~
📡
RSS feed
~
✉
torstein.k.johansen @ gmail
~
🐘
@skybert@hachyderm.io
~
🎥
youtube.com/@skybert
To check if you're logged in, you can call this command which lists information about your AWS user session, or an error if you're not logged in:
$ aws sts get-caller-identity
Tail Cloudwatch logs, starting from 2 hours ago and keep reading
them, pretty print these JSON log entries, but only the ones that have
level error:
$ aws \
--profile foo-prod \
logs \
tail \
--follow \
--since 2h \
--filter-pattern '{ $.level = "error" }' |
srv-bar-api \
cut -d' ' -f3- |
jq
The filter works since the JSON log entry blobs have:
{
"level": "error",
}
This is how you see the roles your user has in the different accounts
you can access. First, you need to get a hold of your access token and
put it in the t variable:
$ t=$(jq -r .accessToken < ~/.aws/sso/cache/*.json | grep -v null | head -n1)
Be sure you're logged in:
$ aws sso login
Then, list all account your user has acces to, and for each of these, list the roles that are assigned to your user:
$ aws sso list-accounts --access-token $t |
jq -r '.accountList[] | .accountId + " " + .accountName' |
while read -r l; do
read id name <<< $l;
echo $id $name
aws sso list-account-roles --account-id $id --access-token $t;
done
Useful for scripts and programs that don't read ~/.aws/sso/cache
AWS_PROFILE=foo-prod aws configure export-credentials --format env
export AWS_ACCESS_KEY_ID=ASDFAESAFQW
export AWS_SECRET_ACCESS_KEY=aasdfaDFSASDFasdfasdfsdf
export AWS_SESSION_TOKEN=..
You can then pipe it to | sh to set it in the shell.
~
📡
RSS feed
~
✉
torstein.k.johansen @ gmail
~
🐘
@skybert@hachyderm.io
~
🎥
youtube.com/@skybert