Tag Archives: CLI

My AWS CLI notebook

Some examples for AWS


Get a list of EC2 instances where we use a filter to query (tag with value PROD), only want the output of instanceId, PublicDnsName and the Name and present it in a table:

aws ec2 describe-instances --filters Name=tag-value,Values=PROD --query "Reservations[*].Instances[*].{Instance:InstanceId,PublicDnsName:PublicDnsName,Name:Tags[?Key=='Name']|[0].Value}" --output table

Delete all unused security groups (github source here):

#!/usr/bin/env bash

# lists all unused AWS security groups.
# a group is considered unused if it's not attached to any network interface.
# requires aws-cli and jq.

# all groups
aws ec2 describe-security-groups \
  | jq --raw-output '.SecurityGroups[] | [.GroupName, .GroupId] | @tsv' \
  | sort > /tmp/sg.all

# groups in use
aws ec2 describe-network-interfaces \
  | jq --raw-output '.NetworkInterfaces[].Groups[] | [.GroupName, .GroupId] | @tsv' \
  | sort \
  | uniq > /tmp/

diff /tmp/sg.all /tmp/ |grep "<" |cut -d ' ' -f2-3

Cert Manager
Get the public certificate:

aws acm get-certificate --certificate-arn arn:aws:acm:eu-central-1:XXXX:certificate/YYYYYYY &gt; output.json


Create a user and skip the force password change flow

aws cognito-idp admin-set-user-password --user-pool-id XXXXX --username YYYYY --password ZZZZZ --permanent
Leave a comment

Posted by on 09-10-2019 in AWS


Tags: ,

Using the Oracle Public Cloud Command Line Interface (CLI)

The Oracle Public Cloud Command-Line Interface is a utility to enable management of your cloud environment from the command line. The current release (1.1.0) only supports the Compute service, but Oracle states that additional service support coming in future releases

I like command line interfaces and being familiar with Oracle’s cloud competitors implementation I was curious. So I downloaded the CLI tool here and since I had already python installed on my OS X the startup time as a newcomer is relatively short.

The initial setup

We need 3 variables to connect to the Oracle Cloud:

  • The REST API endpoint
  • domain/username
  • password

You can get the REST endpoint by logging in to the Oracle Cloud and check the service details under Oracle Compute Cloud Service.

So we get the REST Endpoint here for our OPC_API and the OPC_USER is a combination of prefix “/Compute-“, your domain and your Cloud username. So run the next 2 commands in your shell (and use your own version off course):

export OPC_API=""
export OPC_USER=/Compute-gse00000001/cloud.admin

We need to paste the password in a textfile, because the oracle-compute CLI otherwise will tell us:
ValidationError: Secure argument “password” can only be read from a file or terminal, but the argument “xxxxx” is not a regular file

So create a pwd.txt, store the password there and

chmod 600 /full/path/to/password/file


Next step is getting authenticated against the Oracle Compute Cloud.

oracle-compute auth /Compute-gse00000001/cloud.admin pwd.txt

This command returns an authentication token and sets the OPC_COOKIE environment variable. The token expires after 30 minutes. As the CLI tool handles authentication by managing the cookies file, you don’t need to run the export command yourself.

The authentication token expires 30 minutes from the time you run the auth command. The refresh_token command extends the expiry of the current authentication token with another 30 minutes, but not beyond the session expiry time, which is 3 hours.

oracle-compute refresh_token

You can now use all the CLI commands like list, delete, add, create, discover, get and more. At least for 30 minutes :)



Posted by on 25-04-2017 in Uncategorized


Tags: , , ,