- 設定的優先權由高到低
- define client / resource
- env
- aws configuration
- role
- 可以多看看 --query 的用法
- 可以試試 filter 的用法
- 可用 json 的方式,也可以 key value 的方式
- 可以用 tag 來 filter
- 在大多數會需要等待的 resource,都有提供 wait 的動作
$ aws ec2 wait xxx
- query ec2 instance sample
$ aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId'
- query by tags
$ aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`].Value | [0], IamInstanceProfile.Arn]'
- store to shell variable
$ appROLEARN=$(aws ec2 describe-instances --filter "Name=tag:Name,Values=MadLib Web*" --query 'Reservations[0].Instances[0].IamInstanceProfile.Arn' --output text)
- AWS CodeDeploy sample cli
$ aws deploy list-applications
$ aws deploy list-deployments
-
有用到的 api doc
-
git-secret
-
Service Catalog
- store CloudFormation template
- Assume Role
- ABAC
- 可以想想 Tag 的設計
- AWS Tagging Strategies
- AWS Tagging Best Practices – The Ultimate Guide
- What Are Best Practices for Tagging AWS Resources?
- CreationPolicy Attribute
- 常運用在 EC2 provision 時,當 EC2 再跑 user data 時,會需要時間
- Custom Resources
- 可以呼叫 lambda 程式
- Walkthrough: Looking Up Amazon Machine Image IDs
- Updating Stacks
- Exporting Stack Output Values
- Fn::ImportValue
- Fn::Sub
- Helper Scripts Reference
- AWS CloudFormation Stack Updates
- create stack sample
$ aws cloudformation create-stack --stack-name DB-tier --template-body file://DB_Tier.yaml
- AWS Config
- 紀錄 AWS resource config 的變更歷程
- AWS Config
- awslabs/aws-config-rules
- 方便建立 CloudFormation 的工具
- aws/aws-cdk The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code https://aws.amazon.com/cdk
- AWS CDK Intro Workshop
-
跟 security 有關, 建議要開的
- Cloud Trail
- Config
-
存放 secure 的地方
- AWS Secrets Manger
- 放置 password
- Parameter Store
- 放 MySQL endpoint
- AWS Secrets Manger
- AppSpec
- Wiremock
- chaosmonkey
- 寫 client pem 的方式
sudo mkdir /etc/chef
echo $ow_privkey | sudo tee /etc/chef/client.pem
sudo chmod 644 /etc/chef/client.pem
- Documents
- 可用這個來修復 ssh server
- 開始有支援 image life-cycle 功能
- 進行 ECR login command
$ aws ecr get-login --no-include-email | /bin/bash
# Get a local Shell of container
docker run -i -t --entrypoint /bin/bash imageID
# Create image using this directory's Dockerfile
docker build -t friendlyname .
# Run "friendlyname" mapping port 4000 to 80
docker run -p 4000:80 friendlyname
# Same thing, but in detached mode
docker run -d -p 4000:80 friendlyname
# See a list of all running containers
docker ps
# Gracefully stop the specified container
docker stop <hash>
# See a list of all containers, even the ones not running
docker ps -a
# Force shutdown of the specified container
docker kill <hash>
# Remove the specified container from this machine
docker rm <hash>
# Remove all containers from this machine
docker rm $(docker ps -a -q)
# Show all images on this machine
docker images -a
# Remove the specified image from this machine
docker rmi <imagename>
# Remove all images from this machine
docker rmi $(docker images -q)
# Log in this CLI session using your Docker credentials
docker login
# Tag <image> for upload to registry
docker tag <image> username/repository:tag
# Upload tagged image to registry
docker push username/repository:tag
# Run image from a registry
docker run username/repository:tag
- EC2 Instance Connect
- DevOps Engineering on AWS
- using myself email account
- 可由此查看結訓證書