Saltar a contenido

AWS CLI

"Clase de la hoja"

########################################################################################################################################################################################################################################################## Copiar todos los comandos
########################################################################################################################################################################################################################################################## Generar PDF seleccionado/button

■/div titulada

Completo AWS CLI comandos y flujos de trabajo para gestionar la infraestructura de Amazon Web Services, incluyendo EC2, S3, Lambda, y más.

Instalación " Configuración

Command Description
aws configure Configure AWS credentials and region
aws configure list Show current configuration
aws configure set region us-west-2 Set default region
aws configure set output json Set output format
aws sts get-caller-identity Verify current identity
aws configure list-profiles List all configured profiles
aws configure --profile myprofile Configure named profile

EC2 (Cultura de Computación Elástica)

Instance Management

Command Description
aws ec2 describe-instances List all instances
aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro Launch instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0 Start instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0 Stop instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 Terminate instance
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0 Reboot instance

Grupos de Seguridad

Command Description
aws ec2 describe-security-groups List security groups
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" Create security group
aws ec2 authorize-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 Add inbound rule
aws ec2 revoke-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 Remove inbound rule

Parejas clave

Command Description
aws ec2 describe-key-pairs List key pairs
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem Create key pair
aws ec2 delete-key-pair --key-name MyKeyPair Delete key pair

S3 (Simple Storage Service)

Operaciones de Bucket

Command Description
aws s3 ls List all buckets
aws s3 mb s3://my-bucket Create bucket
aws s3 rb s3://my-bucket Remove empty bucket
aws s3 rb s3://my-bucket --force Remove bucket and all contents
aws s3 ls s3://my-bucket List objects in bucket
aws s3 ls s3://my-bucket --recursive List all objects recursively

Operaciones de archivo

Command Description
aws s3 cp file.txt s3://my-bucket/ Upload file
aws s3 cp s3://my-bucket/file.txt . Download file
aws s3 sync ./local-folder s3://my-bucket/ Sync local folder to S3
aws s3 sync s3://my-bucket/ ./local-folder Sync S3 to local folder
aws s3 rm s3://my-bucket/file.txt Delete file
aws s3 rm s3://my-bucket/ --recursive Delete all files in bucket

Operaciones avanzadas S3

Command Description
aws s3api get-bucket-versioning --bucket my-bucket Check versioning status
aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled Enable versioning
aws s3api get-bucket-encryption --bucket my-bucket Check encryption
aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration file://encryption.json Enable encryption

Lambda

Función de gestión

Command Description
aws lambda list-functions List all functions
aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip Create function
aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip Update function code
aws lambda invoke --function-name my-function output.txt Invoke function
aws lambda delete-function --function-name my-function Delete function

Configuración de funciones

Command Description
aws lambda get-function --function-name my-function Get function details
aws lambda update-function-configuration --function-name my-function --timeout 30 Update timeout
aws lambda update-function-configuration --function-name my-function --memory-size 256 Update memory
aws lambda put-function-event-invoke-config --function-name my-function --maximum-retry-attempts 1 Configure retries

IAM (Identity and Access Management)

Gestión de usuarios

Command Description
aws iam list-users List all users
aws iam create-user --user-name myuser Create user
aws iam delete-user --user-name myuser Delete user
aws iam get-user --user-name myuser Get user details
aws iam create-access-key --user-name myuser Create access key
aws iam delete-access-key --user-name myuser --access-key-id AKIAIOSFODNN7EXAMPLE Delete access key

Función de gestión

Command Description
aws iam list-roles List all roles
aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json Create role
aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess Attach policy to role
aws iam detach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess Detach policy from role

Policy Management

Command Description
aws iam list-policies List all policies
aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json Create policy
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy Delete policy
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy Get policy details

CloudFormation

Stack Management

Command Description
aws cloudformation list-stacks List all stacks
aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml Create stack
aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml Update stack
aws cloudformation delete-stack --stack-name my-stack Delete stack
aws cloudformation describe-stacks --stack-name my-stack Get stack details
aws cloudformation describe-stack-events --stack-name my-stack Get stack events

Operaciones de plantilla

Command Description
aws cloudformation validate-template --template-body file://template.yaml Validate template
aws cloudformation estimate-template-cost --template-body file://template.yaml Estimate costs
aws cloudformation get-template --stack-name my-stack Get stack template

RDS (Relational Database Service)

Database Instance Management

Command Description
aws rds describe-db-instances List all DB instances
aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro --engine mysql --master-username admin --master-user-password mypassword --allocated-storage 20 Create DB instance
aws rds start-db-instance --db-instance-identifier mydb Start DB instance
aws rds stop-db-instance --db-instance-identifier mydb Stop DB instance
aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot Delete DB instance

Capturas de base

Command Description
aws rds describe-db-snapshots List all snapshots
aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot Create snapshot
aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mydb-restored --db-snapshot-identifier mydb-snapshot Restore from snapshot
aws rds delete-db-snapshot --db-snapshot-identifier mydb-snapshot Delete snapshot

VPC (Virtual Private Cloud)

VPC Gestión

Command Description
aws ec2 describe-vpcs List all VPCs
aws ec2 create-vpc --cidr-block 10.0.0.0/16 Create VPC
aws ec2 delete-vpc --vpc-id vpc-12345678 Delete VPC
aws ec2 describe-subnets List all subnets
aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24 Create subnet

Tablas de ruta

Command Description
aws ec2 describe-route-tables List route tables
aws ec2 create-route-table --vpc-id vpc-12345678 Create route table
aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678 Add route
aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678 Associate route table

CloudWatch

Metrices y Alarmas

Command Description
aws cloudwatch list-metrics List all metrics
aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistics Average --start-time 2023-01-01T00:00:00Z --end-time 2023-01-02T00:00:00Z --period 3600 Get metric statistics
aws cloudwatch describe-alarms List all alarms
aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70%" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70.0 --comparison-operator GreaterThanThreshold Create alarm

Logs

Command Description
aws logs describe-log-groups List log groups
aws logs create-log-group --log-group-name my-log-group Create log group
aws logs describe-log-streams --log-group-name my-log-group List log streams
aws logs get-log-events --log-group-name my-log-group --log-stream-name my-log-stream Get log events

Buenas prácticas

Seguridad

  1. Use Papeles IAM: Preferir roles IAM sobre claves de acceso para casos EC2
  2. El Privilege de la Bestia: permisos mínimos requeridos
  3. MFA: Permitir la autenticación multifactorial para operaciones sensibles
  4. ** Claves de rotación**: Rotar regularmente claves y contraseñas de acceso

Optimización de costos

  1. Resource Tagging: Etiqueta todos los recursos para el seguimiento de costos
  2. Tamaño derecho: Supervisar y ajustar tamaños de instancia basados en el uso
  3. Instancias conservadas: Use instancias reservadas para cargas de trabajo previsibles
  4. Instancias de depósito: Use instancias puntuales para cargas de trabajo tolerantes a errores

Automatización

  1. CloudFormation: Use la infraestructura como código para despliegues reproducibles
  2. AWS CLI Scripts: Automatizar tareas repetitivas con scripts de shell
  3. AWS SDK: Use AWS SDKs para la integración de aplicaciones
  4. CI/CD: Integrar AWS CLI en tuberías de integración continua