Is it possible to get complete resources/instances related details easily in excel or cloud formation template of our existing AWS account!!
This is not a service that AWS provides out of the box, you would need to make use of the CLI or SDK to retrieve these details in a format that matches what you want.
No. It is not possible to get a list of all the resources in an account. You will have to use AWS CLI and use options like
aws configservice list-discovered-resources --resource-type
Where resource type is the type of resource you want to fetch the list for.
Hope this helps.
Related
I'm working with aws and implementing CI/CD using their developer tools. Each of the tools requires a service role, so I decided to just update my existing service role with the correct permissions. The problem is I don't know where to find the list of values to use for each service.
Below I just guessed the right name after creating a role, but I prefer not to guess
I searched the docs and found these names and I also tried using the cli to find the ids: aws describe-services or aws help but that list doesn't match.
How do I find the values to update these policies?
Based on comments there is no official API. But there is an unofficial List of AWS Service Principals been kind of maintained by the people.
We have an API app that uses Firebase Admin to send messages to devices.
Earlier, we used to specify the service account key using environment variable like GOOGLE_APPLICATION_CREDENTIALS="path_to_file.json".
But now, since we are shifting to AWS Elastic Container Service on Fargate, I am unable to figure out how to put this file in the container for AWS ECS.
Any advice highly appreciated.
Thanks
Solved it by storing the service key as a JSON Stringified environment variable & using admin.credential.cert() instead of defaultAppCredentials.
Refer: https://firebase.google.com/docs/reference/admin/node/admin.credential#cert
I would suggest instead AWS Secrets Manager that is purpose-built for storing secrets. Take a look to his blog post:
https://aws.amazon.com/blogs/compute/securing-credentials-using-aws-secrets-manager-with-aws-fargate/
Even better than using environment variables which have their own downsides, you can leverage AWS Parameter Store which is a secure way to manage secrets in the AWS environment (where secrets are encrypted both in transit and at rest).
You'd need to create an IAM role for Amazon ECS for your code to have access to the Parameter Store.
You may want to check this article: https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter-store-and-iam-roles-for-tasks/
Use the specific method from_service_account_info as described here. You then pass the content of the credentials json file as a dictionary.
I am trying to access the aws rds api to describe db snapshots. I plan on having this be parsed so that I can list all the available aws snapshots by id using groovy. However the biggest problem I am having is getting the api in the first place. I took a look at AWS's reference on this topic but I can't seem to figure out how to generate the pre-signed portion of the request with credentials. I am not sure why that part is even necessary. Why can't the user authenticate using the Access key ID and the Secret access key combination?
The reference:
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshots.html
The section with the issue:
https://rds.us-west-2.amazonaws.com/
?Action=DescribeDBSnapshots
&IncludePublic=false
&IncludeShared=true
&MaxRecords=100
&SignatureMethod=HmacSHA256
&SignatureVersion=4
&Version=2014-09-01
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIADQKE4SARGYLE/20140421/us-west-2/rds/aws4_request
&X-Amz-Date=20140421T194732Z
&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
&X-Amz-Signature=4aa31bdcf7b5e00dadffbd6dc8448a31871e283ffe270e77890e15487354bcca
If groovy is a hard requirement, I'd look into something like this https://grails.org/plugin/aws-sdk
If you're comfortable with Java, I'd say use the official AWS-SDK
If you're scripting this out, you could also use the official AWS cli tool and do something like
aws rds describe-db-snapshots [OPTIONS]
From there you could use a tool like jq to zero-in and parse out your specific ID's. You can find more documentation here.
The way you'd authorize with the SDK is either through environment variables (the preferred approach) or probably hardcoding your KEY and SECRET (big no no)
I think rather than trying to directly communicate with the API directly you should make use of the built in wrappers that AWS provide.
If you're accessing this with a supported programmatic language take a look at the AWS SDKs. There are currently officially supported libraries for:
C++
Go
Java
JavaScript
.NET
NodeJS
PHP
Python
Ruby
If your language of choice is not covered there may be a third party solution already. Alternatively take a look at the AWS CLI to resolve your problem.
For your specific action describe-db-snapshots you can get a list of all IDs by running the below, then parse as JSON.
aws rds describe-db-snapshots --query 'DBSnapshots[*].DBSnapshotIdentifier' --format json
I want to add dashboards(including the metrics) in aws account A to my aws account B in AWS CloudWatch, is it possible to do that? In order to do that, what kind of permission should I have to add dashboards from account A?
Thank you.
CloudWatch now supports cross account cross region dashboards. See the documentation - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region
EDIT: This is now a supported feature in CloudWatch Console - see the official documentation
This is not something supported by CloudWatch today, but you could use CloudWatch GetMetricWidgetImage API to basically snapshot the data, put the graph image in a shared s3 bucket and display that instead.
See an example here
I wanted to create an AWS Dashboard using cloudformation but did find a way.
Guess AWS has not yet added support for that.
As an alternative is it possible to create that using AWS CLI
AWS just announced support for this.
https://aws.amazon.com/blogs/aws/new-api-cloudformation-support-for-amazon-cloudwatch-dashboards/
CloudFormation documentation is also available: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-dashboard.html
If I'm correct your question is concerns Resource Groups. It is not possible at this time to create Resource Group in Cloud Formation Templates or via the awscli.
Resource Groups are tied to a User, not an account - so it's not possible to define them at an account level and allow Users to access them.
It's possible for a User to 'Share' a Resource Group they've created by passing a URL to another User.