Awesome AWS CLI tools
When working with Amazon Web Services (AWS), from time to time you’ll bump into certain limitations or have thoughts like, “wouldn’t it be nice if it was somehow possible to…?“ This is often where community based or Open Source CLI tools come in handy.
Some of the tools I’ve used extensively in my time using AWS include:
- Accessing and jumping between multiple different AWS accounts and organizations using Granted (https://granted.dev/) or AWSume (https://awsu.me/)
- Linting CloudFormation templates in your IDE using cfn-lint (https://github.com/aws-cloudformation/cfn-lint) before uploading them and figuring out there is a syntax error
- Visually overview of which ‘folders’ in S3 take up space using Dir Sizer (https://github.com/seligman/dir_sizer)
- Cleaning up AWS accounts ‘real good’ with aws-nuke (https://github.com/rebuy-de/aws-nuke)
I’m sure my jet-lagged post-re:Invent Vegas mind is forgetting some obvious ones 🙂
Today (Friday December 2nd 2022) I attended my final session called “BOA202 – Take these open-source tools on your AWS adventure“ (https://www.youtube.com/watch?v=bEg-mIFZEmc) which was my favorite session of the 12 I managed to attend during the 5-day conference.
From this session I wanted to share some nuggets and tools from that talk that I either didn’t know of or only knew a little about.
The ‘about session’ notes for BOA202 read:
“You’ve set out on a grand adventure to learn, build and expand on AWS. Like any good adventure, it has its challenges. Time to gear up! Grab your best tools and gear to help you on your way. In this session, have a look at open-source tools that can help make your AWS adventure easier. See something for security and permissions, something for cost management, and a few more things for building in the cloud—tools like Infracost, IAMLive, and more.”
The talk was explained through a journey in Minecraft, which was a nice change compared to the other sessions love for slideshows. Kudos to Darko and Curtis for changing up things for a change!
Tools highlighted in the session:
- Infracost (https://www.infracost.io/docs) does cloud cost estimates for Terraform. When performing Pull Requests the tool will add estimate AWS pricing for resources being introduced using the AWS Price List API (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html)
This can help you navigate cost and even compare resource prices before provisioning. One neat option is to include usage estimations and have that factor in to the estimates!
- iamlive (https://github.com/iann0036/iamlive) helps you gain insight as to which IAM permissions are required for certain actions and can assist you in getting to that elusive state of Principle of Least Privilege (POLP). This ‘go‘ based tool will intercept AWS CLI commands and output out an IAM policy template ready to be used (json).
Running the following three commands:
aws s3 ls aws s3 cp myfile.txt s3://mybucket/ aws ec2 describe-instance-type-offerings Results in iamlive outputting: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:PutObject", "ec2:DescribeInstanceTypeOfferings" ], "Resource": "*" } ] }
- Access Undenied on AWS (https://github.com/ermetic/access-undenied-aws) can analyse CloudTrail (denied) events and help you figure out which allow policy is not in place. The tool also works with SCPs which are always hard to troubleshoot!
- LocalStack (https://localstack.cloud/) allows you to emulates AWS resources running locally. Optimally LocalStack can be used for testing and running emulated resources without incurring cost. You basically point the AWS CLI to a local endpoint to overwrite the default (internet-based) API endpoints, then it’s just a matter of creating resources in your ‘own’ emulated AWS cloud running locally. You finally don’t need to think about cost and feeling bad for forgetting to shut down resources over weekends and holidays.
- AWS Lambda Powertools (https://aws.amazon.com/blogs/opensource/simplifying-serverless-best-practices-with-lambda-powertools/) Improve your development speed and get a lot of small helper tools to increase the robustness of your Lambda functions. I remember spending time looking at AWS Lambda Powertools for Python at some time during 2022 working with logging and getting some great features out of the box that otherwise would have required a lot more code to be written. The tool is available for Python, Java, .NET and TypeScript via this link. (https://github.com/orgs/awslabs/repositories?q=aws-lambda-powertools&type=all&language=&sort=)
- Former2 (https://former2.com/) Export your already running AWS architecture into CloudFormation templates or Terraform files. The process involves installing a browser extension first.
- awsls (https://github.com/jckuester/awsls) can list resources in multiple CLI profiles and multiple accounts / regions. The simplistic no-nonsense output of the tool reminds me of running ‘docker’ or ‘docker-compose’ CLI commands. awsls was even plugged by Jeff Barr. (https://twitter.com/jeffbarr/status/1298301658204483584)
- Cloudman (https://github.com/dutchcoders/cloudman) allows EC2 insights and management from the CLI. I get some serious Norton Commander (https://en.wikipedia.org/wiki/Norton_Commander) vibes just by looking at the tool. The tool can also be used to easily troubleshoot startup logs and look at assigned key-pairs, CPU architecture as well as start an SSM session.
Speaking of AWS and Open Source; earlier this year I stumpled upon this nugget of a newsletter called AWS open source news and updates (https://blog.beachgeek.co.uk/) which you for unknown reasons cannot subscribe to via e-mail, only good ol’ RSS?! It goes into details with news and software releases relating to AWS and Open Source, I highly recommend it!. It’s actually based on Markdown files in this repository (https://github.com/094459/blog) and uses Hugo (https://gohugo.io/about/what-is-hugo/) which is pretty cool IMO.
As always AWS pretty much has a blog for each topic / tech section that exists on their huge platform and of course they have one for all things Open Source. (https://aws.amazon.com/blogs/opensource/).
If you got this far, thanks for reading…
Vil du modtage relevante nyheder og blogs i din indbakke? Så tilmeld dig her: