Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [aws-cli]

aws-cli is the Amazon Web Services Command Line Interface

aws-cli is an open source project that provides a command line interface to the Amazon Web Services APIs.

The project is hosted on GitHub: https://github.com/aws/aws-cli

380 questions
7
votes
1 answer

Access Denied when syncing between s3 buckets on different AWS accounts

I'm trying to setup sync between two buckets on different AWS accounts. I got cp working with: @ubuntu:~$ s3cmd cp -v s3://src/dir/ s3://dest/folder --recursive I am the user who owns /src/dir and I've added: { "Version": "2012-10-17", "Id":…
OrigamiEye
  • 182
  • 1
  • 1
  • 8
7
votes
5 answers

Do AWS Servers need fail2ban?

I saw that while I was creating my AWS instance I opted for only my IP address being able to access my server. Also There is a RSA key that is configured for you. In this case do I really need fail2ban installed on the server?
user267020
7
votes
1 answer

How to set up IAM Role Permissions for VPC CloudWatch logs?

I am trying to allow aws to start my log service, and I have my log streams, and log groups added already. When i got to my VPC dashboard, the status of the Flow Log I'm interested in says: Access Error. The IAM role for your flow logs does not…
makansij
  • 265
  • 1
  • 5
  • 12
7
votes
2 answers

aws-cli describe-instances, find by date range

Using the aws-cli client (https://github.com/aws/aws-cli), is there a way to find instances using a date range filter? Or using an "earlier than X date" or "last X days" filter? It seems that the only date-related filter is to specify an exact date,…
JDS
  • 2,598
  • 4
  • 30
  • 49
7
votes
2 answers

Is there a way to retrieve all contents from a versioned Amazon S3 bucket as of a particular datetime

Is it possible via the AWS CLI or via some third-party tool to easily download all contents of a versioned bucket as it was on a particular datetime? I.E. I would like to retrieve the version of each object in the bucket which would have been…
Nada_Surf
  • 193
  • 2
  • 7
7
votes
4 answers

What is the proper way to log in to ECR?

Currently, I have this command in my bash script for building & pushing an image to Amazon ECR docker login -u AWS -p "$(aws ecr get-login-password)" "https://$(aws sts get-caller-identity --query 'Account' --output…
Moak
  • 734
  • 3
  • 10
  • 31
6
votes
1 answer

Does AWS cli do a data integrity check on sync with s3?

I've been looking into using AWS cli for data integrity checks to verify a backup has been transferred from a Linux file server correctly to AWS s3. Likewise, I would like to verify when restoring a file from backup to the Linux file server it also…
Edward_178118
  • 955
  • 4
  • 15
  • 33
6
votes
3 answers

Why is terraform erring with 'SignatureDoesNotMatch: Signature expired'?

I started getting the following when running terraform commands: $ terraform refresh Error refreshing state: 1 error(s) occurred: * SignatureDoesNotMatch: Signature expired: 20170226T035111Z is now earlier than 20170227T013047Z (20170227T014547Z -…
AXE Labs
  • 1,549
  • 5
  • 19
  • 24
6
votes
1 answer

start-instances working from console but not from AWS CLI

My team and I have recently experienced an odd issue regarding the AWS CLI. We are trying to use the CLI to start and stop several EC2 instances. While testing commands on single instances we have noticed that it is possible to 'stop-instances'…
Amandil
  • 361
  • 1
  • 2
  • 7
6
votes
1 answer

Access Denied when calling the CreateInvalidation operation on AWS CLI

I am attempting to create a command that will invalidate CloudFront distribution when pushing out new code. This is an attempt to fix the issue that new HTML pushed out doesn't take up to 24 hours to appear on my web app. The idea comes from this…
tracyak13
  • 61
  • 1
  • 3
6
votes
2 answers

python boto3 allow ingress security groups

I am developing a simple python script to add rules to securitygroups, and I am wondering what is the difference between the two methods available within boto3: authorize_security_group_ingress(**kwargs) and authorize_ingress(**kwargs)? The…
Tom
  • 616
  • 8
  • 13
6
votes
2 answers

Where to get proper `region name` and `output format` for AWS configuration?

I'm trying to get log events via my aws server. I log into the server as usual, and then I enter the following command: sudo aws logs get-log-events --log-group-name --log-stream-name I get the error... You must specify a…
makansij
  • 265
  • 1
  • 5
  • 12
6
votes
1 answer

Access denied copying files using S3 CLI

Attempting to pull down the contents of an S3 bucket using the AWS CLI, I'm getting the following: aws s3 cp --region us-east-1 s3://s3.amazonaws.com/my-bucket . --recursive A client error (AccessDenied) occurred when calling the ListObjects…
KevinD
  • 163
  • 1
  • 1
  • 4
6
votes
2 answers

I can't upload server certificate on AWS IAM

I got AWS iam working on my server, and trying to upload some certificates: aws iam upload-server-certificate --server-certificate-name domain2014 --certificate-body file:///var/www/html/certificate.pem --private-key…
Diego Sarmiento
  • 183
  • 3
  • 9
6
votes
1 answer

AWS Root volume Encryption

In my scenario, I have some old EBS volumes that are not encrypted. To satisfy new corporate security measures, all data needs to be encrypted so I need to compile a plan to encrypt the unencrypted in the least disruptive way (Ideally with no…
samtech 2021
  • 81
  • 7
1 2
3
25 26