LoganDing/bigriver-tools

Some scripts for dealing with AWS

bigriver-tools

bigriver tools is a collection of helper scripts for dealing with AWS. We all end up writing them, then re-writing them at the next job because they were in a corporate repo instead of open source. I hate rewriting things if I can avoid it, so here's a place to park your AWS helper scripts.

It's packaged as a ZSH plugin to make it easier to use with plugin managers. If you aren't using a ZSH plugin manager like zgen or oh-my-zsh, or you prefer a shell other than ZSH, install this script collection by cloning this repo and adding the bin directory to your $PATH.

Table of Contents

• Included Scripts
• Usage
• Other Resources
  • Scripts
  • References

Included Scripts

Script	Description	Credit
br-asg-members	Print the public and/or private DNS names for members of a given autoscaling group	jpb@unixorn.net
br-check-for-open-s3-buckets	Check your S3 buckets for open permissions	Gabe Abinante
br-ec2-instance-dns-name	Print the public IP for a given instance ID	jpb@unixorn.net
br-ec2-instance-state	Print the state (running, stopped, etc) for a given instance ID	jpb@unixorn.net
br-who-are-you	Shows which IAM user matches a given ACCESS_KEY_ID	Joe Gardner

Usage

Inspired by how git runs helper tools, bigriver-tools includes a driver script br, which will run scripts with names starting with br- so you can do br who-are-you --access-key-id XYZ and it will run br-who-are-you and pass the arguments to it.

Other Resources

Scripts

• apex-shell - Interactive shell for executing commands in AWS Lambda containers.
• autospotting - Pay up to 10 times less on EC2 by automatically replacing AutoScaling nodes with spot instances.
• awless - awless is a fast, powerful and easy-to-use command line interface (CLI) to manage Amazon Web Services.
• aws-assume-role - Make it easier to use the aws sts assume-role command.
• aws-centralized-logging - This solution provides an administrator a 360-degree logging view of an AWS account, including both application and infrastructure, as well as AWS-native logs.
• aws-iam-policy-tool - A cli tool to manage AWS IAM roles and their policies.
• aws-keychain - macOS-only - allows you to store your IAM keypair in the OS X keychain so it never ends up stored on disk unencrypted.
• aws-maintenance-lambda - A lambda function to send alerts (to Slack, HipChat) on AWS maintenance events.
• aws-missing-tools - A suite of tools that extends Amazon's provided command line tools.
• aws-pricing-tools - A lambda that calculates your hourly spend in EC2 and writes it to CloudWatch metrics.
• aws-runas - Run commands with a AWS IAM role.
• aws-saws - A supercharged AWS command line interface (CLI).
• aws-security-viz - Visualize your current AWS/Amazon ec2 security group ingress configuration. Requires graphviz.
• aws-shell - An integrated shell for working with the AWS CLI.
• aws-vault - A vault for securely storing and accessing AWS credentials in development environments. There's a ZSH plugin available for it as well, zsh-aws-vault, and Fernando Miguel wrote a aws-vault quick guide to setting up and using it.
• awscli-aliases - Add a bunch of convenience aliases for the AWS cli
• awslogs - AWS CloudWatch logs for Humans™.
• awsp - Tool for easily switching between AWS profiles
• awsudo - A sudo-like utility to manage AWS credentials.
• chamber - Chamber is a tool for managing secrets stored in SSM Parameter Store.
• cli53 - Command line tool for Amazon's Route 53.
• cloud-custodian - Cloud Custodian can be used to manage AWS accounts by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
• cw - Tail AWS Cloudwatch Logs so you can grep them.
• delete-bucket - CLI tool for deleting versioned AWS S3 Buckets.
• ebs-snapshooter - Python tool to snapshot all your aws-ebs volumes.
• ec2-find - CLI tool to find AWS EC2 instances by tag values and show concise output that is both human-readable and scripting-friendly. The command syntax and output is greatly simplified compared to using aws ec2 describe-instances.
• ec2-fzf - Quickly get the address details of ec2 instances.
• ec2-ssh - ssh into instances by tag instead of looking up the instance ID and then copying the IP address
• ec2instancespricing - Quick and dirty Python (and also PHP) API and CLI (PHP is without CLI) to get EC2 instance pricing for On-Demand and Reserved Instances.
• ec2ssh - ZSH plugin to list EC2 instances and ssh login into them more easily.
• ec2zone.jq - Generate DNS zones from ec2 api output using jq
• goofys - Allows you to mount an S3 bucket as a filey system. It's a Filey System instead of a File System because goofys strives for performance first and POSIX second. Particularly things that are difficult to support on S3 or would translate into more than one round-trip would either fail (random writes) or faked (no per-file permission). Goofys does not have a on disk data cache (checkout catfs), and consistency model is close-to-open.
• joehack3r/aws - Joe Gardner's AWS tool scripts
• lambdash - Run shell commands inside the AWS Lambda environment.
• let-me-in - Add your IP to an AWS security group so you can ssh to instances.
• miam - Miam is a tool to manage IAM using a DSL instead of JSON.
• s3nukem - A single-file Ruby script to delete Amazon S3 an bucket with many objects (millions) quickly by using multiple threads to retrieve and delete the individual objects.
• s3tk - A security toolkit for S3
• s5cmd - A parallel S3 and local filesystem execution tool.
• Scout2 - Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.
• sevenseconds - A command line utility for configuring AWS accounts.
• sgviz - Generate a visualization of your security groups in graphviz format.
• terraforming - Export existing AWS resources to terraform.
• trufflehog - Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy like passwords or AWS keys.
• vancluever/aws-runas - Run commands or shell under an AWS IAM role.

References

• A Comprehensive Guide to Authenticating to AWS on the Command Line details exactly that.
• AWS Open Guide - Open source guide to Amazon Web Services. Written by and for engineers using AWS services.
• ec2instances.info/ - Easy comparison of the various EC2 instance types. Source code is on github at powdahound/ec2instances.info.
• Last Week in AWS - Archive of Corey Quinn's Last Week in AWS newsletter.