AWS and other interesting stuff

API And CLI

ACloud.guru API/CLI Cheat Sheet

https://acloud.guru/course/aws-certified-devops-engineer-professional/dashboard

Autoscaling

  • enter-standby and exit-standby $ aws autoscaling enter-standby --instance-ids i-93633f9b --auto-scaling-group-name my-auto-scaling-group --should-decrement-desired-capacity $ aws autoscaling exit-standby --instance-ids i-93633f9b --auto-scaling-group-name my-auto-scaling-group
    • perform maintenance on an instance without it being impacted by auto scaling actions or associated self-healing actions.
    • Instance is removed or added from any associated load balancer.
    • Auto Scaling increments the desired capacity when you put an instance that was on standby back in service. If you did not decrement the capacity when you put the instance on standby, Auto Scaling detects that you have more instances than you need, and applies the termination policy in effect to reduce the size of your Auto Scaling group.
  • create-launch-configuration and delete-launch-configuration $ aws autoscaling create-launch-configuration --launch-configuration-name my-launch-config --image-id ami-c6169af6 --instance-type m1.medium $ aws autoscaling create-launch-configuration --launch-configuration-name my-launch-config --image-id ami-c6169af6 --instance-type m1.medium --spot-price "0.50" $ aws autoscaling create-launch-configuration --launch-configuration-name my-launch-config --key-name my-key-pair --image-id ami-c6169af6 --instance-type m1.small --user-data file://myuserdata.txt $ aws autoscaling create-launch-configuration --launch-configuration-name my-launch-config --key-name my-key-pair --instance-id i-7e13c876 --security-groups sg-eb2af88e --instance-type m1.small --user-data file://myuserdata.txt --instance-monitoring Enabled=true --no-ebs-optimized --no-associate-public-ip-address --placement-tenancy dedicated --iam-instance-profile my-autoscaling-role --block-device-mappings "[{\"DeviceName\": \"/dev/sdh\",\"Ebs\":{\"VolumeSize\":100}}]" --block-device-mappings "[{\"DeviceName\": \"/dev/sdc\",\"VirtualName\":\"ephemeral1\"}]" --block-device-mappings "[{\"DeviceName\": \"/dev/sdf\",\"NoDevice\":\"\"}]"
  • update-auto-scaling-group - min, max, desired, launch configuration etc… $ aws autoscaling update-auto-scaling-group --auto-scaling-group-name my-auto-scaling-group --health-check-type ELB --health-check-grace-period 60 $ aws autoscaling update-auto-scaling-group --auto-scaling-group-name my-auto-scaling-group --launch-configuration-name new-launch-config --min-size 1 --max-size 3 --vpc-zone-identifier subnet-41767929 $ aws autoscaling update-auto-scaling-group --auto-scaling-group-name my-auto-scaling-group --default-cooldown 600 --placement-group my-placement-group --termination-policies "OldestInstance" --availability-zones us-west-2c $ aws autoscaling update-auto-scaling-group --auto-scaling-group-name my-auto-scaling-group --new-instances-protected-from-scale-in $ aws autoscaling update-auto-scaling-group --auto-scaling-group-name my-auto-scaling-group --no-new-instances-protected-from-scale-in
  • put-lifecycle-hook $ aws autoscaling put-lifecycle-hook --lifecycle-hook-name my-lifecycle-hook --auto-scaling-group-name my-auto-scaling-group --lifecycle-transition autoscaling:EC2_INSTANCE_LAUNCHING --notification-target-arn arn:aws:sns:us-west-2:123456789012:my-sns-topic --role-arn arn:aws:iam::123456789012:role/my-auto-scaling-role $ aws autoscaling complete-lifecycle-action \ --auto-scaling-group-name test-auto-scaling-group \ --lifecycle-hook-name test-asg-scale-out-hook --lifecycle-action-result CONTINUE \ --lifecycle-action-token 20f34ccc-c3fc-4ec3-8ed3-914058dc7aae
  • put-scaling-policy $ aws autoscaling put-scaling-policy --auto-scaling-group-name my-auto-scaling-group --policy-name ScaleIn --scaling-adjustment -1 --adjustment-type ChangeInCapacity $ aws autoscaling put-scaling-policy --auto-scaling-group-name my-auto-scaling-group --policy-name ScalePercentChange --scaling-adjustment 25 --adjustment-type PercentChangeInCapacity --cooldown 60 --min-adjustment-step 2

CloudWatch

  • put-metric-data $ aws cloudwatch put-metric-data --namespace "Usage Metrics" --metric-data file://metric.json
[
  {
    "MetricName": "New Posts",
    "Timestamp": "Wednesday, June 12, 2013 8:28:20 PM",
    "Value": 0.50,
    "Unit": "Count"
  }
]
...
"StatisticValues": {
  "SampleCount": double,
  "Sum": double,
  "Minimum": double,
  "Maximum": double
},
"Unit": "Seconds"|"Microseconds"|"Milliseconds"|"Bytes"|"Kilobytes"|"Megabytes"|"Gigabytes"|"Terabytes"|"Bits"|"Kilobits"|"Megabits"|"Gigabits"|"Terabits"|"Percent"|"Count"|"Bytes/Second"|"Kilobytes/Second"|"Megabytes/Second"|"Gigabytes/Second"|"Terabytes/Second"|"Bits/Second"|"Kilobits/Second"|"Megabits/Second"|"Gigabits/Second"|"Terabits/Second"|"Count/Second"|"None"
...
  • put-metric-alarm - note, an alarm starts in INSUFFICIENT_DATA state before being evaluated and set as appropriate $ aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70 percent" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70 --comparison-operator GreaterThanThreshold --dimensions "Name=InstanceId,Value=i-12345678" --evaluation-periods 2 --alarm-actions arn:aws:sns:us-east-1:111122223333:MyTopic --unit Percent
  • disable-alarm-actions and enable-alarm-actions - alarm state will change, but associated action won’t trigger $ aws cloudwatch disable-alarm-actions --alarm-names myalarm
  • set-alarm-state - temporarily set the state of an alarm, useful for testing $ aws cloudwatch set-alarm-state --alarm-name "myalarm" --state-value ALARM --state-reason "testing purposes"
  • get-metric-statistics $ aws cloudwatch get-metric-statistics --metric-name CPUUtilization --start-time 2014-04-08T23:18:00 --end-time 2014-04-09T23:18:00 --period 3600 --namespace AWS/EC2 --statistics Maximum --dimensions Name=InstanceId,Value=i-abcdef

(end - start) / period = #datapoints

{
    "Datapoints": [
        {
            "Timestamp": "2014-04-09T11:18:00Z",
            "Maximum": 44.79,
            "Unit": "Percent"
        },
        {
            "Timestamp": "2014-04-09T20:18:00Z",
            "Maximum": 47.92,
            "Unit": "Percent"
        },
...

DynamoDB

  • get-item - eventually consistent by default, but a strongly consistent read can be requested $ aws dynamodb get-item --table-name MusicCollection --key file://key.json
{
    "Artist": {"S": "Acme Band"},
    "SongTitle": {"S": "Happy Day"}
}

Output:

{
    "Item": {
        "AlbumTitle": {
            "S": "Songs About Life"
        },
        "SongTitle": {
            "S": "Happy Day"
        },
        "Artist": {
            "S": "Acme Band"
        }
    }
}
  • batch-get-item $ aws dynamodb batch-get-item --request-items file://request-items.json json { "MusicCollection": { "Keys": [ { "Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Call Me Today"} }, { "Artist": {"S": "Acme Band"}, "SongTitle": {"S": "Happy Day"} }, { "Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Scared of My Shadow"} } ], "ProjectionExpression":"AlbumTitle" } }
    • For example, if you ask to retrieve 100 items, but each individual item is 300 KB in size, the system returns 52 items (so as not to exceed the 16 MB limit). It also returns an appropriate UnprocessedKeys value so you can get the next page of results.
    • 16M and/or 100 items.
    • Items can come from 1 or more tables and both strongly and eventually consistent reads can be used.
  • query - 1 or more items from a table or secondary index. Specific value for partition key is required. You can narrow scope using comparison operators against the sort key value or index key. $ aws dynamodb query --table-name MusicCollection --projection-expression "SongTitle" --key-condition-expression "Artist = :v1" --expression-attribute-values file://expression-attributes.json { ":v1": {"S": "No One You Know"} }
    • –consistent-read | –no-consistent-read (boolean)
    • –scan-index-forward | –no-scan-index-forward (boolean)
    • –return-consumed-capacity INDEXES|TOTAL|NONE
    • –starting-token (string)
    • A token to specify where to start paginating. This is the NextToken from a previously truncated response.
    • –max-items
    • –select (string)
    • The attributes to be returned in the result. You can retrieve all item attributes, specific item attributes, the count of matching items, or in the case of an index, some or all of the attributes projected into the index.
      • ALL_ATTRIBUTES - Returns all of the item attributes from the specified table or index. If you query a local secondary index, then for each matching item in the index DynamoDB will fetch the entire item from the parent table. If the index is configured to project all item attributes, then all of the data can be obtained from the local secondary index, and no fetching is required.
      • ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves all attributes that have been projected into the index. If the index is configured to project all attributes, this return value is equivalent to specifying ALL_ATTRIBUTES .
      • COUNT - Returns the number of matching items, rather than the matching items themselves.
      • SPECIFIC_ATTRIBUTES - Returns only the attributes listed in AttributesToGet . This return value is equivalent to specifying AttributesToGet without specifying any value for select . If you query or scan a local secondary index and request only attributes that are projected into that index, the operation will read only the index and not the table. If any of the requested attributes are not projected into the local secondary index, DynamoDB will fetch each of these attributes from the parent table. This extra fetching incurs additional throughput cost and latency. If you query or scan a global secondary index, you can only request attributes that are projected into the index. Global secondary index queries cannot fetch attributes from the parent table.
    • Size limit 1M
    • Strongly consistent or eventually consistent reads are supported using ConsistentRead parameter
  • scan - reads every item in a table $ aws dynamodb scan --table-name MusicCollection --filter-expression "Artist = :a" --projection-expression "#ST, #AT" --expression-attribute-names file://expression-attribute-names.json --expression-attribute-values file://expression-attribute-values.json
    • Has –consistent-read, –max-items, –starting-token like query.
    • You can limit the items returned by filtering the attributes
    • Strongly consistent or eventually consistent reads are supported using ConsistentRead parameter
  • put-item - if the key already exists the new put completely replaces the item. $ aws dynamodb put-item --table-name MusicCollection --item file://item.json --return-consumed-capacity TOTAL $ aws dynamodb put-item --table-name MusicCollection --item '{"Artist": {"S": "Obscure Indie Band"}}' --condition-expression "attribute_not_exists(Artist)" A client error (ConditionalCheckFailedException) occurred when calling the PutItem operation: The conditional request failed
    • You can use conditional operators to replace an item only if its attributes match certain conditions or insert a new item only if that item doesn’t exist.
    • –return-values NONE|ALL_OLD
  • update-item - modifies attributes of an existing item $ aws dynamodb update-item --table-name MusicCollection --key file://key.json --update-expression "SET #Y = :y, #AT = :t" --expression-attribute-names file://expression-attribute-names.json --expression-attribute-values file://expression-attribute-values.json --return-values ALL_NEW
    • Conditional operators can be used
    • –return-values NONE|ALL_OLD|UPDATED_OLD|ALL_NEW|UPDATED_NEW
  • delete-item - delete item in a table using its primary key $ aws dynamodb delete-item --table-name MusicCollection --key file://key.json
    • Conditional operators can be used
  • batch-write-item - performs multiple put-item and delete-item across multiple tables in one request aws dynamodb batch-write-item --request-items file://request-items.json { "MusicCollection": [ { "PutRequest": { "Item": { "Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Call Me Today"}, "AlbumTitle": {"S": "Somewhat Famous"} } } }, { "PutRequest": { "Item": { "Artist": {"S": "Acme Band"}, "SongTitle": {"S": "Happy Day"}, "AlbumTitle": {"S": "Songs About Life"} } } }, { "PutRequest": { "Item": { "Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Scared of My Shadow"}, "AlbumTitle": {"S": "Blue Sky Blues"} } } } ] }
    • The batch-write-item operation puts or deletes multiple items in one or more tables. A single call to batch-write-item can write up to 16 MB of data, which can comprise as many as 25 put or delete requests. Individual items to be written can be as large as 400 KB.
  • create-table - must define a primary key (simple, or composite as it includes a partition and sort key) and throughput settings $ aws dynamodb create-table --table-name MusicCollection --attribute-definitions AttributeName=Artist,AttributeType=S AttributeName=SongTitle,AttributeType=S --key-schema AttributeName=Artist,KeyType=HASH AttributeName=SongTitle,KeyType=RANGE --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
    • You can optionally create 1 or more secondary indexes
    • –local-secondary-indexes –global-secondary-indexes
  • update-table - modifies the provisioned throughput settings on a table or its GSI $ aws dynamodb update-table --table-name MusicCollection --provisioned-throughput ReadCapacityUnits=10,WriteCapacityUnits=10
    • –stream-specification StreamEnabled=boolean,StreamViewType=string “NEW_IMAGE”|“OLD_IMAGE”|“NEW_AND_OLD_IMAGES”|“KEYS_ONLY”
    • –global-secondary-index-updates Create|Update|Delete

EC2

  • run-instances - this is how instances are created $ aws ec2 run-instances --image-id ami-1a2b3c4d --count 1 --instance-type c3.large --key-name MyKeyPair --security-groups MySecurityGroup $ aws ec2 run-instances --image-id ami-abc12345 --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-903004f8 --subnet-id subnet-6e7f829e $ aws ec2 run-instances --image-id ami-c3b8d6aa --count 1 --instance-type t2.medium --key-name MyKeyPair --security-group-ids sg-903004f8 --subnet-id subnet-6e7f829e --associate-public-ip-address $ aws ec2 run-instances --image-id ami-abc1234 --count 1 --instance-type m4.large --key-name keypair --user-data file://my_script.txt --subnet-id subnet-abcd1234 --security-group-ids sg-abcd1234 $ aws ec2 run-instances --iam-instance-profile Name=MyInstanceProfile --image-id ami-1a2b3c4d --count 1 --instance-type t2.micro --key-name MyKeyPair --security-groups MySecurityGroup
    • –block-device-mappings file://mapping.json
  • stop-instances - can’t be used with instance-store or spot instances $ aws ec2 stop-instances --instance-ids i-1234567890abcdef0
    • –dry-run
  • start-instances - start instances that are in a stopped state $ aws ec2 start-instances --instance-ids i-1234567890abcdef0
    • can’t be used with instance-store or spot instances
  • terminate-instances - EBS volumes attached at creation time will have the DeleteOnTerminate flag set to true, and any new ones will have it set to false
  • describe-instances $ aws ec2 describe-instances --instance-ids i-1234567890abcdef0 $ aws ec2 describe-instances --filters "Name=instance-type,Values=m1.small" "Name=availability-zone,Values=us-west-2c" $ aws ec2 describe-instances --filters "Name=tag:Purpose,Values=test"
    • –starting-token (string)
      • A token to specify where to start paginating. This is the NextToken from a previously truncated response.
    • –max-items
    • –page-size - The size of each page.
  • wait - wait on a particular action to complete e.g. creation of a snapshot $ aws ec2 wait vpc-exists --vpc-ids 123 Waiter VpcExists failed: Max attempts exceeded
    • Wait until 200 response is received when polling with describe-vpcs. It will poll every 1 seconds until a successful state has been reached. This will exit with a return code of 255 after 5 failed checks.
  • create-image - create an EBS backed AMI from a running or stopped instance $ aws ec2 create-image --instance-id i-1234567890abcdef0 --name "My server" --description "An AMI for my server"
    • –block-device-mappings “[{\“DeviceName\”: \“/dev/sdh\“,\“Ebs\”:{\“VolumeSize\”:100}}]”
    • –no-reboot | –reboot (boolean) A reboot is performed before creating the image to ensure file system integrity
  • create-snapshot - will create a snapshot of a specific image $ aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description "This is my root volume snapshot."
  • copy-image - copy an AMI from a source to destination region $ aws ec2 copy-image --source-image-id ami-5731123e --source-region us-east-1 --region ap-northeast-1 --name "My server"
    • –encrypted | –no-encrypted (boolean)
      • Specifies whether the destination snapshots of the copied image should be encrypted. The default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId
    • –kms-key-id (string)
  • copy-snapshot - copy a snapshot from a source to destination region $ aws --region us-east-1 ec2 copy-snapshot --source-region us-west-2 --source-snapshot-id snap-066877671789bd71b --description "This is my copied snapshot."
    • –encrypted | –no-encrypted (boolean)
      • Specifies whether the destination snapshots of the copied image should be encrypted. The default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId
    • –kms-key-id (string)
  • create-volume - create an EBS volume (a crucial command to know) $ aws ec2 create-volume --size 80 --region us-east-1 --availability-zone us-east-1a --volume-type gp2 $ aws ec2 create-volume --region us-east-1 --availability-zone us-east-1a --snapshot-id snap-066877671789bd71b --volume-type io1 --iops 1000
  • –encrypted | –no-encrypted (boolean)
    • Specifies whether the volume should be encrypted. Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption.
  • –kms-key-id (string)
    • The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. This parameter is only required if you want to use a non-default CMK;
  • describe-tags - may come up in the exam regarding the backup and pruning of EBS volumes $ aws ec2 describe-tags $ aws ec2 describe-tags --filters "Name=key,Values=Stack" "Name=value,Values=Test"
{
    "Tags": [
        {
            "ResourceType": "image",
            "ResourceId": "ami-3ac33653",
            "Value": "Test",
            "Key": "Stack"
        },
        {
            "ResourceType": "instance",
            "ResourceId": "i-1234567890abcdef8",
            "Value": "Test",
            "Key": "Stack"
        }
    ]
}

S3 and S3API

  • S3
    • mb and rb $ aws s3 mb s3://mybucket
    • mv and rm
    • cp $ aws s3 cp s3://mybucket/ s3://mybucket2/ --recursive --exclude "mybucket/another/*" $ aws s3 cp s3://mybucket/test.txt s3://mybucket/test2.txt --acl public-read-write $ aws s3 cp - s3://mybucket/stream.txt $ aws s3 cp s3://mybucket/stream.txt -
    • sync
    • –sse, –sse-c, –sse-c-key, sse-kms-key-id
    • –storage-class STANDARD | REDUCED_REDUNDANCY | STANDARD_IA
    • –acl
    • –website-redirect
    • –dryrun
    • website $ aws s3 website s3://my-bucket/ --index-document index.html --error-document error.html
  • S3API
    • head-object - get meta data without returning the actual object $ aws s3api head-object --bucket my-bucket --key index.html
      • –if-match (string) Return the object only if its entity tag (ETag) is the same as the one specified, otherwise return a 412 (precondition failed).
      • –if-modified-since (timestamp) Return the object only if it has been modified since the specified time, otherwise return a 304 (not modified).
      • –if-none-match (string) Return the object only if its entity tag (ETag) is different from the one specified, otherwise return a 304 (not modified).
      • –if-unmodified-since (timestamp) Return the object only if it has not been modified since the specified time, otherwise return a 412 (precondition failed).
      • –request-payer (string) Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests.
      • –part-number (integer) Part number of the object being read. This is a positive integer between 1 and 10,000. Effectively performs a ‘ranged’ HEAD request for the part specified. Useful querying about the size of the part and the number of parts in this object.
    • head-bucket - get meta data for bucket $ aws s3api head-bucket --bucket my-bucket
      • This operation is useful to determine if a bucket exists and you have permission to access it.
    • get/put bucket-versioning - versioning cannot be disabled, only suspended $ aws s3api get-bucket-versioning --bucket my-bucket { "Status": "Enabled" } $ aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled $ aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration MFADelete=Enabled,Status=Enabled $ aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration MFADelete=Enabled,Status=Enabled --mfa "SERIAL 123456"
    • get/put bucket-acl - view and set ACL $ aws s3api get-bucket-acl --bucket my-bucket $ aws s3api put-bucket-acl --bucket MyBucket --grant-full-control emailaddress=user1@example.com,emailaddress=user2@example.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers $ aws s3api put-object-acl --bucket MyBucket --key file.txt --grant-full-control emailaddress=user1@example.com,emailaddress=user2@example.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
    • put-bucket-notifcation-configuration $ aws s3api put-bucket-notification-configuration --bucket my-bucket --notification-configuration file://notification.json
{
   "TopicConfigurations": [
       {
           "TopicArn": "arn:aws:sns:us-west-2:123456789012:s3-notification-topic",
           "Events": [
               "s3:ObjectCreated:*"
           ]
       }
   ]
}

SQS

  • add-permission - allow another entity access to the queue $ aws sqs add-permission --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --label SendMessagesFromMyQueue --aws-account-ids 12345EXAMPLE --actions SendMessage
  • change-message-visibility - change visibility timeout to a maximum of 12 hours. The value you provide extends the timeout by that amount $ aws sqs change-message-visibility --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --receipt-handle AQEBTpyI...t6HyQg== --visibility-timeout 36000
    • For example, you have a message and with the default visibility timeout of 5 minutes. After 3 minutes, you call ChangeMessageVisiblity with a timeout of 10 minutes. At that time, the timeout for the message is extended by 10 minutes beyond the time of the change-message-visibility action. This results in a total visibility timeout of 13 minutes. You can continue to call the change-message-visibility to extend the visibility timeout to a maximum of 12 hours. If you try to extend the visibility timeout beyond 12 hours, your request is rejected.
  • set-queue-attributes - can take up to 60 seconds. Message retention setting changes can take up to 15 minutes. If you’re asked any complex questions in the exam it’s likely this operation is involved. $ aws sqs set-queue-attributes --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyNewQueue --attributes file://set-queue-attributes.json { "DelaySeconds": "10", "MaximumMessageSize": "131072", "MessageRetentionPeriod": "259200", "ReceiveMessageWaitTimeSeconds": "20", "RedrivePolicy": "{\"deadLetterTargetArn\":\"arn:aws:sqs:us-east-1:80398EXAMPLE:MyDeadLetterQueue\",\"maxReceiveCount\":\"1000\"}", "VisibilityTimeout": "60" }
    • DelaySeconds - The number of seconds for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 (15 minutes). The default is 0 (zero).
    • MaximumMessageSize - The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) up to 262,144 bytes (256 KiB). The default is 262,144 (256 KiB).
    • MessageRetentionPeriod - The number of seconds for which Amazon SQS retains a message. Valid values: An integer representing seconds, from 60 (1 minute) to 1,209,600 (14 days). The default is 345,600 (4 days).
    • Policy - The queue’s policy. A valid AWS policy. For more information about policy structure, see Overview of AWS IAM Policies in the Amazon IAM User Guide .
    • ReceiveMessageWaitTimeSeconds - The number of seconds for which a receive-message action waits for a message to arrive. Valid values: an integer from 0 to 20 (seconds). The default is 0. The requesting client can set WaitTimeSeconds reference
    • RedrivePolicy - The parameters for the dead letter queue functionality of the source queue. For more information about the redrive policy and dead letter queues, see Using Amazon SQS Dead Letter Queues in the Amazon SQS Developer Guide .
    • VisibilityTimeout - The visibility timeout for the queue. Valid values: an integer from 0 to 43,200 (12 hours). The default is 30. For more information about the visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide .
  • send-message, receive-message, delete-message $ aws sqs send-message --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --message-body "Information about the largest city in Any Region." --delay-seconds 10 --message-attributes file://send-message.json $ aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --attribute-names All --message-attribute-names All --max-number-of-messages 10 $ aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --attribute-names SenderId SentTimestamp --message-attribute-names PostalCode $ aws sqs delete-message --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --receipt-handle AQEBRXTo...q2doVA==
    • aws sqs receive-message –wait-time-seconds (integer)
      • The duration (in seconds) for which the call waits for a message to arrive in the queue before returning. If a message is available, the call returns sooner than WaitTimeSeconds
        • Long polling reduces the number of empty responses by allowing Amazon SQS to wait until a message is available in the queue before sending a response. Unless the connection times out, the response to the ReceiveMessage request contains at least one of the available messages, up to the maximum number of messages specified in the ReceiveMessage action.
        • Long polling eliminates false empty responses by querying all (rather than a limited number) of the servers.
        • Long polling returns messages as soon any message becomes available.
    • receive-message causes the message to be hidden as per the visibility timeout period. delete-message clears the message post processing

STS

  • assume-role - temporary role credentials. Usually used for cross-account access. $ aws sts assume-role --role-arn arn:aws:iam::123456789012:role/xaccounts3access --role-session-name s3-access-example
    • –external-id
    • –duration-seconds - The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.
    • –serial-number
    • –token-code
    • –policy (string)
      • An IAM policy in JSON format. This parameter is optional. If you pass a policy, the temporary security credentials that are returned by the operation have the permissions that are allowed by both (the intersection of) the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials
  • assume-role-with-saml
    • –saml-assertion
  • assume-role-with-web-identity
    • –web-identity-token
  • get-session-token - allows an IAM user to specify an MFA code. They can then use the provided access tokens to call API commands that require MFA to have been used.
    • Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use get-session-token if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances . *
  • get-federation-token
    • Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. Because you must call the get-federation-token action using the long-term security credentials of an IAM user, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application.