AWS CLI¶
Traduzione: Copia tutti i comandi
Traduzione: Generare PDF
< >
Comandi e flussi di lavoro AWS CLI completi per la gestione delle infrastrutture Amazon Web Services, tra cui EC2, S3, Lambda e altro ancora.
## Installazione e configurazione
|Command|Description|
|---------|-------------|
|`aws configure`|Configure AWS credentials and region|
|`aws configure list`|Show current configuration|
|`aws configure set region us-west-2`|Set default region|
|`aws configure set output json`|Set output format|
|`aws sts get-caller-identity`|Verify current identity|
|`aws configure list-profiles`|List all configured profiles|
|`aws configure --profile myprofile`|Configure named profile|
## EC2 (Elastic Compute Cloud)
### Gestione del sistema
|Command|Description|
|---------|-------------|
|`aws ec2 describe-instances`|List all instances|
|`aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro`|Launch instance|
|`aws ec2 start-instances --instance-ids i-1234567890abcdef0`|Start instance|
|`aws ec2 stop-instances --instance-ids i-1234567890abcdef0`|Stop instance|
|`aws ec2 terminate-instances --instance-ids i-1234567890abcdef0`|Terminate instance|
|`aws ec2 reboot-instances --instance-ids i-1234567890abcdef0`|Reboot instance|
### Gruppi di sicurezza
|Command|Description|
|---------|-------------|
|`aws ec2 describe-security-groups`|List security groups|
|`aws ec2 create-security-group --group-name MySecurityGroup --description "My security group"`|Create security group|
|`aws ec2 authorize-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0`|Add inbound rule|
|`aws ec2 revoke-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0`|Remove inbound rule|
### Coppie chiave
|Command|Description|
|---------|-------------|
|`aws ec2 describe-key-pairs`|List key pairs|
|`aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem`|Create key pair|
|`aws ec2 delete-key-pair --key-name MyKeyPair`|Delete key pair|
## S3 (Servizio di stoccaggio semplice)
### Operazioni di secchio
|Command|Description|
|---------|-------------|
|`aws s3 ls`|List all buckets|
|`aws s3 mb s3://my-bucket`|Create bucket|
|`aws s3 rb s3://my-bucket`|Remove empty bucket|
|`aws s3 rb s3://my-bucket --force`|Remove bucket and all contents|
|`aws s3 ls s3://my-bucket`|List objects in bucket|
|`aws s3 ls s3://my-bucket --recursive`|List all objects recursively|
### Operazioni di file
|Command|Description|
|---------|-------------|
|`aws s3 cp file.txt s3://my-bucket/`|Upload file|
|`aws s3 cp s3://my-bucket/file.txt .`|Download file|
|`aws s3 sync ./local-folder s3://my-bucket/`|Sync local folder to S3|
|`aws s3 sync s3://my-bucket/ ./local-folder`|Sync S3 to local folder|
|`aws s3 rm s3://my-bucket/file.txt`|Delete file|
|`aws s3 rm s3://my-bucket/ --recursive`|Delete all files in bucket|
### Operazioni S3 avanzate
|Command|Description|
|---------|-------------|
|`aws s3api get-bucket-versioning --bucket my-bucket`|Check versioning status|
|`aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled`|Enable versioning|
|`aws s3api get-bucket-encryption --bucket my-bucket`|Check encryption|
|`aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration file://encryption.json`|Enable encryption|
## Lambda
### Gestione delle funzioni
|Command|Description|
|---------|-------------|
|`aws lambda list-functions`|List all functions|
|`aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip`|Create function|
|`aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip`|Update function code|
|`aws lambda invoke --function-name my-function output.txt`|Invoke function|
|`aws lambda delete-function --function-name my-function`|Delete function|
### Configurazione della funzione
|Command|Description|
|---------|-------------|
|`aws lambda get-function --function-name my-function`|Get function details|
|`aws lambda update-function-configuration --function-name my-function --timeout 30`|Update timeout|
|`aws lambda update-function-configuration --function-name my-function --memory-size 256`|Update memory|
|`aws lambda put-function-event-invoke-config --function-name my-function --maximum-retry-attempts 1`|Configure retries|
## IAM (Identity and Access Management)
### Gestione utente
|Command|Description|
|---------|-------------|
|`aws iam list-users`|List all users|
|`aws iam create-user --user-name myuser`|Create user|
|`aws iam delete-user --user-name myuser`|Delete user|
|`aws iam get-user --user-name myuser`|Get user details|
|`aws iam create-access-key --user-name myuser`|Create access key|
|`aws iam delete-access-key --user-name myuser --access-key-id AKIAIOSFODNN7EXAMPLE`|Delete access key|
### Gestione del ruolo
|Command|Description|
|---------|-------------|
|`aws iam list-roles`|List all roles|
|`aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json`|Create role|
|`aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess`|Attach policy to role|
|`aws iam detach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess`|Detach policy from role|
### Gestione delle politiche
|Command|Description|
|---------|-------------|
|`aws iam list-policies`|List all policies|
|`aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json`|Create policy|
|`aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy`|Delete policy|
|`aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy`|Get policy details|
## Formazione cloud
### Gestione di Stack
|Command|Description|
|---------|-------------|
|`aws cloudformation list-stacks`|List all stacks|
|`aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml`|Create stack|
|`aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml`|Update stack|
|`aws cloudformation delete-stack --stack-name my-stack`|Delete stack|
|`aws cloudformation describe-stacks --stack-name my-stack`|Get stack details|
|`aws cloudformation describe-stack-events --stack-name my-stack`|Get stack events|
### Operazioni dei modelli
|Command|Description|
|---------|-------------|
|`aws cloudformation validate-template --template-body file://template.yaml`|Validate template|
|`aws cloudformation estimate-template-cost --template-body file://template.yaml`|Estimate costs|
|`aws cloudformation get-template --stack-name my-stack`|Get stack template|
## RDS (Servizio Database relazionale)
### Gestione del database
|Command|Description|
|---------|-------------|
|`aws rds describe-db-instances`|List all DB instances|
|`aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro --engine mysql --master-username admin --master-user-password mypassword --allocated-storage 20`|Create DB instance|
|`aws rds start-db-instance --db-instance-identifier mydb`|Start DB instance|
|`aws rds stop-db-instance --db-instance-identifier mydb`|Stop DB instance|
|`aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot`|Delete DB instance|
### Istantanee del database
|Command|Description|
|---------|-------------|
|`aws rds describe-db-snapshots`|List all snapshots|
|`aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot`|Create snapshot|
|`aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mydb-restored --db-snapshot-identifier mydb-snapshot`|Restore from snapshot|
|`aws rds delete-db-snapshot --db-snapshot-identifier mydb-snapshot`|Delete snapshot|
## VPC (Virtual Private Cloud)
### VPC Gestione
|Command|Description|
|---------|-------------|
|`aws ec2 describe-vpcs`|List all VPCs|
|`aws ec2 create-vpc --cidr-block 10.0.0.0/16`|Create VPC|
|`aws ec2 delete-vpc --vpc-id vpc-12345678`|Delete VPC|
|`aws ec2 describe-subnets`|List all subnets|
|`aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24`|Create subnet|
### Tavoli di percorso
|Command|Description|
|---------|-------------|
|`aws ec2 describe-route-tables`|List route tables|
|`aws ec2 create-route-table --vpc-id vpc-12345678`|Create route table|
|`aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678`|Add route|
|`aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678`|Associate route table|
## CloudWatch
### metriche e allarmi
|Command|Description|
|---------|-------------|
|`aws cloudwatch list-metrics`|List all metrics|
|`aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistics Average --start-time 2023-01-01T00:00:00Z --end-time 2023-01-02T00:00:00Z --period 3600`|Get metric statistics|
|`aws cloudwatch describe-alarms`|List all alarms|
|`aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70%" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70.0 --comparison-operator GreaterThanThreshold`|Create alarm|
### Logs
|Command|Description|
|---------|-------------|
|`aws logs describe-log-groups`|List log groups|
|`aws logs create-log-group --log-group-name my-log-group`|Create log group|
|`aws logs describe-log-streams --log-group-name my-log-group`|List log streams|
|`aws logs get-log-events --log-group-name my-log-group --log-stream-name my-log-stream`|Get log events|
## Migliori Pratiche
### Sicurezza
1. ** Utilizzare IAM Roles**: Preferire i ruoli IAM sui tasti di accesso per le istanze EC2
2. **Least Privilege**: Concedere autorizzazioni minime richieste
3. **MFA**: Abilitare l'autenticazione multifattore per operazioni sensibili
4. #Rotate Keys # Regolarmente ruotare chiavi di accesso e password
### Ottimizzazione dei costi
1. # Resource Tagging # Tagga tutte le risorse per il monitoraggio dei costi
2. - Si'. Monitorare e regolare le dimensioni delle istanze in base all'utilizzo
3. **Stati riservati**: Utilizzare istanze riservate per carichi di lavoro prevedibili
4. **Istruzioni dei punti**: Utilizzare istanze dei punti per carichi di lavoro tolleranti
### Automazione
1. **CloudFormation ** Utilizzare Infrastructure come Codice per implementazioni riproducibili
2. **AWS CLI Scripts**: Automatizza le attività ripetitive con gli script di shell
3. **AWS SDK**: Utilizzare gli SDK AWS per l'integrazione delle applicazioni
4. **CI/CD**: Integrare AWS CLI in pipeline di integrazione continua