Just curious on how do i pipe file directly to aws ssm parameter store? e.g.
# Put into ssm parameter store
cat my_github_private.key | aws ssm put-parameter --region ap-southeast-1 --name MY_GITHUB_PRIVATE_KEY --type SecureString --key-id alias/aws/ssm --value ???
# And read it back
aws ssm get-parameter --region ap-southeast-1 --name MY_GITHUB_PRIVATE_KEY --with-decryption --query Parameter.Value --output text > my_github_private.key.1
# Two should be identical
diff my_github_private.key my_github_private.key.1
Rather than taking the value from stdin can you directly add to the command line arguments?
aws ssm put-parameter \
--region ap-southeast-1 \
--name MY_GITHUB_PRIVATE_KEY \
--type SecureString \
--key-id alias/aws/ssm \
--value file://my_github_private.key
Note: --value "$(cat my_github_private.key)" also works
IF you are using terraform:
data "local_file" "yourkeyfile" {
filename = "keys/yourkey.pem"
}
resource "aws_ssm_parameter" "aresource-name-for-your-key" {
name = "/the/ssm/key"
type = "SecureString"
value = "${data.local_file.yourkeyfile.content}"
}
Remember to crypt yourkey.pem for example using blackbox
#tkwargs,
how to get only value from key.json file and example
aws ssm put-parameter \
--region ap-southeast-1 \
--name MY_GITHUB_PRIVATE_KEY \
--type SecureString \
--key-id alias/aws/ssm \
--value "$(cat my_github_private.json file and get value only)"
Related
I am trying to write a query for a specific stack. It looks like this:
$ aws cloudformation describe-stacks --region $AWS_REGION --profile $AWS_PROFILE --stack-name MyStack --query 'Stacks[?StackName == "MyStack"]'
[]
As you can see the output is an empty array. On the other hand:
$ aws cloudformation describe-stacks --region $AWS_REGION --profile $AWS_PROFILE --stack-name MyStack --query 'Stacks[0]'
{
// the output
}
What am I missing in my query version? How do I fix it?
Enclose the value in backquotes:
--query 'Stacks[?StackName == `MyStack`]'
Filtering AWS CLI output - AWS Command Line Interface
We are trying to create a listener rule with conditions-Host header in elastic load balancer by aws cli.
aws elbv2 create-rule
--listener-arn arn:aws:elasticloadbalancing:ap-south-1:123456789:listener/app/testing-alb/6sdfgsgs5fg45s4fg5sd \
--conditions test.com \
--priority 5 \
--actions arn:aws:elasticloadbalancing:ap-south-1:123456789:targetgroup/tgtest-1/hsdjif444225 \
--region ap-south-1 \
--output json
However, we got a error like this,
Error parsing parameter '--conditions': Expected: '=', received: 'EOF' for input:
test.com
^
If you want to do this inline, here is the correct syntax:
aws elbv2 create-rule \
--listener-arn arn:aws:elasticloadbalancing:ap-south-1:123456789:listener/app/testing-alb/6sdfgsgs5fg45s4fg5sd \
--conditions '[{"Field":"host-header","HostHeaderConfig":{"Values":["test.com"]}}]' \
--priority 5 \
--actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:ap-south-1:123456789:targetgroup/tgtest-1/hsdjif444225 \
--region ap-south-1 \
--output json
I am trying to get a list of 'active' peering connections via aws ec2 ec2 describe-vpc-peering-connections. Here is what I have tried:
aws ec2 describe-vpc-peering-connections --region=eu-west-3 \
--filter 'Name=accepter-vpc-info.vpc-id,Values=vpc-xxxxxx Name=status-code,Values=active' \
--query 'VpcPeeringConnections[*].VpcPeeringConnectionId' --output text
But I get the error:
Error parsing parameter '--filters': Second instance of key "Values" encountered for input:
Name=accepter-vpc-info.vpc-id,Values=vpc-xxxxxxxx Name=status-code,Values=active
^
This is often because there is a preceeding "," instead of a space.
I think I need the , right? Is there something else I am getting wrong?
aws ec2 describe-vpc-peering-connections \
--region=eu-west-3 \
--filter Name=accepter-vpc-info.vpc-id,Values=vpc-xxxxxx \
--filter Name=status-code,Values=active \
--query 'VpcPeeringConnections[*].VpcPeeringConnectionId' \
--output text
OR
aws ec2 describe-vpc-peering-connections \
--region=eu-west-3 \
--filter 'Name=accepter-vpc-info.vpc-id,Values=vpc-xxxxxx' \
'Name=status-code,Values=active' \
--query 'VpcPeeringConnections[*].VpcPeeringConnectionId' \
--output text
Combining server-side and client-side filtering
Is there anyway to just nuke / remove all items in AWS Parameters Store?
All the command line I found are to remove it either one by one or remove it given a list of names.
I also tried using
aws ssm delete-parameters --cli-input-json test.json
with test.json file looks like this
{
"Names": [
"test1",
"test2"
]
}
still does not work..
Ideally if I can use --query and use it as is, that'd be great.
I'm using --query like so
aws ssm get-parameters-by-path --path / --max-items 2 --query 'Parameters[*].[Name]'
When you need to delete all parameters by path in AWS Systems Manager Parameter Store and there are more than 10 parameters you have to deal with pagination.
Otherwise, an the command will fail with the error:
An error occurred (ValidationException) when calling the DeleteParameters operation: 1 validation error detected: Value '[/config/application/prop1, ...]' at 'names' failed to satisfy constraint: Member must have length less than or equal to 10
The following Bash script using AWS CLI pagination options deletes any number of parameters from AWS SSM Parameter Store by path:
#!/bin/bash
path=/config/application_dev/
while : ; do
aws ssm delete-parameters --names $(aws ssm get-parameters-by-path --path "$path" --query "Parameters[*].Name" --output text --max-items 10 $starting_token | grep -v None)
next_token=$(aws ssm get-parameters-by-path --path "$path" --query NextToken --output text --max-items 10 | grep -v None)
if [ -z "$next_token" ]; then
starting_token=""
break
else
starting_token="--starting-token $next_token"
fi
done
You can combine get-parameters-by-path with delete-parameters:
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --query Parameters[].Name --output text`
I tested it by creating two parameters, then running the above command. It successfully deleted by parameters.
try this and execute multiple times
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`
Adding to the above. I had to delete around 400 params from the parameter store. Ran the below in command line and it did it! (Change 45 in for loop to whatever number you like);
for ((n=0;n<**45**;n++)); do
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`
done
This is my one line solution for this:
$ for key in $(aws ssm get-parameters-by-path --path "/" --recursive | jq -r '.Parameters[] | .Name' | tr '\r\n' ' '); do aws ssm delete-parameter --name ${key}; done
NOTE: Be careful if you copy & paste this as it will remove everything under "/"
I want to save output of an AWS CLI in a variable and use that variable in another AWS CLI, what I did is as follows:
taskarn= aws ecs list-tasks --cluster mycluster --service-name "myService" --region "eu-west-1" --output text | grep "arn" | tr -d '"'
echo $taskarn; //empty
aws ecs stop-task --cluster mycluster --task $taskarn --region "eu-west-1"
when I echo $taskarn, it is empty.
Any help would be appreciated.
I used the following command and it works fine:
taskarn=$(aws ecs list-tasks --cluster mycluster --service-name "myservice" --region "eu-west-1" | grep "arn" | tr -d '"')
echo $taskarn;
aws ecs stop-task --cluster mycluster --task $taskarn --region "eu-west-1"
Use backquote to execute the command and assign the result to the variable.
taskarn=`aws ecs list-tasks --cluster mycluster --service-name "myService" --region "eu-west-1" --output text | grep "arn" | tr -d '"'`
But the correct way is to use the --query option of the CLI to extract what you want.