Awesome AWS CLI

Disclaimer: the cover image was generated by Amazon Bedrock's Titan Image Generator G1.

AWS CLI is a swiss knife for orchestrating the operations of AWS resources. Especially, the filter option could help your filter and transform the output then combine with other Linux commands together.

This post collects the CLI usages to resolve my AWS operation needs.

Delete the legacy versions of a service catalog product

AWS Service Catalog has default 100 versions per product. Below is a one line command to delete the legacy versions.

1export PRODUCT_ID=<product-id>
3# query the version name starting with 'v5.0.0' then show Id and Name only
4aws servicecatalog describe-product --no-paginate --id $PRODUCT_ID --query 'ProvisioningArtifacts[?starts_with(Name, `v5.0.0`)].{Id:Id, Name:Name}'
6# query the version name contains 'v5.0.0-beta' then delete them
7aws servicecatalog describe-product --no-paginate --id $PRODUCT_ID --query 'ProvisioningArtifacts[?contains(Name, `v5.0.0-beta`)].Id'  |jq -r '.[]' | xargs -I {} aws servicecatalog delete-provisioning-artifact --product-id $PRODUCT_ID --provisioning-artifact-id {}

Public all S3 objects with specific prefix

1aws s3 ls s3://$name/$prefix --recursive | awk '{print $4}' | xargs -I {} -n 1 aws s3api put-object-acl --acl public-read --bucket $name --key {}

Reset resource policy of CloudWatch logs

You might encounter a CloudFormation stack deployment failure due to creating CloudWatch log group with an error message like the one below,

Cannot enable logging. Policy document length breaking Cloudwatch Logs Constraints, either < 1 or > 5120 (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException; Request ID: xxx-yyy-zzz; Proxy: null)

CloudWatch Logs resource policies are limited to 5120 characters. The remediation is merging or removing useless policies, then updating the resource policies of CloudWatch logs to reduce the number of policies.

Below is a sample command to reset resource policy of CloudWatch logs:

Push Helm chart to all regional ECR repositories

Import a local SSH key to all AWS regions

Query latest amazon linux2 AMI

Delete multiple CloudWatch Log groups

Launch an EC2 within default VPC with default security group

Add below script in your .zshrc, then run ec2-launch-amazon-linux in terminal to launch a new instance.

Amazon CodeWhisperer for command line is a new set of capabilities and integrations for AI-powered productivity tool, Amazon CodeWhisperer, that makes software developers more productive in the command line. It can also assist you generating the CLI command based on your natural language inputs.