Skip to content

AWS Tools

🛠️ Tools · ⬅ Top 

   ▄▄    ▄▄      ▄▄   ▄▄▄▄
  ████   ██      ██ ▄█▀▀▀▀█
  ████   ▀█▄ ██ ▄█▀ ██▄
 ██  ██   ██ ██ ██   ▀████▄
 ██████   ███▀▀███       ▀██
▄██  ██▄  ███  ███  █▄▄▄▄▄█▀
▀▀    ▀▀  ▀▀▀  ▀▀▀   ▀▀▀▀▀

AWS stands for Amazon Web Services and tools related to interacting with the aws binary.

awsInstall

aws Command-Line install

Usage

awsInstall

aws Command-Line install

Installs x86 or aarch64 binary based on HOSTTYPE.

Arguments

  • none

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

Requires

packageInstall urlFetch

AWS Security Groups

awsIPAccess

Grant access to AWS security group for this IP only using Amazon IAM credentials

Usage

awsIPAccess [ --profile profileName ] --services service0,service1,... [ --id developerId ] --group securityGroup [ --ip ip ] [ --revoke ] [ --help ]

Register current IP address in listed security groups to allow for access to deployment systems from a specific IP. Use this during deployment to grant temporary access to your systems during deployment only. Build scripts should have a $(decorate code --revoke) step afterward, always. services are looked up in /etc/services and match /tcp services only for port selection

If no /etc/services matches the default values are supported within the script: mysql,postgres,ssh,http,https You can also simply supply a list of port numbers, and mix and match: --services ssh,http,3306,12345 is valid

Arguments

  • --profile profileName - String. Optional. Use this AWS profile when connecting using ~/.aws/credentials --services service0,service1,- ... - List. Required. List of services to add or remove (service names or port numbers)
  • --id developerId - String. Optional. Specify an developer id manually (uses DEVELOPER_ID from environment by default)
  • --group securityGroup - String. Required. String. Specify one or more security groups to modify. Format: sg- followed by hexadecimal characters.
  • --ip ip - Optional. IP. Specify bn IP manually (uses ipLookup tool from tools.sh by default)
  • --revoke - Flag. Optional. Remove permissions
  • --help - Flag. Optional. Show this help

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

Environment

awsSecurityGroupIPModify

Modify an EC2 Security Group

Usage

awsSecurityGroupIPModify --remove [ --add ] [ --register ] --group group [ --region region ] [ --port port ] --description description [ --ip ip ] [ --help ]

Usages can be

awsSecurityGroupIPModify --add --group group [ --region region ] --port port --description description --ip ip
awsSecurityGroupIPModify --remove --group group [ --region region ] --description description

Modify an EC2 Security Group and add or remove an IP/port combination to the group.

Arguments

  • --remove - Optional. Flag. Remove instead of add - only group, and description required.
  • --add - Optional. Flag. Add to security group (default).
  • --register - Optional. Flag. Add it if not already added.
  • --group group - Required. String. Security Group ID
  • --region region - Optional. String. AWS region, defaults to AWS_REGION. Must be supplied.
  • --port port - Required for --add only. Integer. service port
  • --description description - Required. String. Description to identify this record.
  • --ip ip - Required for --add only. String. IP Address to add or remove.
  • --help - Optional. Flag. Display this help.

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

AWS Tools

awsIsKeyUpToDate

Test whether the AWS keys do not need to be updated

Usage

awsIsKeyUpToDate upToDateDays

For security we gotta update our keys every 90 days

This value would be better encrypted and tied to the AWS_ACCESS_KEY_ID so developers can not just update the value to avoid the security issue.

This tool checks the environment AWS_ACCESS_KEY_DATE and ensures it's within upToDateDays of today; if not this fails.

It will also fail if:

  • upToDateDays is less than zero or greater than 366
  • AWS_ACCESS_KEY_DATE is empty or has an invalid value

Otherwise, the tool may output a message to the console warning of pending days, and returns exit code 0 if the AWS_ACCESS_KEY_DATE has not exceeded the number of days.

Arguments

  • none

Examples

if ! awsIsKeyUpToDate 90; then
    bigText Failed, update key and reset date
    exit 99
fi

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

Environment

  • AWS_ACCESS_KEY_DATE - Date. Date of key expiration which can be checked in pipelines. Not part of the Amazon specification but a good idea to track expiration of keys.
  • Variable used to test
  • AWS_ACCESS_KEY_DATE - Date. Date of key expiration which can be checked in pipelines. Not part of the Amazon specification but a good idea to track expiration of keys.
  • Read-only. Date. A YYYY-MM-DD formatted date which represents the date that the key was generated.

awsRegionValid

Check an AWS region code for validity

Usage

awsRegionValid region

Checks an AWS region identifier for validity as of September 2024. Note that passing no parameters returns success. Return Code: 0 - All regions are valid AWS region Return Code: 1 - One or more regions are NOT a valid AWS region

Arguments

  • region ... - String. Required. The AWS Region to validate.

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

AWS Credentials

awsCredentialsFile

Get the path to the AWS credentials file

Usage

 awsCredentialsFile [ --verbose ] [ --help ] [ --home homeDirectory ]

Get the credentials file path, optionally outputting errors

Pass a true-ish value to output warnings to stderr on failure

Pass any value to output warnings if the environment or file is not found; otherwise output the credentials file path.

If not found, returns with exit code 1.

Return Code: 1 - If $HOME is not a directory or credentials file does not exist Return Code: 0 - If credentials file is found and output to stdout

Arguments

  • --help - Optional. Flag. Display this help.
  • --verbose - Flag. Optional. Verbose mode
  • --create - Optional. Flag. Create the directory and file if it does not exist
  • --home homeDirectory - Optional. Directory. Home directory to use instead of $HOME.

Examples

credentials=$(awsCredentialsFile) || throwEnvironment "$handler" "No credentials file found" || return $?

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsHasEnvironment

Test whether the AWS environment variables are set or not

Usage

awsHasEnvironment [ --help ]

This tests AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and if both are non-empty, returns exit code 0 (success), otherwise returns exit code 1. Fails if either AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY is blank

Return Code: 0 - If environment needs to be updated Return Code: 1 - If the environment seems to be set already

Arguments

  • --help - Optional. Flag. Display this help.

Examples

if awsHasEnvironment; then
...
fi

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

Environment

  • AWS_ACCESS_KEY_ID - String. Amazon Web Services IAM Identity
  • Read-only. If blank, this function succeeds (environment needs to be updated)
  • AWS_SECRET_ACCESS_KEY - Secret. Private Secret Password for AWS
  • Read-only. If blank, this function succeeds (environment needs to be updated)

awsCredentialsAdd

Write an AWS profile to the AWS credentials file

Usage

awsCredentialsAdd [ --profile profileName ] [ --force ] [ --comments ] [ --help ] [ key ] [ secret ]

Write the credentials to the AWS credentials file.

If the AWS credentials file is not found, it is created

Arguments

  • --profile profileName - String. Optional. The credentials profile to write (default value is default)
  • --force - Flag. Optional. Write the credentials file even if the profile already exists
  • --comments - Flag. Optional. Write comments to the credentials file (in addition to updating the record).
  • --help - Optional. Flag. Display this help.
  • key - The AWS_ACCESS_KEY_ID to write
  • secret - The AWS_SECRET_ACCESS_KEY to write

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsCredentialsRemove

Remove credentials from the AWS credentials file

Usage

awsCredentialsRemove [ --help ] [ --profile profileName ] [ --force ] [ profileName ]

Remove credentials from the AWS credentials file

If the AWS credentials file is not found, succeeds.

Arguments

  • --profile profileName - String. Optional. The credentials profile to write (default value is default)
  • --comments - Flag. Optional. Write comments to the credentials file (in addition to updating the record).

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsEnvironmentFromCredentials

Get credentials and output environment variables for AWS authentication

Usage

awsEnvironmentFromCredentials [ profileName ] | [ --profile profileName ]

Load the credentials supplied from the AWS credentials file and output shell commands to set the appropriate AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values.

If the AWS credentials file is not found, returns exit code 1 and outputs nothing. If the AWS credentials file is incomplete, returns exit code 1 and outputs nothing.

Both forms can be used, but the profile should be supplied once and only once.

Arguments

  • profileName - String. Optional. The credentials profile to load (default value is default and loads section identified by [default] in ~/.aws/credentials)
  • --profile profileName - String. Optional. The credentials profile to load (default value is default and loads section identified by [default] in ~/.aws/credentials)
  • --comments - Flag. Optional. Write comments to the credentials file (in addition to updating the record).
  • --help - Optional. Flag. Display this help.

Examples

setFile=$(fileTemporaryName "$handler") || return $?
if awsEnvironment "$profile" > "$setFile"; then
eval $(cat "$setFile")
rm "$setFile"
else
decorate error "Need $profile profile in aws credentials file"`
exit 1
fi

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsCredentialsFromEnvironment

Write an AWS profile to the AWS credentials file

Usage

awsCredentialsFromEnvironment [ --profile profileName ] [ --force ] [ --help ]

Write the credentials to the AWS credentials file.

If the AWS credentials file is not found, returns exit code 1 and outputs nothing. If the AWS credentials file is incomplete, returns exit code 1 and outputs nothing.

Arguments

  • --profile profileName - String. Optional. The credentials profile to write (default value is default)
  • --force - Flag. Optional. Write the credentials file even if the profile already exists
  • --help - Optional. Flag. Display this help.

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsCredentialsHasProfile

Get credentials and output environment variables for AWS authentication

Usage

awsEnvironment profileName

Extract a profile from a credentials file

If the AWS credentials file is not found, returns exit code 1 and outputs nothing. If the AWS credentials file is incomplete, returns exit code 1 and outputs nothing.

Arguments

  • profileName - The credentials profile to load (default value is default and loads section identified by [default] in ~/.aws/credentials)
  • --help - Optional. Flag. Display this help.

Examples

setFile=$(fileTemporaryName "$handler") || return $?
if awsEnvironment "$profile" > "$setFile"; then
eval $(cat "$setFile")
rm "$setFile"
else
decorate error "Need $profile profile in aws credentials file"`
exit 1
fi

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsProfilesList

List AWS profiles available in the credentials file

Usage

awsProfilesList [ --help ]

List AWS profiles available in the credentials file

Arguments

  • --help - Optional. Flag. Display this help.

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

S3 Tools

isS3URL

Is the URL passed in a S3 URL?

Usage

isS3URL [ value ]

Is the URL passed in a S3 URL? Without arguments, displays help.

Arguments

  • value - EmptyString. Value to check.

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsS3Upload

Upload a set of files or directories to S3.

Usage

awsS3Upload [ --help ] [ --handler handler ] --target target item [ --profile profileName ]

Upload a set of files or directories to S3. Creates a manifest.json file at target with structure: - hostname - host name which sent results - created - Milliseconds creation time - createdString - Milliseconds creation time in current locale language - arguments - arguments to this function Creates a files.json with a list of files as well at target

Arguments

  • --help - Optional. Flag. Display this help.
  • --handler handler - Optional. Function. Use this error handler instead of the default error handler.
  • --target target - Required. S3 URL. S3 URL to upload to (with path)
  • item - Required. A file or directory to upload to S3. All files and directories are uploaded as the same name in the top-level directory target.
  • --profile profileName - Optional. String, S3 Profile to use when using S3

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error

awsS3DirectoryDelete

Delete a directory remotely on S3

Usage

awsS3DirectoryDelete [ --help ] [ --handler handler ] [ --show ] url ...

Delete a directory remotely on S3

Arguments

  • --help - Optional. Flag. Display this help.
  • --handler handler - Optional. Function. Use this error handler instead of the default error handler.
  • --show - Optional. Flag. Show what would change, do not change anything.
  • url ... - Required. URL. AWS S3 URL to delete

Return codes

  • 0 - Success
  • 1 - Environment error
  • 2 - Argument error