vpc
describe region and abailability zone
$ aws ec2 describe-regions --filters 'Name=region-name,Values=ap-northeast-1'
{
"Regions": [
{
"Endpoint": "ec2.ap-northeast-1.amazonaws.com",
"RegionName": "ap-northeast-1",
"OptInStatus": "opt-in-not-required"
}
]
}
$ aws ec2 describe-availability-zones --filters 'Name=region-name,Values=ap-northeast-1'
{
"AvailabilityZones": [
{
"State": "available",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1a",
"ZoneId": "apne1-az4"
},
{
"State": "available",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1c",
"ZoneId": "apne1-az1"
},
{
"State": "available",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1d",
"ZoneId": "apne1-az2"
}
]
}
vpc
$ aws ec2 describe-vpcs --filter "Name=cidr,Values=172.16.100.0/24"
$ aws ec2 create-vpc --cidr-block 172.16.100.0/24
$ aws ec2 describe-vpc-attribute --attribute enableDnsHostnames --vpc-id <vpc>
$ aws ec2 modify-vpc-attribute --enable-dns-hostnames --vpc-id <vpc>
Before remove vpc, subnet need to be removed.
$ aws ec2 delete-vpc --vpc-id <vpc>
tag
$ aws ec2 describe-vpcs --filters "Name=tag:Name,Values=test"
$ jq . tags.json
[
{
"Key": "Name",
"Value": "test"
}
]
$ aws ec2 create-tags --resources <vpc> --tags file://tags.json
$ aws ec2 create-tags --resources <vpc> --tags '{"Key":"Name", "Value":"test"}'
subnets
$ aws ec2 describe-subnets --filters "Name=cidr-block,Values=172.16.100.0/26"
$ aws ec2 create-subnet --vpc-id <vpc> --cidr-block 172.16.100.0/26
$ aws ec2 delete-subnet --subnet-id <subnet>
nacl
$ aws ec2 describe-network-acls --filters "Name=vpc-id,Values=<vpc>"
$ aws ec2 create-network-acl --vpc-id <vpc>
$ aws ec2 replace-network-acl-association --association-id <aclassoc> --network-acl-id <nacl>
$ aws ec2 delete-network-acl --network-acl-id <nacl>
nacl entry
protocol - all: -1 - icmp: 1 - tcp: 6 - udp: 17 - icmpv6: 58
$ aws ec2 describe-network-acls --filters "Name=network-acl-id,Values=<nacl>"
$ aws ec2 create-network-acl-entry --ingress --network-acl-id <nacl> --cidr-block 172.16.100.64/26 --protocol -1 --rule-action allow --rule-number 100
$ aws ec2 create-network-acl-entry --egress --network-acl-id <nacl> --cidr-block 172.16.100.64/26 --protocol -1 --rule-action allow --rule-number 100
$ aws ec2 delete-network-acl-entry --ingress --network-acl-id <nacl> --rule-number 100
internet gateway
$ aws ec2 describe-internet-gateways --query 'InternetGateways[?Attachments[?VpcId == `<vpc>`]]'
$ aws ec2 create-internet-gateway
$ aws ec2 attach-internet-gateway --internet-gateway-id <internetgateway> --vpc-id <vpc>
$ aws ec2 detach-internet-gateway --internet-gateway-id <internetgateway> --vpc-id <vpc>
$ aws ec2 delete-internet-gateway --internet-gateway-id <internetgateway>
route table
$ aws ec2 describe-route-tables --filters "Name=vpc-id,Values=<vpc>"
$ aws ec2 create-route-table --vpc-id <vpc>
$ aws ec2 associate-route-table --route-table-id <routetable> --subnet-id <subnet>
$ aws ec2 describe-route-tables --filters "Name=route-table-id,Values=<routetable>"
$ aws ec2 create-route --destination-cidr-block 0.0.0.0/0 --gateway-id <internetgateway> --route-table-id <routetable>
$ aws ec2 delete-route --destination-cidr-block 0.0.0.0/0 --route-table-id <routetable>
$ aws ec2 disassociate-route-table --association-id <rtbassoc>
$ aws ec2 delete-route-table --route-table-id <routetable>
security group
$ aws ec2 describe-security-groups --filters "Name=vpc-id,Values=<vpc>"
$ aws ec2 create-security-group --description "<description>" --group-name "<name>" --vpc-id <vpc>
$ aws ec2 describe-security-groups --filters "Name=group-id,Values=<securitygroup>"
$ aws ec2 authorize-security-group-ingress --group-id <securitygroup> --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "IpRanges": [{"CidrIp": "xxx.xxx.xxx.xxx/32", "Description": "ssh incoming access"}]}]'
$ aws ec2 revoke-security-group-ingress --group-id <securitygroup> --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "IpRanges": [{"CidrIp": "xxx.xxx.xxx.xxx/32", "Description": "ssh incoming access"}]}]'
$ aws ec2 delete-security-group --group-id <securitygroup>
key pair
$ aws ec2 describe-key-pairs
$ aws ec2 describe-key-pairs --key-names <keyname>
$ aws ec2 create-key-pair --key-name <keyname> | tee id_rsa.testkey.json
$ aws ec2 delete-key-pair --key-name <keyname>
$ aws ec2 import-key-pair --key-name <keyname> --public-key-material file://id_rsa.testkey.pub
save the private key
$ jq -r '.KeyMaterial' id_rsa.testkey.json > id_rsa.testkey.nopass
$ openssl rsa -aes256 -in id_rsa.testkey.nopass -out id_rsa.testkey
$ chmod 600 id_rsa.testkey
($ rm id_rsa.testkey.json id_rsa.testkey.nopass)
volume
$ aws ec2 describe-volumes
$ aws ec2 create-volume --volume-type gp2 --size <size> --availability-zone <az>
$ aws ec2 delete-volume --volume-id <volume>
attach a volume to a instance
$ aws ec2 describe-instances --filters Name=instance-id,Values=<instance> --query 'Reservations[].Instances[].BlockDeviceMappings[]'
$ aws ec2 attach-volume --volume-id <volume> --instance-id <instance> --device /dev/xvdb
after the image attached, then make partition table, partition and file system on the os side.
$ lsblk
$ sudo fdisk -l /dev/nvme1n1
$ sudo fdisk /dev/nvme1n1
$ sudo mkswap /dev/nvme1n1p1
$ sudo swapon /dev/nvme1n1p1
$ cat /proc/swaps
$ ls -l /dev/disk/by-uuid/
$ echo "UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none swap defaults 0 0" | sudo tee -a /etc/fstab
extend volume
$ aws ec2 describe-volumes --filters Name=volume-id,Values=<volume>
$ aws ec2 modify-volume --size <size> --volume-id <volume>
after that, extend partition and file system
$ df
$ sudo growpart /dev/nvme0n1 1
$ lsblk
$ sudo xfs_growfs -d /
ami
$ aws ec2 describe-images --filters "Name=owner-id,Values=<id>"
$ aws ec2 describe-images --filters "Name=image-id,Values=<ami>"
$ aws ec2 create-image --instance-id <instance> --name <name>
$ aws ec2 deregister-image --image-id <ami>
after deregister-image, need to delete snapshots and volumes
snapshot
$ aws ec2 describe-snapshots --filters Name=owner-id,Values=<id>
$ aws ec2 describe-snapshots --filters Name=snapshot-id,Values=<snapshot>
$ aws ec2 delete-snapshot --snapshot-id <snapshot>
$ aws ec2 create-snapshot --volume-id <volume>
launch template
$ aws ec2 describe-launch-templates
$ jq . template.json
{
"ImageId": "<ami>",
"InstanceType": "t3.nano",
"CreditSpecification": {
"CpuCredits": "standard"
},
"KeyName": "<keyname>",
"InstanceInitiatedShutdownBehavior": "terminate"
}
$ aws ec2 create-launch-template --launch-template-name <name> --launch-template-data file://template.json
$ aws ec2 describe-launch-template-versions --launch-template-id <templateid> --versions <version>
$ aws ec2 create-launch-template-version \
--launch-template-id <templateid> \
--source-version <version> \
--version-description "<description>" \
--launch-template-data '{ "Monitoring": { "Enabled": true } }'
$ aws ec2 modify-launch-template --launch-template-id <templateid> --default-version <version>
$ aws ec2 delete-launch-template-versions --launch-template-id <templateid> --versions <version>
$ aws ec2 delete-launch-template --launch-template-id <templateid>
instance
$ aws ec2 describe-instances --filters "Name=tag:Name,Values=test"
$ cat userdata.sh
sudo apt update
sudo apt install nginx
$ aws ec2 run-instances \
--security-group-ids <securitygroup> \
--subnet-id <subnet> \
--associate-public-ip-address \
--tag-specifications '{"ResourceType":"instance","Tags":[{"Key":"Name","Value":"test"}]}' \
--launch-template LaunchTemplateName=<templatename> \
--user-data file://userdata.sh
#--image-id <ami>
#--instance-type t3.nano
#--credit-specification standard
#--key-name <keyname>
#--instance-initiated-shutdown-behavior terminate
$ aws ec2 describe-instances --filters "Name=tag:Name,Values=test" --query 'Reservations[].Instances[].{InstanceId:InstanceId,State:State}'
$ aws ec2 stop-instances --instance-ids <instance>
$ aws ec2 start-instances --instance-ids <instance>
$ aws ec2 terminate-instances --instance-ids <instance>
instance meta data
curl http://169.254.169.254/latest/meta-data/instance-id
curl http://169.254.169.254/latest/user-data