I writing a AWS CLI delete script as below to delete service managed accounts
$opsResponse = aws cloudformation --region $region.RegionName delete-stack-instances --call-as DELEGATED_ADMIN --stack-set-name $stackDetails.StackSetName --accounts $accountIds --regions $multiDeleteRegions --no-retain-stacks --operation-preferences MaxConcurrentCount=1 | ConvertFrom-Json
Error I am getting
An error occurred (ValidationError) when calling the DeleteStackInstances operation: StackSets with SERVICE_MANAGED permission model can only have OrganizationalUnit as target
I tried adding --organizational-unit-id $ouId but that did not work.
Any idea how to delete service managed accounts via cli?
Found an answer - https://docs.aws.amazon.com/cli/latest/reference/cloudformation/delete-stack-instances.html
Used --deployment-targets
$opsResponse = aws cloudformation --region $region.RegionName delete-stack-instances --call-as DELEGATED_ADMIN --stack-set-name $stackDetails.StackSetName --deployment-targets Accounts=$accountIds,OrganizationalUnitIds=$ouId,AccountFilterType=UNION --regions $multiDeleteRegions --no-retain-stacks --operation-preferences MaxConcurrentCount=1 | ConvertFrom-Json
We traditionally stored our env vars in Environment->Configuration->Software in Elastic Beanstalk console and access it in our NodeJS app by typing process.env.VariableName. There's a hard limit for the number of vars stored there, so we moved our variables to AWS Parameter Store.
I have a .ebextention script that downloads the parameters from the parameter store and saves them to a file in /home/ec2-user directory named .env.local, but I can't reference them in the app with process.env.
.ebextention script:
commands:
01_command2:
command: aws ssm get-parameters-by-path --path /latest/ --recursive --with-decryption --output text --query "Parameters[].[Name,Value]" --region us-west-2 | sed -E 's#latest/([^[:space:]]*)[[:space:]]*#export \1=#' > /home/ec2-user/.env.local
How can I access these vars in NodeJS without modifying the way that we correctly use env vars (process.env.VarName)?
I wanted to list images from ECR registry, but getting some error. Can someone provide the solution?
aws ecr list-images --repository-name <Repository_Name>
Got error below
An error occurred (RepositoryNotFoundException) when calling the
ListImages operation: The repository with name '<Repository_Name>' does
not exist in the registry with id 'ID_Name'
Note: I want to list all the images from repository, but I don't want to list the images using filter.
From the error, it seems you insert invalid repository name or you are looking in wrong region
aws ecr list-images --repository-name VALID_REPO_NAME --region us-west-2
OR you can get all images from all repository using this script.
#!/bin/sh
REPO_LIST=$(aws ecr describe-repositories --query "repositories[].repositoryName" --output text --region us-west-2);
for repo in $REPO_LIST; do
echo "list image for $repo"
aws ecr list-images --repository-name $repo --region us-west-2
done
aws-cli-cheatsheet
I am deploying a Node.js app to EC2 using CodeDeploy. I am storing credentials within AWS Systems Manager, Parameter Store however cannot find a method to expose these to my application.
I am using PM2 for process management. I can successfully retrieve the parameter from the Parameter Store on the target machine, so there are no permission issues. For example:
aws ssm get-parameters --region us-east-1 --names LOCAL_CACHE_PATH --with-decryption --query Parameters[0].Value`
...successfully returns the correct string. I attempt to use this in my applicationStart.sh CodeDeploy file and start the app:
#!/bin/bash
export LOCAL_CACHE_PATH=$(aws ssm get-parameters --region us-east-1 --names LOCAL_CACHE_PATH --with-decryption --query Parameters[0].Value)
pm2 start ecosystem.config.js --env production
LOCAL_CACHE_PATH returns undefined in my app when accessing process.env.LOCAL_CACHE_PATH.
So the environment variable is available within the applicationStart.sh script and yet undefined when the app starts from that script.
I am looking for a recommended approach to use environment variables from the Parameter Store with CodeDeploy.
I have read literally dozens of posts on similar topics but cannot resolve it. Very much appreciate any guidance.
The solution I am using is to write the environment variables to a .env file and use that in my app:
afterInstall.sh:
echo LOCAL_CACHE_PATH=$(aws ssm get-parameters --output text --region us-east-1 --names LOCAL_CACHE_PATH --with-decryption --query Parameters[0].Value) >> /home/ubuntu/foo/.env
Does anyone have an example of how to create a dns entry, for a lightsail hosted domain, using the aws cli?
I haven't been able to find an example of the format for the --domain-entry parameter of the create-domain-entry sub-command.
I made use of Mike's syntax to create a TXT record for DMARC. (Thank you Mike!)
I'd been trying to create it in the UI. I kept getting this error: Input error: Target should be enclosed in quotation marks: ""v=DMARC1; p=none; rua="mailto:dmarc#YOURDOMAINNAME.com"".
After trying several times with different recommended quote configurations, I bailed on the UI, and used Mike's syntax in a bash script. In my case, I also removed the extra quotes I had around the email address inside the rua portion. This may have been the source of my errors in the UI.
Here's what successfully created the DMARC record for me:
#!/usr/bin/bash
aws lightsail --region us-east-1 \
create-domain-entry \
--domain-name 'YOURDOMAINNAME.com' \
--domain-entry '{"name":"_dmarc.YOURDOMAINNAME.com","target":"\"v=DMARC1; p=none; rua=mailto:dmarcreports#YOURDOMAINNAME.com\"","isAlias":false,"type":"TXT"}'
Of course, replace YOURDOMAINNAME with your domain name, and the mailto name with the email at which you want to receive DMarc reports.
The command below will create an A record using the CLI
aws lightsail create-domain-entry \
--domain-name mikegcoleman.com \
--region us-east-1 --domain-entry \
name=blog.mikegcoleman.com,target=52.40.235.176,isAlias=false,type=A
Note that you need to specify the region as all domain actions with the Lightsail CLI need to be performed against us-east-1
For a TXT record the following should work. I think there is some funkiness with the CLI that it doesn't like the inline domain entry, and needs the JSON to do the TXT record, so it's formatted difrerently from above:
aws lightsail --region us-east-1 \
create-domain-entry \
--domain-name 'mikegcoleman.com' \
--domain-entry '{"name":"test.mikegcoleman.com","target":"\"response\"","isAlias":false,"type":"TXT"}'
Yes!
The answer from #binarybelle to create a BASH script and add the command as the JSON version worked for me too in order to add a TXT entry for DKIM.
The extra trick with a long DKIM entry is to split the text key into 2 parts, so lots of escaping the extra double-quotes :-)
#!/bin/bash
/usr/local/bin/aws lightsail --region us-east-1 \
create-domain-entry --domain-name 'mydomain.co.uk' \
--domain-entry '{"name":"default._domainkey.mydomain.co.uk","target":"\"v=DKIM1; h=sha256; k=rsa; \" \"p=MIIBIjxxxxxxxxxxxiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurVgfLc8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9cRHBTEOIR4lmIgatpit\" \"t+v7oQzngmfKpBNoTeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQIDAQAB\"","isAlias":false,"type":"TXT"}'