-snapshots \
+		--snapshot-type manual \
+		--query "DBClusterSnapshots[].DBClusterSnapshotIdentifier"'
+}
+
+peco_aws_rds_list_db_snapshots() {
+	peco_aws_input 'aws rds describe-db-snapshots \
+		--snapshot-type manual \
+		--query "DBSnapshots[].DBSnapshotIdentifier"'
+}
+
 peco_aws_list_db_cluster_parameter_groups() {
 	peco_aws_input 'aws rds describe-db-cluster-parameter-groups --query "*[].DBClusterParameterGroupName"' 'true'
 }

common/peco.sh

@@ -5,6 +5,7 @@ export assume_role_password_encrypted="$(cat ~/.password_assume_role_encrypted)"
 export tmp_credentials="/tmp/aws_temporary_credentials"
 export aws_cli_results="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results"
 export aws_cli_logs="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results/logs"
+export aws_cli_images="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results/images"
 export aws_cli_input_tmp="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results/inputs"
 export aws_tmp_input="/tmp/aws_tmp_input_23647494949484.txt"
 export aws_assume_role_print_account_info="false"
@@ -33,15 +34,13 @@ export AWS_DEFAULT_OUTPUT="json"
 alias get-account-alias='aws iam list-account-aliases'
 alias get-account-id='echo AccountId $(aws sts get-caller-identity --query "Account" --output text)'
 
-# Import sub-commandline.
-for module in $(echo "common services"); do
-	for script in $(ls ${AWS_CLI_SOURCE_SCRIPTS}/${module}); do
-		source ${AWS_CLI_SOURCE_SCRIPTS}/${module}/$script
-	done
+# Import sub-commandlines.
+for script in $(find ${AWS_CLI_SOURCE_SCRIPTS} -type f -name '*.sh' | grep -v main.sh); do
+	source $script
 done
 
 # Add hot-keys
-zle -N aws_help
+# zle -N aws_help
 zle -N aws_main_function
 bindkey '^@' aws_main_function
-bindkey '^e' aws_help
+# bindkey '^e' aws_help

main.sh

@@ -6,15 +6,15 @@ import_tmp_credential() {
 }
 
 zip_tmp_credential() {
-	cd $tmp_credentials
+	cd $tmp_credentials >/dev/null
 	echo "Encrypt temporary credential for assume-role ${ASSUME_ROLE} at ${tmp_credentials}/${ASSUME_ROLE}.zip"
 
 	if [ -f "${tmp_credentials}/${ASSUME_ROLE}.zip" ]; then
 		rm -rf ${tmp_credentials}/${ASSUME_ROLE}.zip
 	fi
 
 	zip -q -P $assume_role_password_encrypted $ASSUME_ROLE.zip $ASSUME_ROLE && rm -rf $ASSUME_ROLE
-	cd -
+	cd - >/dev/null
 }
 
 aws_assume_role_reset() {
@@ -42,12 +42,12 @@ aws_assume_role_re_use_current() {
 }
 
 aws_assume_role_unzip_tmp_credential() {
-	cd $tmp_credentials
+	cd $tmp_credentials >/dev/null
 	assume_role_name=$1
 	rm -rf ${assume_role_name}
 	unzip -P $assume_role_password_encrypted ${assume_role_name}.zip
 	echo "You credential is save here ${tmp_credentials}/${assume_role_name}"
-	cd -
+	cd - >/dev/null
 }
 
 aws_assume_role_remove_tmp_credential() {
@@ -145,7 +145,7 @@ aws_assume_role_set_name() {
 		# cd ${aws_cli_results}
 
 		if [ "${aws_assume_role_print_account_info}" = "true" ]; then
-			aws_account_infos
+			aws_account_info
 		fi
 	else
 		echo "Please try again, the assume role action was not complete"
@@ -178,7 +178,7 @@ aws_assume_role_set_name_with_hint_peco() {
 
 }
 
-aws_account_infos() {
+aws_account_info() {
 	get-account-alias
 
 	local aws_account_id=$(aws_run_commandline_with_retry 'aws sts get-caller-identity --query "Account" --output text' "true")
@@ -187,3 +187,11 @@ aws_account_infos() {
 
 	echo AWS Region ${AWS_REGION:?"The AWS_REGION is unset or empty"}
 }
+
+aws_assume_role_get_tmp_credentials_for_new_members() {
+	local tmp_credentials_file="${tmp_credentials}/${ASSUME_ROLE}"
+	aws_assume_role_set_name_with_hint
+	aws_assume_role_unzip_tmp_credential $assume_role
+	cat ${tmp_credentials_file} && rm -rf ${tmp_credentials_file}
+
+}

services/assume_role.sh

@@ -23,7 +23,7 @@ aws_events_disable_rule() {
 	set -x
 	rule_name=$1
 
-	aws_account_infos
+	aws_account_info
 	echo "Disable rule ${rule_name}"
 	aws events describe-rule --name $1
 	aws events disable-rule --name $1

services/aws_events.sh

@@ -42,6 +42,11 @@ aws_cloudfront_invalidate_cache() {
 			--paths '${aws_distribution_path}'
 	"
 
+	echo "\
+		How to get the status of the invalidate cloudfront request
+		aws cloudfront get-invalidation --id \$aws_cloudfront_invalidation_id --distribution-id $aws_distribution_id
+	"
+
 }
 
 aws_cloudfront_invalidate_cache_with_hint() {

services/cloudfront.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+aws_cloudwatch_list_alarms() {
+	aws_run_commandline "\
+		aws cloudwatch describe-alarms
+	"
+}
+
+aws_cloudwatch_list_alb_arn() {
+	aws_run_commandline "\
+		aws elbv2 describe-load-balancers --query '*[].LoadBalancerArn'
+	"
+}
+
+aws_cloudwatch_get_graph() {
+	local aws_cloudwatch_widget_image=$1
+	local graph_file_path="${aws_cli_images}/${ASSUME_ROLE}"
+	mkdir -p ${graph_file_path}
+	local graph_file_name_full_path="$(mktemp ${graph_file_path}/${ASSUME_ROLE}-XXXXXXXXXXXXXX).png"
+	aws cloudwatch get-metric-widget-image \
+		--metric-widget ${aws_cloudwatch_widget_image} \
+		--output-format png --output text | base64 --decode >${graph_file_name_full_path}
+
+	echo "Access the graph by the url ${graph_file_name_full_path}"
+}
+
+aws_cloudwatch_list_dashboards() {
+	aws_run_commandline "\
+		aws cloudwatch list-dashboards \
+			--query '*[].{DashboardName:DashboardName,LastModified:LastModified}'
+	"
+}
+
+# To return json for the dashboard. But the JSON is not valid.
+# TODO Later
+aws_cloudfront_get_dashboard() {
+	aws_run_commandline "\
+		aws cloudwatch get-dashboard \
+			--dashboard-name ${1:?'aws_cloudwatch_dashboard_name is unset or empty'} \
+			--query 'DashboardBody' --output text
+	"
+}
+
+aws_cloudfront_update_dashboard() {
+	echo "Load dashboard data from file ${2}"
+	local aws_coudwatch_dashboard_body=$(cat $2)
+	aws cloudwatch put-dashboard \
+		--dashboard-name ${1:?'aws_cloudwatch_dashboard_name is unset or empty'} \
+		--dashboard-body ${aws_coudwatch_dashboard_body}
+
+}

services/cloudwatch.sh

@@ -110,7 +110,9 @@ aws_subnet_list() {
 aws_ec2_list_subnets() {
 	aws_run_commandline \
 		"
-		aws ec2 describe-subnets
+		aws ec2 describe-subnets \
+			--query '*[].{VpcId:VpcId,SubnetId:SubnetId,\
+				AvailabilityZone:AvailabilityZone,Name:Tags[?Key==\`Name\`].Value | [0]}' --output table
 	"
 }
 
@@ -130,15 +132,15 @@ aws_sg_get() {
 	"
 }
 
-aws_sg_add_rule() {
+aws_sg_add_rule_instruction() {
 	aws_sg_id=$1
 
 	echo "\
 		# Allow access the ssh from a specific IP address
 		aws ec2 authorize-security-group-ingress \
-		--group-id ${aws_sg_id:?'aws_sg_id is unset or empty'} \
+		--group-id ${aws_sg_id:="\$aws_sg_id"} \
 		--protocol tcp --port 22 \
-		--cidr $(lamhaison_get_public_ip)/32
+		--cidr $(dig +short myip.opendns.com @resolver1.opendns.com)/32
 	"
 }