Awesome AWS CLI tools

Blog fra AWS re:Invent 2022

Awesome AWS CLI tools 

When working with Amazon Web Services (AWS), from time to time you’ll bump into certain limitations or have thoughts like, “wouldn’t it be nice if it was somehow possible to?  This is often where community based or Open Source CLI tools come in handy.

Some of the tools I’ve used extensively in my time using AWS include: 


I’m sure my jet-lagged post-re:Invent Vegas mind is forgetting some obvious ones 🙂

Today (Friday December 2nd 2022) I attended my final session called “BOA202 – Take these open-source tools on your AWS adventure (https://www.youtube.com/watch?v=bEg-mIFZEmc) which was my favorite session of the 12 I managed to attend during the 5-day conference.

From this session I wanted to share some nuggets and tools from that talk that I either didn’t know of or only knew a little about.

The ‘about session’ notes for BOA202 read:

“You’ve set out on a grand adventure to learn, build and expand on AWS. Like any good adventure, it has its challenges. Time to gear up! Grab your best tools and gear to help you on your way. In this session, have a look at open-source tools that can help make your AWS adventure easier. See something for security and permissions, something for cost management, and a few more things for building in the cloud—tools like Infracost, IAMLive, and more.”

The talk was explained through a journey in Minecraft, which was a nice change compared to the other sessions love for slideshows. Kudos to Darko and Curtis for changing up things for a change!

Awesome AWS CLI tools Awesome AWS CLI tools

Tools highlighted in the session: 

Awesome AWS CLI tools

  • iamlive (https://github.com/iann0036/iamlive) helps you gain insight as to which IAM permissions are required for certain actions and can assist you in getting to that elusive state of Principle of Least Privilege (POLP). This gobased tool will intercept AWS CLI commands and output out an IAM policy template ready to be used (json).

Running the following three commands:  

aws s3 ls 
aws s3 cp myfile.txt s3://mybucket/ 
aws ec2 describe-instance-type-offerings 

Results in iamlive outputting: 
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "s3:ListAllMyBuckets", 
                "s3:PutObject", 
                "ec2:DescribeInstanceTypeOfferings" 
            ], 
            "Resource": "*" 
        } 
    ] 
} 

 

  • Access Undenied on AWS (https://github.com/ermetic/access-undenied-aws) can analyse CloudTrail (denied) events and help you figure out which allow policy is not in place. The tool also works with SCPs which are always hard to troubleshoot!
  • LocalStack (https://localstack.cloud/) allows you to emulates AWS resources running locally. Optimally LocalStack can be used for testing and running emulated resources without incurring cost. You basically point the AWS CLI to a local endpoint to overwrite the default (internet-based) API endpoints, then it’s just a matter of creating resources in your ‘own’ emulated AWS cloud running locally. You finally don’t need to think about cost and feeling bad for forgetting to shut down resources over weekends and holidays.
  • AWS Lambda Powertools (https://aws.amazon.com/blogs/opensource/simplifying-serverless-best-practices-with-lambda-powertools/) Improve your development speed and get a lot of small helper tools to increase the robustness of your Lambda functions. I remember spending time looking at AWS Lambda Powertools for Python at some time during 2022 working with logging and getting some great features out of the box that otherwise would have required a lot more code to be written. The tool is available for Python, Java, .NET and TypeScript via this link. (https://github.com/orgs/awslabs/repositories?q=aws-lambda-powertools&type=all&language=&sort=)
  • Former2 (https://former2.com/) Export your already running AWS architecture into CloudFormation templates or Terraform files. The process involves installing a browser extension first. 

Awesome AWS CLI tools

Awesome AWS CLI tools

Speaking of AWS and Open Source; earlier this year I stumpled upon this nugget of a newsletter called AWS open source news and updates (https://blog.beachgeek.co.uk/) which you for unknown reasons cannot subscribe to via e-mail, only good ol’ RSS?! It goes into details with news and software releases relating to AWS and Open Source, I highly recommend it!. It’s actually based on Markdown files in this repository (https://github.com/094459/blog) and uses Hugo (https://gohugo.io/about/what-is-hugo/) which is pretty cool IMO.

As always AWS pretty much has a blog for each topic / tech section that exists on their huge platform and of course they have one for all things Open Source. (https://aws.amazon.com/blogs/opensource/).

If you got this far, thanks for reading…

Awesome AWS CLI tools

 

Vil du modtage relevante nyheder og blogs i din indbakke? Så tilmeld dig her:

Tilmeld nyhedsbrev