Há mais exemplos de AWS SDK disponíveis no repositório [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub . As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá. # Exemplos de código para AWS CLI com o script Bash Os exemplos de código a seguir mostram como usar o script AWS Command Line Interface with Bash with AWS. As *noções básicas* são exemplos de código que mostram como realizar as operações essenciais em um serviço. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Alguns serviços contêm categorias de exemplo adicionais que mostram como utilizar bibliotecas ou funções específicas do serviço. **Mais atributos** + ** [AWS CLI com o Guia do Desenvolvedor Bash script ](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html)**: saiba mais sobre como usar o Bash com a AWS. + ** [Centro do desenvolvedor da AWS](https://aws.amazon.com/developer/code-examples/?awsf.sdk-code-examples-programming-language=programming-language%23bash) **: exemplos de código que você pode filtrar por categoria ou pesquisa de texto completo. + **[AWS Exemplos de SDK](https://github.com/awsdocs/aws-doc-sdk-examples)** — GitHub repositório com código completo nos idiomas preferidos. Inclui instruções para configurar e executar o código. **Topics** + [AWS Batch](bash_2_batch_code_examples.md) + [AWS Cloud Map](bash_2_servicediscovery_code_examples.md) + [CloudFront](bash_2_cloudfront_code_examples.md) + [DynamoDB](bash_2_dynamodb_code_examples.md) + [Amazon EC2](bash_2_ec2_code_examples.md) + [HealthImaging](bash_2_medical-imaging_code_examples.md) + [IAM](bash_2_iam_code_examples.md) + [AWS KMS](bash_2_kms_code_examples.md) + [Lightsail](bash_2_lightsail_code_examples.md) + [Amazon S3](bash_2_s3_code_examples.md) + [AWS STS](bash_2_sts_code_examples.md) # AWS Batch exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with AWS Batch. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Cenários](#scenarios) ## Cenários ### Conceitos básicos do Batch e do Fargate O exemplo de código a seguir mostra como: + Criar um perfil de execução do IAM para tarefas do ECS. + Criar um ambiente de computação gerenciado do Fargate. + Criar uma fila de trabalhos com configurações de prioridade. + Registrar uma definição de tarefa para workloads em contêineres. + Enviar e monitorar a execução de um trabalho em lote. + Exibir a saída do trabalho em CloudWatch Logs + Limpar os recursos na ordem de dependência adequada. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/011-getting-started-batch-fargate). ``` #!/bin/bash # AWS Batch Fargate Getting Started Script - Fixed Version # This script demonstrates creating AWS Batch resources with Fargate orchestration # # HIGH SEVERITY FIXES APPLIED: # 1. Added IAM role propagation delay after role creation # 2. Added resource state validation before deletion attempts set -e # Exit on any error # Configuration SCRIPT_NAME="batch-fargate-tutorial" LOG_FILE="${SCRIPT_NAME}-$(date +%Y%m%d-%H%M%S).log" RANDOM_SUFFIX=$(openssl rand -hex 6) COMPUTE_ENV_NAME="batch-fargate-compute-${RANDOM_SUFFIX}" JOB_QUEUE_NAME="batch-fargate-queue-${RANDOM_SUFFIX}" JOB_DEF_NAME="batch-fargate-jobdef-${RANDOM_SUFFIX}" JOB_NAME="batch-hello-world-${RANDOM_SUFFIX}" ROLE_NAME="BatchEcsTaskExecutionRole-${RANDOM_SUFFIX}" TRUST_POLICY_FILE="batch-trust-policy-${RANDOM_SUFFIX}.json" # Array to track created resources for cleanup CREATED_RESOURCES=() # Logging function log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } # Error handling function handle_error() { log "ERROR: Script failed at line $1" log "Attempting to clean up resources created so far..." cleanup_resources exit 1 } # Set up error handling trap 'handle_error $LINENO' ERR # Function to wait for resource to be ready wait_for_compute_env() { local env_name=$1 log "Waiting for compute environment $env_name to be VALID..." while true; do local status=$(aws batch describe-compute-environments \ --compute-environments "$env_name" \ --query 'computeEnvironments[0].status' \ --output text 2>/dev/null || echo "NOT_FOUND") if [ "$status" = "VALID" ]; then log "Compute environment $env_name is ready" break elif [ "$status" = "INVALID" ] || [ "$status" = "NOT_FOUND" ]; then log "ERROR: Compute environment $env_name failed to create properly" return 1 fi log "Compute environment status: $status. Waiting 10 seconds..." sleep 10 done } # Function to wait for job queue to be ready wait_for_job_queue() { local queue_name=$1 log "Waiting for job queue $queue_name to be VALID..." while true; do local state=$(aws batch describe-job-queues \ --job-queues "$queue_name" \ --query 'jobQueues[0].state' \ --output text 2>/dev/null || echo "NOT_FOUND") if [ "$state" = "ENABLED" ]; then log "Job queue $queue_name is ready" break elif [ "$state" = "DISABLED" ] || [ "$state" = "NOT_FOUND" ]; then log "ERROR: Job queue $queue_name failed to create properly" return 1 fi log "Job queue state: $state. Waiting 10 seconds..." sleep 10 done } # Function to wait for job completion wait_for_job() { local job_id=$1 log "Waiting for job $job_id to complete..." while true; do local status=$(aws batch describe-jobs \ --jobs "$job_id" \ --query 'jobs[0].status' \ --output text 2>/dev/null || echo "NOT_FOUND") if [ "$status" = "SUCCEEDED" ]; then log "Job $job_id completed successfully" break elif [ "$status" = "FAILED" ]; then log "ERROR: Job $job_id failed" return 1 fi log "Job status: $status. Waiting 30 seconds..." sleep 30 done } # FIXED: Added function to wait for resource state before deletion wait_for_resource_state() { local resource_type=$1 local resource_name=$2 local expected_state=$3 local max_attempts=30 local attempt=0 log "Waiting for $resource_type $resource_name to reach state: $expected_state" while [ $attempt -lt $max_attempts ]; do local current_state="" case $resource_type in "JOB_QUEUE") current_state=$(aws batch describe-job-queues \ --job-queues "$resource_name" \ --query 'jobQueues[0].state' \ --output text 2>/dev/null || echo "NOT_FOUND") ;; "COMPUTE_ENV") current_state=$(aws batch describe-compute-environments \ --compute-environments "$resource_name" \ --query 'computeEnvironments[0].status' \ --output text 2>/dev/null || echo "NOT_FOUND") ;; esac if [ "$current_state" = "$expected_state" ]; then log "$resource_type $resource_name is now in state: $expected_state" return 0 fi log "$resource_type $resource_name state: $current_state (waiting for $expected_state)" sleep 10 ((attempt++)) done log "WARNING: $resource_type $resource_name did not reach expected state after $max_attempts attempts" return 1 } # Cleanup function cleanup_resources() { log "Starting cleanup of created resources..." # Clean up in reverse order of creation for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do local resource="${CREATED_RESOURCES[i]}" local resource_type=$(echo "$resource" | cut -d: -f1) local resource_name=$(echo "$resource" | cut -d: -f2) log "Cleaning up $resource_type: $resource_name" case $resource_type in "JOB_QUEUE") # FIXED: Validate state before deletion aws batch update-job-queue --job-queue "$resource_name" --state DISABLED 2>/dev/null || true wait_for_resource_state "JOB_QUEUE" "$resource_name" "DISABLED" || true aws batch delete-job-queue --job-queue "$resource_name" 2>/dev/null || true ;; "COMPUTE_ENV") # FIXED: Validate state before deletion aws batch update-compute-environment --compute-environment "$resource_name" --state DISABLED 2>/dev/null || true wait_for_resource_state "COMPUTE_ENV" "$resource_name" "DISABLED" || true aws batch delete-compute-environment --compute-environment "$resource_name" 2>/dev/null || true ;; "IAM_ROLE") aws iam detach-role-policy --role-name "$resource_name" --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 2>/dev/null || true aws iam delete-role --role-name "$resource_name" 2>/dev/null || true ;; "FILE") rm -f "$resource_name" 2>/dev/null || true ;; esac done log "Cleanup completed" } # Main script execution main() { log "Starting AWS Batch Fargate tutorial script - Fixed Version" log "Log file: $LOG_FILE" # Get AWS account ID log "Getting AWS account ID..." ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) log "Account ID: $ACCOUNT_ID" # Get default VPC and subnets log "Getting default VPC and subnets..." DEFAULT_VPC=$(aws ec2 describe-vpcs \ --filters "Name=is-default,Values=true" \ --query 'Vpcs[0].VpcId' \ --output text) if [ "$DEFAULT_VPC" = "None" ] || [ "$DEFAULT_VPC" = "null" ]; then log "ERROR: No default VPC found. Please create a VPC first." exit 1 fi log "Default VPC: $DEFAULT_VPC" # Get subnets in the default VPC SUBNETS=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$DEFAULT_VPC" \ --query 'Subnets[*].SubnetId' \ --output text) if [ -z "$SUBNETS" ]; then log "ERROR: No subnets found in default VPC" exit 1 fi # Convert tab/space-separated subnets to JSON array format SUBNET_ARRAY=$(echo "$SUBNETS" | tr '\t ' '\n' | sed 's/^/"/;s/$/"/' | paste -sd ',' -) log "Subnets: $SUBNETS" log "Subnet array: [$SUBNET_ARRAY]" # Get default security group for the VPC DEFAULT_SG=$(aws ec2 describe-security-groups \ --filters "Name=vpc-id,Values=$DEFAULT_VPC" "Name=group-name,Values=default" \ --query 'SecurityGroups[0].GroupId' \ --output text) if [ "$DEFAULT_SG" = "None" ] || [ "$DEFAULT_SG" = "null" ]; then log "ERROR: No default security group found in VPC" exit 1 fi log "Default security group: $DEFAULT_SG" # Step 1: Create IAM execution role log "Step 1: Creating IAM execution role..." # Create trust policy document cat > "$TRUST_POLICY_FILE" << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF CREATED_RESOURCES+=("FILE:$TRUST_POLICY_FILE") # Create the role aws iam create-role \ --role-name "$ROLE_NAME" \ --assume-role-policy-document "file://$TRUST_POLICY_FILE" CREATED_RESOURCES+=("IAM_ROLE:$ROLE_NAME") # Attach policy aws iam attach-role-policy \ --role-name "$ROLE_NAME" \ --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" log "IAM role created: $ROLE_NAME" # FIXED: Wait for IAM role propagation log "Waiting for IAM role propagation (15 seconds)..." sleep 15 # Step 2: Create compute environment log "Step 2: Creating Fargate compute environment..." aws batch create-compute-environment \ --compute-environment-name "$COMPUTE_ENV_NAME" \ --type MANAGED \ --state ENABLED \ --compute-resources "{ \"type\": \"FARGATE\", \"maxvCpus\": 256, \"subnets\": [$SUBNET_ARRAY], \"securityGroupIds\": [\"$DEFAULT_SG\"] }" CREATED_RESOURCES+=("COMPUTE_ENV:$COMPUTE_ENV_NAME") # Wait for compute environment to be ready wait_for_compute_env "$COMPUTE_ENV_NAME" # Step 3: Create job queue log "Step 3: Creating job queue..." aws batch create-job-queue \ --job-queue-name "$JOB_QUEUE_NAME" \ --state ENABLED \ --priority 900 \ --compute-environment-order order=1,computeEnvironment="$COMPUTE_ENV_NAME" CREATED_RESOURCES+=("JOB_QUEUE:$JOB_QUEUE_NAME") # Wait for job queue to be ready wait_for_job_queue "$JOB_QUEUE_NAME" # Step 4: Create job definition log "Step 4: Creating job definition..." aws batch register-job-definition \ --job-definition-name "$JOB_DEF_NAME" \ --type container \ --platform-capabilities FARGATE \ --container-properties "{ \"image\": \"busybox\", \"resourceRequirements\": [ {\"type\": \"VCPU\", \"value\": \"0.25\"}, {\"type\": \"MEMORY\", \"value\": \"512\"} ], \"command\": [\"echo\", \"hello world\"], \"networkConfiguration\": { \"assignPublicIp\": \"ENABLED\" }, \"executionRoleArn\": \"arn:aws:iam::${ACCOUNT_ID}:role/${ROLE_NAME}\" }" log "Job definition created: $JOB_DEF_NAME" # Step 5: Submit job log "Step 5: Submitting job..." JOB_ID=$(aws batch submit-job \ --job-name "$JOB_NAME" \ --job-queue "$JOB_QUEUE_NAME" \ --job-definition "$JOB_DEF_NAME" \ --query 'jobId' \ --output text) log "Job submitted with ID: $JOB_ID" # Step 6: Wait for job completion and view output log "Step 6: Waiting for job completion..." wait_for_job "$JOB_ID" # Get log stream name log "Getting job logs..." LOG_STREAM=$(aws batch describe-jobs \ --jobs "$JOB_ID" \ --query 'jobs[0].attempts[0].taskProperties.containers[0].logStreamName' \ --output text) if [ "$LOG_STREAM" != "None" ] && [ "$LOG_STREAM" != "null" ]; then log "Log stream: $LOG_STREAM" log "Job output:" aws logs get-log-events \ --log-group-name "/aws/batch/job" \ --log-stream-name "$LOG_STREAM" \ --query 'events[*].message' \ --output text | tee -a "$LOG_FILE" else log "No log stream available for job" fi log "Tutorial completed successfully!" # Show created resources echo "" echo "===========================================" echo "CREATED RESOURCES" echo "===========================================" echo "The following resources were created:" for resource in "${CREATED_RESOURCES[@]}"; do echo " - $resource" done echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "$CLEANUP_CHOICE" =~ ^[Yy]$ ]]; then cleanup_resources log "All resources have been cleaned up" else log "Resources left intact. You can clean them up manually later." echo "To clean up manually, run the following commands:" echo "aws batch update-job-queue --job-queue $JOB_QUEUE_NAME --state DISABLED" echo "aws batch delete-job-queue --job-queue $JOB_QUEUE_NAME" echo "aws batch update-compute-environment --compute-environment $COMPUTE_ENV_NAME --state DISABLED" echo "aws batch delete-compute-environment --compute-environment $COMPUTE_ENV_NAME" echo "aws iam detach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" echo "aws iam delete-role --role-name $ROLE_NAME" fi } # Run main function main "$@" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateComputeEnvironment](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/CreateComputeEnvironment) + [CreateJobQueue](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/CreateJobQueue) + [DeleteComputeEnvironment](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/DeleteComputeEnvironment) + [DeleteJobQueue](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/DeleteJobQueue) + [DescribeComputeEnvironments](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/DescribeComputeEnvironments) + [DescribeJobQueues](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/DescribeJobQueues) + [DescribeJobs](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/DescribeJobs) + [RegisterJobDefinition](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/RegisterJobDefinition) + [SubmitJob](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/SubmitJob) + [UpdateComputeEnvironment](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/UpdateComputeEnvironment) + [UpdateJobQueue](https://docs.aws.amazon.com/goto/aws-cli/batch-2016-08-10/UpdateJobQueue) # AWS Cloud Map exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with AWS Cloud Map. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Cenários](#scenarios) ## Cenários ### Atributos personalizados do Cloud Map O exemplo de código a seguir mostra como: + Criar um namespace HTTP para descoberta de serviços baseada em API. + Criar uma tabela do DynamoDB e registrá-la como um serviço de dados com atributos personalizados. + Criar funções do Lambda para leitura e gravação de dados. + Registrar funções do Lambda como instâncias de serviço com atributos personalizados para descoberta baseada em ações. + Criar aplicações cliente que descubram serviços usando atributos personalizados. + Limpar todos os recursos, incluindo funções do Lambda, tabela do DynamoDB e serviços do Cloud Map. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/004-cloudmap-custom-attributes). ``` #!/bin/bash # AWS Cloud Map Tutorial Script # This script demonstrates how to use AWS Cloud Map for service discovery with custom attributes # Set up logging LOG_FILE="cloudmap-tutorial.log" echo "AWS Cloud Map Tutorial Script" > $LOG_FILE echo "Started at $(date)" >> $LOG_FILE # Array to track created resources for cleanup CREATED_RESOURCES=() # Function to log commands and their output log_cmd() { echo "$ $1" | tee -a $LOG_FILE eval "$1" | tee -a $LOG_FILE } # Function to handle errors handle_error() { local LINE=$1 echo "An error occurred at line $LINE" | tee -a $LOG_FILE echo "Resources created so far:" | tee -a $LOG_FILE for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" | tee -a $LOG_FILE done echo "Attempting to clean up resources..." | tee -a $LOG_FILE cleanup exit 1 } # Set up error handling trap 'handle_error $LINENO' ERR # Helper function to wait for Cloud Map operations to complete wait_for_operation() { local OPERATION_ID=$1 local TIMEOUT=300 # 5 minutes timeout local START_TIME=$(date +%s) while true; do local STATUS=$(aws servicediscovery get-operation --operation-id $OPERATION_ID --query 'Operation.Status' --output text) if [ "$STATUS" == "SUCCESS" ]; then echo "Operation completed successfully" | tee -a $LOG_FILE break elif [ "$STATUS" == "FAIL" ]; then echo "Operation failed" | tee -a $LOG_FILE return 1 fi local CURRENT_TIME=$(date +%s) if [ $((CURRENT_TIME - START_TIME)) -gt $TIMEOUT ]; then echo "Operation timed out" | tee -a $LOG_FILE return 1 fi sleep 5 done return 0 } # Function to clean up resources cleanup() { echo "Cleaning up resources..." | tee -a $LOG_FILE # Reverse the order of created resources for proper deletion for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" echo "Deleting $resource..." | tee -a $LOG_FILE if [[ $resource == "instance:"* ]]; then # Extract service ID and instance ID SERVICE_ID=$(echo $resource | cut -d':' -f2) INSTANCE_ID=$(echo $resource | cut -d':' -f3) # Check if instance exists before trying to deregister INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id $SERVICE_ID --query "Instances[?Id=='$INSTANCE_ID'].Id" --output text 2>/dev/null || echo "") if [[ -n "$INSTANCE_EXISTS" ]]; then OPERATION_ID=$(aws servicediscovery deregister-instance --service-id $SERVICE_ID --instance-id $INSTANCE_ID --query 'OperationId' --output text) # Wait for deregistration to complete echo "Waiting for instance deregistration to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID else echo "Instance $INSTANCE_ID already deregistered" | tee -a $LOG_FILE fi elif [[ $resource == "lambda:"* ]]; then # Extract function name FUNCTION_NAME=$(echo $resource | cut -d':' -f2) aws lambda delete-function --function-name $FUNCTION_NAME elif [[ $resource == "role:"* ]]; then # Extract role name ROLE_NAME=$(echo $resource | cut -d':' -f2) # Detach all policies first for POLICY_ARN in $(aws iam list-attached-role-policies --role-name $ROLE_NAME --query 'AttachedPolicies[*].PolicyArn' --output text); do aws iam detach-role-policy --role-name $ROLE_NAME --policy-arn $POLICY_ARN done # Delete the role aws iam delete-role --role-name $ROLE_NAME elif [[ $resource == "dynamodb:"* ]]; then # Extract table name TABLE_NAME=$(echo $resource | cut -d':' -f2) aws dynamodb delete-table --table-name $TABLE_NAME # Wait for table deletion to complete echo "Waiting for DynamoDB table deletion to complete..." | tee -a $LOG_FILE aws dynamodb wait table-not-exists --table-name $TABLE_NAME fi done # Handle services separately to ensure all instances are deregistered first for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" if [[ $resource == "service:"* ]]; then # Extract service ID SERVICE_ID=$(echo $resource | cut -d':' -f2) echo "Deleting service $SERVICE_ID..." | tee -a $LOG_FILE # Make sure all instances are deregistered INSTANCES=$(aws servicediscovery list-instances --service-id $SERVICE_ID --query 'Instances[*].Id' --output text) if [[ -n "$INSTANCES" ]]; then echo "Service still has instances. Waiting before deletion..." | tee -a $LOG_FILE sleep 10 fi # Try to delete the service aws servicediscovery delete-service --id $SERVICE_ID sleep 5 fi done # Handle namespaces last to ensure all services are deleted first for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)); do resource="${CREATED_RESOURCES[$i]}" if [[ $resource == "namespace:"* ]]; then # Extract namespace ID NAMESPACE_ID=$(echo $resource | cut -d':' -f2) echo "Deleting namespace $NAMESPACE_ID..." | tee -a $LOG_FILE # Check if namespace still has services SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].Id' --output text) if [[ -n "$SERVICES" ]]; then echo "Namespace still has services. Deleting them first..." | tee -a $LOG_FILE for SERVICE_ID in $SERVICES; do echo "Deleting service $SERVICE_ID..." | tee -a $LOG_FILE aws servicediscovery delete-service --id $SERVICE_ID done sleep 5 fi # Try to delete the namespace OPERATION_ID=$(aws servicediscovery delete-namespace --id $NAMESPACE_ID --query 'OperationId' --output text 2>/dev/null || echo "") if [[ -n "$OPERATION_ID" ]]; then echo "Waiting for namespace deletion to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID else echo "Failed to delete namespace or namespace already deleted" | tee -a $LOG_FILE fi fi done echo "Cleanup complete" | tee -a $LOG_FILE } # Step 1: Create an AWS Cloud Map namespace echo "Step 1: Creating AWS Cloud Map namespace..." | tee -a $LOG_FILE # Check if namespace already exists NAMESPACE_ID=$(aws servicediscovery list-namespaces --query "Namespaces[?Name=='cloudmap-tutorial'].Id" --output text) if [[ -z "$NAMESPACE_ID" || "$NAMESPACE_ID" == "None" ]]; then log_cmd "aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id namespace-request" OPERATION_ID=$(aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id namespace-request --query 'OperationId' --output text) # Wait for namespace creation to complete echo "Waiting for namespace creation to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID # Get the namespace ID NAMESPACE_ID=$(aws servicediscovery list-namespaces --query "Namespaces[?Name=='cloudmap-tutorial'].Id" --output text) echo "Namespace created with ID: $NAMESPACE_ID" | tee -a $LOG_FILE else echo "Namespace cloudmap-tutorial already exists with ID: $NAMESPACE_ID" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("namespace:$NAMESPACE_ID") # Step 2: Create a DynamoDB table echo "Step 2: Creating DynamoDB table..." | tee -a $LOG_FILE # Check if table already exists TABLE_EXISTS=$(aws dynamodb describe-table --table-name cloudmap 2>&1 || echo "NOT_EXISTS") if [[ $TABLE_EXISTS == *"ResourceNotFoundException"* || $TABLE_EXISTS == "NOT_EXISTS" ]]; then log_cmd "aws dynamodb create-table --table-name cloudmap --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --billing-mode PAY_PER_REQUEST" # Wait for DynamoDB table to become active echo "Waiting for DynamoDB table to become active..." | tee -a $LOG_FILE aws dynamodb wait table-exists --table-name cloudmap else echo "DynamoDB table cloudmap already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("dynamodb:cloudmap") # Step 3: Create an AWS Cloud Map data service echo "Step 3: Creating AWS Cloud Map data service..." | tee -a $LOG_FILE # Get all services in the namespace echo "Listing all services in namespace $NAMESPACE_ID..." | tee -a $LOG_FILE SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].[Id,Name]' --output text) echo "Services found: $SERVICES" | tee -a $LOG_FILE # Check if data service already exists DATA_SERVICE_ID="" while read -r id name || [[ -n "$id" ]]; do echo "Checking service: ID=$id, Name=$name" | tee -a $LOG_FILE if [[ "$name" == "data-service" ]]; then DATA_SERVICE_ID="$id" break fi done <<< "$SERVICES" if [[ -z "$DATA_SERVICE_ID" ]]; then echo "Data service does not exist, creating it..." | tee -a $LOG_FILE # Create the service and capture the ID directly echo "$ aws servicediscovery create-service --name data-service --namespace-id $NAMESPACE_ID --creator-request-id data-service-request" | tee -a $LOG_FILE CREATE_OUTPUT=$(aws servicediscovery create-service --name data-service --namespace-id $NAMESPACE_ID --creator-request-id data-service-request) echo "$CREATE_OUTPUT" | tee -a $LOG_FILE # Extract the service ID using AWS CLI query DATA_SERVICE_ID=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query "Services[?Name=='data-service'].Id" --output text) echo "Data service created with ID: $DATA_SERVICE_ID" | tee -a $LOG_FILE else echo "Data service already exists with ID: $DATA_SERVICE_ID" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("service:$DATA_SERVICE_ID") # Register DynamoDB table as a service instance echo "Registering DynamoDB table as a service instance..." | tee -a $LOG_FILE # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id $DATA_SERVICE_ID --query "Instances[?Id=='data-instance'].Id" --output text) if [[ -z "$INSTANCE_EXISTS" ]]; then log_cmd "aws servicediscovery register-instance --service-id $DATA_SERVICE_ID --instance-id data-instance --attributes tablename=cloudmap,region=$(aws configure get region)" OPERATION_ID=$(aws servicediscovery register-instance --service-id $DATA_SERVICE_ID --instance-id data-instance --attributes tablename=cloudmap,region=$(aws configure get region) --query 'OperationId' --output text) # Wait for instance registration to complete echo "Waiting for instance registration to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID else echo "Instance data-instance already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("instance:$DATA_SERVICE_ID:data-instance") # Step 4: Create an IAM role for Lambda echo "Step 4: Creating IAM role for Lambda..." | tee -a $LOG_FILE # Create a trust policy for Lambda cat > lambda-trust-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Check if role already exists echo "Checking if IAM role already exists..." | tee -a $LOG_FILE ROLE_EXISTS=$(aws iam get-role --role-name cloudmap-tutorial-role 2>&1 || echo "NOT_EXISTS") if [[ $ROLE_EXISTS == *"NoSuchEntity"* || $ROLE_EXISTS == "NOT_EXISTS" ]]; then log_cmd "aws iam create-role --role-name cloudmap-tutorial-role --assume-role-policy-document file://lambda-trust-policy.json" else echo "Role cloudmap-tutorial-role already exists, using existing role" | tee -a $LOG_FILE fi # FIXED: Create a custom policy with least privilege instead of using PowerUserAccess cat > cloudmap-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:*:*:table/cloudmap" }, { "Effect": "Allow", "Action": [ "servicediscovery:DiscoverInstances" ], "Resource": "*" } ] } EOF # Check if policy already exists POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='CloudMapTutorialPolicy'].Arn" --output text) if [[ -z "$POLICY_ARN" ]]; then echo "Creating CloudMapTutorialPolicy..." | tee -a $LOG_FILE echo "$ aws iam create-policy --policy-name CloudMapTutorialPolicy --policy-document file://cloudmap-policy.json" | tee -a $LOG_FILE CREATE_OUTPUT=$(aws iam create-policy --policy-name CloudMapTutorialPolicy --policy-document file://cloudmap-policy.json) echo "$CREATE_OUTPUT" | tee -a $LOG_FILE POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='CloudMapTutorialPolicy'].Arn" --output text) else echo "Policy CloudMapTutorialPolicy already exists with ARN: $POLICY_ARN" | tee -a $LOG_FILE fi echo "$ aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn $POLICY_ARN" | tee -a $LOG_FILE aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn $POLICY_ARN | tee -a $LOG_FILE echo "$ aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | tee -a $LOG_FILE aws iam attach-role-policy --role-name cloudmap-tutorial-role --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole | tee -a $LOG_FILE # Wait for role to propagate echo "Waiting for IAM role to propagate..." | tee -a $LOG_FILE sleep 10 ROLE_ARN=$(aws iam get-role --role-name cloudmap-tutorial-role --query 'Role.Arn' --output text) CREATED_RESOURCES+=("role:cloudmap-tutorial-role") # Step 5: Create an AWS Cloud Map app service echo "Step 5: Creating AWS Cloud Map app service..." | tee -a $LOG_FILE # Get all services in the namespace SERVICES=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query 'Services[*].[Id,Name]' --output text) # Check if app service already exists APP_SERVICE_ID="" while read -r id name || [[ -n "$id" ]]; do if [[ "$name" == "app-service" ]]; then APP_SERVICE_ID="$id" break fi done <<< "$SERVICES" if [[ -z "$APP_SERVICE_ID" ]]; then echo "App service does not exist, creating it..." | tee -a $LOG_FILE # Create the service and capture the ID directly echo "$ aws servicediscovery create-service --name app-service --namespace-id $NAMESPACE_ID --creator-request-id app-service-request" | tee -a $LOG_FILE CREATE_OUTPUT=$(aws servicediscovery create-service --name app-service --namespace-id $NAMESPACE_ID --creator-request-id app-service-request) echo "$CREATE_OUTPUT" | tee -a $LOG_FILE # Extract the service ID using AWS CLI query APP_SERVICE_ID=$(aws servicediscovery list-services --filters "Name=NAMESPACE_ID,Values=$NAMESPACE_ID,Condition=EQ" --query "Services[?Name=='app-service'].Id" --output text) echo "App service created with ID: $APP_SERVICE_ID" | tee -a $LOG_FILE else echo "App service already exists with ID: $APP_SERVICE_ID" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("service:$APP_SERVICE_ID") # Step 6: Create a Lambda function to write data echo "Step 6: Creating Lambda function to write data..." | tee -a $LOG_FILE # Create Lambda function code cat > writefunction.py << EOF import boto3 import json import random def lambda_handler(event, context): # Use AWS Cloud Map to discover the DynamoDB table serviceclient = boto3.client('servicediscovery') # Discover the data service instance response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='data-service' ) # Extract table name and region from the instance attributes tablename = response['Instances'][0]['Attributes']['tablename'] region = response['Instances'][0]['Attributes']['region'] # Create DynamoDB client in the specified region dynamodb = boto3.resource('dynamodb', region_name=region) table = dynamodb.Table(tablename) # Write data to the table table.put_item( Item={ 'id': str(random.randint(1,100)), 'todo': event } ) return { 'statusCode': 200, 'body': json.dumps('Data written successfully!') } EOF # Zip the function code log_cmd "zip writefunction.zip writefunction.py" # Create the Lambda function FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='writefunction'].FunctionName" --output text) if [[ -z "$FUNCTION_EXISTS" ]]; then log_cmd "aws lambda create-function --function-name writefunction --runtime python3.12 --role $ROLE_ARN --handler writefunction.lambda_handler --zip-file fileb://writefunction.zip --architectures x86_64" # Wait for the Lambda function to be active before updating echo "Waiting for Lambda function to become active..." | tee -a $LOG_FILE function_state="Pending" while [ "$function_state" == "Pending" ]; do sleep 5 function_state=$(aws lambda get-function --function-name writefunction --query 'Configuration.State' --output text) echo "Current function state: $function_state" | tee -a $LOG_FILE done # Update the function timeout log_cmd "aws lambda update-function-configuration --function-name writefunction --timeout 5" else echo "Lambda function writefunction already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("lambda:writefunction") # Step 7: Register the Lambda write function as an AWS Cloud Map service instance echo "Step 7: Registering Lambda write function as a service instance..." | tee -a $LOG_FILE # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id $APP_SERVICE_ID --query "Instances[?Id=='write-instance'].Id" --output text) if [[ -z "$INSTANCE_EXISTS" ]]; then log_cmd "aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id write-instance --attributes action=write,functionname=writefunction" OPERATION_ID=$(aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id write-instance --attributes action=write,functionname=writefunction --query 'OperationId' --output text) # Wait for instance registration to complete echo "Waiting for write instance registration to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID else echo "Instance write-instance already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("instance:$APP_SERVICE_ID:write-instance") # Step 8: Create a Lambda function to read data echo "Step 8: Creating Lambda function to read data..." | tee -a $LOG_FILE # Create Lambda function code cat > readfunction.py << EOF import boto3 import json def lambda_handler(event, context): # Use AWS Cloud Map to discover the DynamoDB table serviceclient = boto3.client('servicediscovery') # Discover the data service instance response = serviceclient.discover_instances( NamespaceName='cloudmap-tutorial', ServiceName='data-service' ) # Extract table name and region from the instance attributes tablename = response['Instances'][0]['Attributes']['tablename'] region = response['Instances'][0]['Attributes']['region'] # Create DynamoDB client in the specified region dynamodb = boto3.resource('dynamodb', region_name=region) table = dynamodb.Table(tablename) # Read data from the table response = table.scan() return { 'statusCode': 200, 'body': json.dumps(response['Items']) } EOF # Zip the function code log_cmd "zip readfunction.zip readfunction.py" # Create the Lambda function FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='readfunction'].FunctionName" --output text) if [[ -z "$FUNCTION_EXISTS" ]]; then log_cmd "aws lambda create-function --function-name readfunction --runtime python3.12 --role $ROLE_ARN --handler readfunction.lambda_handler --zip-file fileb://readfunction.zip --architectures x86_64" # Wait for the Lambda function to be active before updating echo "Waiting for Lambda function to become active..." | tee -a $LOG_FILE function_state="Pending" while [ "$function_state" == "Pending" ]; do sleep 5 function_state=$(aws lambda get-function --function-name readfunction --query 'Configuration.State' --output text) echo "Current function state: $function_state" | tee -a $LOG_FILE done # Update the function timeout log_cmd "aws lambda update-function-configuration --function-name readfunction --timeout 5" else echo "Lambda function readfunction already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("lambda:readfunction") # Step 9: Register the Lambda read function as an AWS Cloud Map service instance echo "Step 9: Registering Lambda read function as a service instance..." | tee -a $LOG_FILE # Check if instance already exists INSTANCE_EXISTS=$(aws servicediscovery list-instances --service-id $APP_SERVICE_ID --query "Instances[?Id=='read-instance'].Id" --output text) if [[ -z "$INSTANCE_EXISTS" ]]; then log_cmd "aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id read-instance --attributes action=read,functionname=readfunction" OPERATION_ID=$(aws servicediscovery register-instance --service-id $APP_SERVICE_ID --instance-id read-instance --attributes action=read,functionname=readfunction --query 'OperationId' --output text) # Wait for read instance registration to complete echo "Waiting for read instance registration to complete..." | tee -a $LOG_FILE wait_for_operation $OPERATION_ID else echo "Instance read-instance already exists" | tee -a $LOG_FILE fi CREATED_RESOURCES+=("instance:$APP_SERVICE_ID:read-instance") # Step 10: Create Python clients to interact with the services echo "Step 10: Creating Python clients..." | tee -a $LOG_FILE cat > writeclient.py << EOF import boto3 serviceclient = boto3.client('servicediscovery') response = serviceclient.discover_instances(NamespaceName='cloudmap-tutorial', ServiceName='app-service', QueryParameters={ 'action': 'write' }) functionname = response["Instances"][0]["Attributes"]["functionname"] lambdaclient = boto3.client('lambda') resp = lambdaclient.invoke(FunctionName=functionname, Payload='"This is a test data"') print(resp["Payload"].read()) EOF cat > readclient.py << EOF import boto3 serviceclient = boto3.client('servicediscovery') response = serviceclient.discover_instances(NamespaceName='cloudmap-tutorial', ServiceName='app-service', QueryParameters={ 'action': 'read' }) functionname = response["Instances"][0]["Attributes"]["functionname"] lambdaclient = boto3.client('lambda') resp = lambdaclient.invoke(FunctionName=functionname, InvocationType='RequestResponse') print(resp["Payload"].read()) EOF echo "Running write client..." | tee -a $LOG_FILE log_cmd "python3 writeclient.py" echo "Running read client..." | tee -a $LOG_FILE log_cmd "python3 readclient.py" # Step 11: Clean up resources echo "Resources created:" | tee -a $LOG_FILE for resource in "${CREATED_RESOURCES[@]}"; do echo "- $resource" | tee -a $LOG_FILE done echo "" | tee -a $LOG_FILE echo "==========================================" | tee -a $LOG_FILE echo "CLEANUP CONFIRMATION" | tee -a $LOG_FILE echo "==========================================" | tee -a $LOG_FILE echo "Do you want to clean up all created resources? (y/n): " | tee -a $LOG_FILE read -r CLEANUP_CONFIRM if [[ $CLEANUP_CONFIRM == "y" || $CLEANUP_CONFIRM == "Y" ]]; then cleanup else echo "Resources were not cleaned up. You can manually clean them up later." | tee -a $LOG_FILE fi echo "Script completed at $(date)" | tee -a $LOG_FILE ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateHttpNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateHttpNamespace) + [CreateService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateService) + [DeleteNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteNamespace) + [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteService) + [DeregisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeregisterInstance) + [GetOperation](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/GetOperation) + [ListNamespaces](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListNamespaces) + [ListServices](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListServices) + [RegisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/RegisterInstance) ### Descoberta de serviços do Cloud Map O exemplo de código a seguir mostra como: + Criar um namespace de DNS público com a integração de zona hospedada do Route 53. + Criar serviços detectáveis por meio de consultas ao DNS e chamadas de API. + Registrar instâncias de serviço com diferentes configurações de descoberta. + Descobrir serviços usando consultas ao DNS e a API do Cloud Map. + Verificar a descoberta de serviços usando o comando dig e chamadas de API. + Limpar os recursos na ordem correta (instâncias, serviços e namespace). **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/010-cloudmap-service-discovery). ``` #!/bin/bash # AWS Cloud Map Private Namespace Tutorial Script # This script demonstrates how to use AWS Cloud Map for service discovery # with DNS queries and API calls # Exit on error set -e # Configuration REGION="us-east-2" NAMESPACE_NAME="cloudmap-tutorial.com" LOG_FILE="cloudmap-tutorial.log" CREATOR_REQUEST_ID=$(date +%s) # Function to log messages log() { local message="$1" echo "$(date '+%Y-%m-%d %H:%M:%S') - $message" | tee -a "$LOG_FILE" } # Function to check operation status check_operation() { local operation_id="$1" local status="" log "Checking operation status for $operation_id..." while [[ "$status" != "SUCCESS" ]]; do sleep 5 status=$(aws servicediscovery get-operation \ --operation-id "$operation_id" \ --region "$REGION" \ --query "Operation.Status" \ --output text) log "Operation status: $status" if [[ "$status" == "FAIL" ]]; then log "Operation failed. Exiting." exit 1 fi done log "Operation completed successfully." } # Function to clean up resources cleanup() { log "Starting cleanup process..." if [[ -n "$FIRST_INSTANCE_ID" ]]; then log "Deregistering first service instance..." aws servicediscovery deregister-instance \ --service-id "$PUBLIC_SERVICE_ID" \ --instance-id "$FIRST_INSTANCE_ID" \ --region "$REGION" || log "Failed to deregister first instance" fi if [[ -n "$SECOND_INSTANCE_ID" ]]; then log "Deregistering second service instance..." aws servicediscovery deregister-instance \ --service-id "$BACKEND_SERVICE_ID" \ --instance-id "$SECOND_INSTANCE_ID" \ --region "$REGION" || log "Failed to deregister second instance" fi if [[ -n "$PUBLIC_SERVICE_ID" ]]; then log "Deleting public service..." aws servicediscovery delete-service \ --id "$PUBLIC_SERVICE_ID" \ --region "$REGION" || log "Failed to delete public service" fi if [[ -n "$BACKEND_SERVICE_ID" ]]; then log "Deleting backend service..." aws servicediscovery delete-service \ --id "$BACKEND_SERVICE_ID" \ --region "$REGION" || log "Failed to delete backend service" fi if [[ -n "$NAMESPACE_ID" ]]; then log "Deleting namespace..." aws servicediscovery delete-namespace \ --id "$NAMESPACE_ID" \ --region "$REGION" || log "Failed to delete namespace" fi log "Cleanup completed." } # Set up trap for cleanup on script exit trap cleanup EXIT INT TERM # Initialize log file > "$LOG_FILE" log "Starting AWS Cloud Map tutorial script" # Step 1: Create an AWS Cloud Map namespace log "Creating AWS Cloud Map namespace: $NAMESPACE_NAME" OPERATION_RESULT=$(aws servicediscovery create-public-dns-namespace \ --name "$NAMESPACE_NAME" \ --creator-request-id "cloudmap-tutorial-$CREATOR_REQUEST_ID" \ --region "$REGION") OPERATION_ID=$(echo "$OPERATION_RESULT" | jq -r '.OperationId') log "Namespace creation initiated. Operation ID: $OPERATION_ID" # Check operation status check_operation "$OPERATION_ID" # Get the namespace ID log "Getting namespace ID..." NAMESPACE_ID=$(aws servicediscovery list-namespaces \ --region "$REGION" \ --query "Namespaces[?Name=='$NAMESPACE_NAME'].Id" \ --output text) log "Namespace ID: $NAMESPACE_ID" # Get the hosted zone ID log "Getting Route 53 hosted zone ID..." HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name \ --dns-name "$NAMESPACE_NAME" \ --query "HostedZones[0].Id" \ --output text | sed 's|/hostedzone/||') log "Hosted Zone ID: $HOSTED_ZONE_ID" # Step 2: Create the AWS Cloud Map services log "Creating public service..." PUBLIC_SERVICE_RESULT=$(aws servicediscovery create-service \ --name "public-service" \ --namespace-id "$NAMESPACE_ID" \ --dns-config "RoutingPolicy=MULTIVALUE,DnsRecords=[{Type=A,TTL=300}]" \ --region "$REGION") PUBLIC_SERVICE_ID=$(echo "$PUBLIC_SERVICE_RESULT" | jq -r '.Service.Id') log "Public service created. Service ID: $PUBLIC_SERVICE_ID" log "Creating backend service..." BACKEND_SERVICE_RESULT=$(aws servicediscovery create-service \ --name "backend-service" \ --namespace-id "$NAMESPACE_ID" \ --type "HTTP" \ --region "$REGION") BACKEND_SERVICE_ID=$(echo "$BACKEND_SERVICE_RESULT" | jq -r '.Service.Id') log "Backend service created. Service ID: $BACKEND_SERVICE_ID" # Step 3: Register the AWS Cloud Map service instances log "Registering first service instance..." FIRST_INSTANCE_RESULT=$(aws servicediscovery register-instance \ --service-id "$PUBLIC_SERVICE_ID" \ --instance-id "first" \ --attributes "AWS_INSTANCE_IPV4=192.168.2.1" \ --region "$REGION") FIRST_INSTANCE_ID="first" FIRST_OPERATION_ID=$(echo "$FIRST_INSTANCE_RESULT" | jq -r '.OperationId') log "First instance registration initiated. Operation ID: $FIRST_OPERATION_ID" # Check operation status check_operation "$FIRST_OPERATION_ID" log "Registering second service instance..." SECOND_INSTANCE_RESULT=$(aws servicediscovery register-instance \ --service-id "$BACKEND_SERVICE_ID" \ --instance-id "second" \ --attributes "service-name=backend" \ --region "$REGION") SECOND_INSTANCE_ID="second" SECOND_OPERATION_ID=$(echo "$SECOND_INSTANCE_RESULT" | jq -r '.OperationId') log "Second instance registration initiated. Operation ID: $SECOND_OPERATION_ID" # Check operation status check_operation "$SECOND_OPERATION_ID" # Step 4: Discover the AWS Cloud Map service instances log "Getting Route 53 name servers..." NAME_SERVERS=$(aws route53 get-hosted-zone \ --id "$HOSTED_ZONE_ID" \ --query "DelegationSet.NameServers[0]" \ --output text) log "Name server: $NAME_SERVERS" log "Using dig to query DNS records (this will be simulated)..." log "Command: dig @$NAME_SERVERS public-service.$NAMESPACE_NAME" log "Expected output would show: public-service.$NAMESPACE_NAME. 300 IN A 192.168.2.1" log "Using AWS CLI to discover backend service instances..." DISCOVER_RESULT=$(aws servicediscovery discover-instances \ --namespace-name "$NAMESPACE_NAME" \ --service-name "backend-service" \ --region "$REGION") log "Discovery result: $(echo "$DISCOVER_RESULT" | jq -c '.')" # Display created resources log "Resources created:" log "- Namespace: $NAMESPACE_NAME (ID: $NAMESPACE_ID)" log "- Public Service: public-service (ID: $PUBLIC_SERVICE_ID)" log "- Backend Service: backend-service (ID: $BACKEND_SERVICE_ID)" log "- Service Instance: first (Service: public-service)" log "- Service Instance: second (Service: backend-service)" # Ask user if they want to clean up resources read -p "Do you want to clean up all created resources? (y/n): " CLEANUP_RESPONSE if [[ "$CLEANUP_RESPONSE" == "y" || "$CLEANUP_RESPONSE" == "Y" ]]; then log "User confirmed cleanup. Proceeding with resource deletion." # Cleanup function will be called automatically on exit else log "User chose not to clean up resources. Exiting without cleanup." trap - EXIT exit 0 fi ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreatePublicDnsNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreatePublicDnsNamespace) + [CreateService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/CreateService) + [DeleteNamespace](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteNamespace) + [DeleteService](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeleteService) + [DeregisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DeregisterInstance) + [DiscoverInstances](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/DiscoverInstances) + [GetOperation](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/GetOperation) + [ListNamespaces](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/ListNamespaces) + [RegisterInstance](https://docs.aws.amazon.com/goto/aws-cli/servicediscovery-2017-03-14/RegisterInstance) # CloudFront exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with CloudFront. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Cenários](#scenarios) ## Cenários ### Comece com CloudFront O código de exemplo abaixo mostra como: + Criar um bucket do Amazon S3 para armazenamento de conteúdo. + Fazer upload de um conteúdo de exemplo no bucket do S3. + Criar um controle de acesso à origem (OAC) para acesso seguro ao S3. + Crie uma CloudFront distribuição com o S3 como origem + Atualize a política de bucket do S3 para permitir o acesso CloudFront + Aguardar a implantação da distribuição e testar o acesso ao conteúdo. + Limpar os recursos, incluindo a distribuição, o OAC e o bucket S3. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/005-cloudfront-gettingstarted). ``` #!/bin/bash # CloudFront Getting Started Tutorial Script # This script creates an S3 bucket, uploads sample content, creates a CloudFront distribution with OAC, # and demonstrates how to access content through CloudFront. # Set up logging LOG_FILE="cloudfront-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting CloudFront Getting Started Tutorial at $(date)" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created before error:" if [ -n "$BUCKET_NAME" ]; then echo "- S3 Bucket: $BUCKET_NAME" fi if [ -n "$OAC_ID" ]; then echo "- CloudFront Origin Access Control: $OAC_ID" fi if [ -n "$DISTRIBUTION_ID" ]; then echo "- CloudFront Distribution: $DISTRIBUTION_ID" fi echo "Attempting to clean up resources..." cleanup exit 1 } # Function to clean up resources cleanup() { echo "Cleaning up resources..." if [ -n "$DISTRIBUTION_ID" ]; then echo "Disabling CloudFront distribution $DISTRIBUTION_ID..." # Get the current configuration and ETag ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) if [ $? -ne 0 ]; then echo "Failed to get distribution config. Continuing with cleanup..." else # Create a modified configuration with Enabled=false aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" | \ jq '.DistributionConfig.Enabled = false' > temp_disabled_config.json # Update the distribution to disable it aws cloudfront update-distribution \ --id "$DISTRIBUTION_ID" \ --distribution-config file://<(jq '.DistributionConfig' temp_disabled_config.json) \ --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to disable distribution. Continuing with cleanup..." else echo "Waiting for distribution to be disabled (this may take several minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" # Delete the distribution ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) aws cloudfront delete-distribution --id "$DISTRIBUTION_ID" --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to delete distribution. You may need to delete it manually." else echo "CloudFront distribution deleted." fi fi fi fi if [ -n "$OAC_ID" ]; then echo "Deleting Origin Access Control $OAC_ID..." OAC_ETAG=$(aws cloudfront get-origin-access-control --id "$OAC_ID" --query 'ETag' --output text 2>/dev/null) if [ $? -ne 0 ]; then echo "Failed to get Origin Access Control ETag. You may need to delete it manually." else aws cloudfront delete-origin-access-control --id "$OAC_ID" --if-match "$OAC_ETAG" if [ $? -ne 0 ]; then echo "Failed to delete Origin Access Control. You may need to delete it manually." else echo "Origin Access Control deleted." fi fi fi if [ -n "$BUCKET_NAME" ]; then echo "Deleting S3 bucket $BUCKET_NAME and its contents..." aws s3 rm "s3://$BUCKET_NAME" --recursive if [ $? -ne 0 ]; then echo "Failed to remove bucket contents. Continuing with bucket deletion..." fi aws s3 rb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then echo "Failed to delete bucket. You may need to delete it manually." else echo "S3 bucket deleted." fi fi # Clean up temporary files rm -f temp_disabled_config.json rm -rf temp_content } # Generate a random identifier for the bucket name RANDOM_ID=$(openssl rand -hex 6) BUCKET_NAME="cloudfront-${RANDOM_ID}" echo "Using bucket name: $BUCKET_NAME" # Create a temporary directory for content TEMP_DIR="temp_content" mkdir -p "$TEMP_DIR/css" if [ $? -ne 0 ]; then handle_error "Failed to create temporary directory" fi # Step 1: Create an S3 bucket echo "Creating S3 bucket: $BUCKET_NAME" aws s3 mb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then handle_error "Failed to create S3 bucket" fi # Step 2: Create sample content echo "Creating sample content..." cat > "$TEMP_DIR/index.html" << 'EOF' Hello World

Hello world!

EOF cat > "$TEMP_DIR/css/styles.css" << 'EOF' body { font-family: Arial, sans-serif; margin: 40px; background-color: #f5f5f5; } h1 { color: #333; text-align: center; } EOF # Step 3: Upload content to the S3 bucket echo "Uploading content to S3 bucket..." aws s3 cp "$TEMP_DIR/" "s3://$BUCKET_NAME/" --recursive if [ $? -ne 0 ]; then handle_error "Failed to upload content to S3 bucket" fi # Step 4: Create Origin Access Control echo "Creating Origin Access Control..." OAC_RESPONSE=$(aws cloudfront create-origin-access-control \ --origin-access-control-config Name="oac-for-$BUCKET_NAME",SigningProtocol=sigv4,SigningBehavior=always,OriginAccessControlOriginType=s3) if [ $? -ne 0 ]; then handle_error "Failed to create Origin Access Control" fi OAC_ID=$(echo "$OAC_RESPONSE" | jq -r '.OriginAccessControl.Id') echo "Created Origin Access Control with ID: $OAC_ID" # Step 5: Create CloudFront distribution echo "Creating CloudFront distribution..." # Get AWS account ID for bucket policy ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text) if [ $? -ne 0 ]; then handle_error "Failed to get AWS account ID" fi # Create distribution configuration cat > distribution-config.json << EOF { "CallerReference": "cli-tutorial-$(date +%s)", "Origins": { "Quantity": 1, "Items": [ { "Id": "S3-$BUCKET_NAME", "DomainName": "$BUCKET_NAME.s3.amazonaws.com", "S3OriginConfig": { "OriginAccessIdentity": "" }, "OriginAccessControlId": "$OAC_ID" } ] }, "DefaultCacheBehavior": { "TargetOriginId": "S3-$BUCKET_NAME", "ViewerProtocolPolicy": "redirect-to-https", "AllowedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"], "CachedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"] } }, "DefaultTTL": 86400, "MinTTL": 0, "MaxTTL": 31536000, "Compress": true, "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" } } }, "Comment": "CloudFront distribution for tutorial", "Enabled": true, "WebACLId": "" } EOF DIST_RESPONSE=$(aws cloudfront create-distribution --distribution-config file://distribution-config.json) if [ $? -ne 0 ]; then handle_error "Failed to create CloudFront distribution" fi DISTRIBUTION_ID=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.Id') DOMAIN_NAME=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.DomainName') echo "Created CloudFront distribution with ID: $DISTRIBUTION_ID" echo "CloudFront domain name: $DOMAIN_NAME" # Step 6: Update S3 bucket policy echo "Updating S3 bucket policy..." cat > bucket-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::$BUCKET_NAME/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::$ACCOUNT_ID:distribution/$DISTRIBUTION_ID" } } } ] } EOF aws s3api put-bucket-policy --bucket "$BUCKET_NAME" --policy file://bucket-policy.json if [ $? -ne 0 ]; then handle_error "Failed to update S3 bucket policy" fi # Step 7: Wait for distribution to deploy echo "Waiting for CloudFront distribution to deploy (this may take 5-10 minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" if [ $? -ne 0 ]; then echo "Warning: Distribution deployment wait timed out. The distribution may still be deploying." else echo "CloudFront distribution is now deployed." fi # Step 8: Display access information echo "" echo "===== CloudFront Distribution Setup Complete =====" echo "You can access your content at: https://$DOMAIN_NAME/index.html" echo "" echo "Resources created:" echo "- S3 Bucket: $BUCKET_NAME" echo "- CloudFront Origin Access Control: $OAC_ID" echo "- CloudFront Distribution: $DISTRIBUTION_ID" echo "" # Ask user if they want to clean up resources read -p "Do you want to clean up all resources created by this script? (y/n): " CLEANUP_RESPONSE if [[ "$CLEANUP_RESPONSE" =~ ^[Yy] ]]; then cleanup echo "All resources have been cleaned up." else echo "Resources will not be cleaned up. You can manually delete them later." echo "To access your content, visit: https://$DOMAIN_NAME/index.html" fi echo "Tutorial completed at $(date)" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateDistribution) + [CreateOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateOriginAccessControl) + [DeleteDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteDistribution) + [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteOriginAccessControl) + [GetDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistribution) + [GetDistributionConfig](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistributionConfig) + [GetOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetOriginAccessControl) + [UpdateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/UpdateDistribution) + [WaitDistributionDeployed](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/WaitDistributionDeployed) # Exemplos AWS CLI do DynamoDB usando o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash com o DynamoDB. As *noções básicas* são exemplos de código que mostram como realizar as operações essenciais em um serviço. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Conceitos básicos](#basics) + [Ações](#actions) + [Cenários](#scenarios) ## Conceitos básicos ### Conheça os conceitos básicos O exemplo de código a seguir mostra como: + Criar uma tabela que possa conter dados de filmes. + Colocar, obter e atualizar um único filme na tabela. + Gravar dados de filmes na tabela usando um arquivo JSON de exemplo. + Consultar filmes que foram lançados em determinado ano. + Verificar filmes que foram lançados em um intervalo de anos. + Excluir um filme da tabela e, depois, excluir a tabela. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). O cenário de conceitos básicos do DynamoDB. ``` ############################################################################### # function dynamodb_getting_started_movies # # Scenario to create an Amazon DynamoDB table and perform a series of operations on the table. # # Returns: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function dynamodb_getting_started_movies() { source ./dynamodb_operations.sh key_schema_json_file="dynamodb_key_schema.json" attribute_definitions_json_file="dynamodb_attr_def.json" item_json_file="movie_item.json" key_json_file="movie_key.json" batch_json_file="batch.json" attribute_names_json_file="attribute_names.json" attributes_values_json_file="attribute_values.json" echo_repeat "*" 88 echo echo "Welcome to the Amazon DynamoDB getting started demo." echo echo_repeat "*" 88 echo local table_name echo -n "Enter a name for a new DynamoDB table: " get_input table_name=$get_input_result echo '[ {"AttributeName": "year", "KeyType": "HASH"}, {"AttributeName": "title", "KeyType": "RANGE"} ]' >"$key_schema_json_file" echo '[ {"AttributeName": "year", "AttributeType": "N"}, {"AttributeName": "title", "AttributeType": "S"} ]' >"$attribute_definitions_json_file" if dynamodb_create_table -n "$table_name" -a "$attribute_definitions_json_file" \ -k "$key_schema_json_file" 1>/dev/null; then echo "Created a DynamoDB table named $table_name" else errecho "The table failed to create. This demo will exit." clean_up return 1 fi echo "Waiting for the table to become active...." if dynamodb_wait_table_active -n "$table_name"; then echo "The table is now active." else errecho "The table failed to become active. This demo will exit." cleanup "$table_name" return 1 fi echo echo_repeat "*" 88 echo echo -n "Enter the title of a movie you want to add to the table: " get_input local added_title added_title=$get_input_result local added_year get_int_input "What year was it released? " added_year=$get_input_result local rating get_float_input "On a scale of 1 - 10, how do you rate it? " "1" "10" rating=$get_input_result local plot echo -n "Summarize the plot for me: " get_input plot=$get_input_result echo '{ "year": {"N" :"'"$added_year"'"}, "title": {"S" : "'"$added_title"'"}, "info": {"M" : {"plot": {"S" : "'"$plot"'"}, "rating": {"N" :"'"$rating"'"} } } }' >"$item_json_file" if dynamodb_put_item -n "$table_name" -i "$item_json_file"; then echo "The movie '$added_title' was successfully added to the table '$table_name'." else errecho "Put item failed. This demo will exit." clean_up "$table_name" return 1 fi echo echo_repeat "*" 88 echo echo "Let's update your movie '$added_title'." get_float_input "You rated it $rating, what new rating would you give it? " "1" "10" rating=$get_input_result echo -n "You summarized the plot as '$plot'." echo "What would you say now? " get_input plot=$get_input_result echo '{ "year": {"N" :"'"$added_year"'"}, "title": {"S" : "'"$added_title"'"} }' >"$key_json_file" echo '{ ":r": {"N" :"'"$rating"'"}, ":p": {"S" : "'"$plot"'"} }' >"$item_json_file" local update_expression="SET info.rating = :r, info.plot = :p" if dynamodb_update_item -n "$table_name" -k "$key_json_file" -e "$update_expression" -v "$item_json_file"; then echo "Updated '$added_title' with new attributes." else errecho "Update item failed. This demo will exit." clean_up "$table_name" return 1 fi echo echo_repeat "*" 88 echo echo "We will now use batch write to upload 150 movie entries into the table." local batch_json for batch_json in movie_files/movies_*.json; do echo "{ \"$table_name\" : $(<"$batch_json") }" >"$batch_json_file" if dynamodb_batch_write_item -i "$batch_json_file" 1>/dev/null; then echo "Entries in $batch_json added to table." else errecho "Batch write failed. This demo will exit." clean_up "$table_name" return 1 fi done local title="The Lord of the Rings: The Fellowship of the Ring" local year="2001" if get_yes_no_input "Let's move on...do you want to get info about '$title'? (y/n) "; then echo '{ "year": {"N" :"'"$year"'"}, "title": {"S" : "'"$title"'"} }' >"$key_json_file" local info info=$(dynamodb_get_item -n "$table_name" -k "$key_json_file") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "Get item failed. This demo will exit." clean_up "$table_name" return 1 fi echo "Here is what I found:" echo "$info" fi local ask_for_year=true while [[ "$ask_for_year" == true ]]; do echo "Let's get a list of movies released in a given year." get_int_input "Enter a year between 1972 and 2018: " "1972" "2018" year=$get_input_result echo '{ "#n": "year" }' >"$attribute_names_json_file" echo '{ ":v": {"N" :"'"$year"'"} }' >"$attributes_values_json_file" response=$(dynamodb_query -n "$table_name" -k "#n=:v" -a "$attribute_names_json_file" -v "$attributes_values_json_file") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "Query table failed. This demo will exit." clean_up "$table_name" return 1 fi echo "Here is what I found:" echo "$response" if ! get_yes_no_input "Try another year? (y/n) "; then ask_for_year=false fi done echo "Now let's scan for movies released in a range of years. Enter a year: " get_int_input "Enter a year between 1972 and 2018: " "1972" "2018" local start=$get_input_result get_int_input "Enter another year: " "1972" "2018" local end=$get_input_result echo '{ "#n": "year" }' >"$attribute_names_json_file" echo '{ ":v1": {"N" : "'"$start"'"}, ":v2": {"N" : "'"$end"'"} }' >"$attributes_values_json_file" response=$(dynamodb_scan -n "$table_name" -f "#n BETWEEN :v1 AND :v2" -a "$attribute_names_json_file" -v "$attributes_values_json_file") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "Scan table failed. This demo will exit." clean_up "$table_name" return 1 fi echo "Here is what I found:" echo "$response" echo echo_repeat "*" 88 echo echo "Let's remove your movie '$added_title' from the table." if get_yes_no_input "Do you want to remove '$added_title'? (y/n) "; then echo '{ "year": {"N" :"'"$added_year"'"}, "title": {"S" : "'"$added_title"'"} }' >"$key_json_file" if ! dynamodb_delete_item -n "$table_name" -k "$key_json_file"; then errecho "Delete item failed. This demo will exit." clean_up "$table_name" return 1 fi fi if get_yes_no_input "Do you want to delete the table '$table_name'? (y/n) "; then if ! clean_up "$table_name"; then return 1 fi else if ! clean_up; then return 1 fi fi return 0 } ``` As funções do DynamoDB usadas nesse cenário. ``` ############################################################################### # function dynamodb_create_table # # This function creates an Amazon DynamoDB table. # # Parameters: # -n table_name -- The name of the table to create. # -a attribute_definitions -- JSON file path of a list of attributes and their types. # -k key_schema -- JSON file path of a list of attributes and their key types. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function dynamodb_create_table() { local table_name attribute_definitions key_schema response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_create_table" echo "Creates an Amazon DynamoDB table with on-demand billing." echo " -n table_name -- The name of the table to create." echo " -a attribute_definitions -- JSON file path of a list of attributes and their types." echo " -k key_schema -- JSON file path of a list of attributes and their key types." echo "" } # Retrieve the calling parameters. while getopts "n:a:k:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; a) attribute_definitions="${OPTARG}" ;; k) key_schema="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$attribute_definitions" ]]; then errecho "ERROR: You must provide an attribute definitions json file path the -a parameter." usage return 1 fi if [[ -z "$key_schema" ]]; then errecho "ERROR: You must provide a key schema json file path the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " attribute_definitions: $attribute_definitions" iecho " key_schema: $key_schema" iecho "" response=$(aws dynamodb create-table \ --table-name "$table_name" \ --attribute-definitions file://"$attribute_definitions" \ --billing-mode PAY_PER_REQUEST \ --key-schema file://"$key_schema" ) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-table operation failed.$response" return 1 fi return 0 } ############################################################################### # function dynamodb_describe_table # # This function returns the status of a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # # Response: # - TableStatus: # And: # 0 - Table is active. # 1 - If it fails. ############################################################################### function dynamodb_describe_table { local table_name local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_describe_table" echo "Describe the status of a DynamoDB table." echo " -n table_name -- The name of the table." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi local table_status table_status=$( aws dynamodb describe-table \ --table-name "$table_name" \ --output text \ --query 'Table.TableStatus' ) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log "$error_code" errecho "ERROR: AWS reports describe-table operation failed.$table_status" return 1 fi echo "$table_status" return 0 } ############################################################################## # function dynamodb_put_item # # This function puts an item into a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -i item -- Path to json file containing the item values. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################## function dynamodb_put_item() { local table_name item response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_put_item" echo "Put an item into a DynamoDB table." echo " -n table_name -- The name of the table." echo " -i item -- Path to json file containing the item values." echo "" } while getopts "n:i:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; i) item="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$item" ]]; then errecho "ERROR: You must provide an item with the -i parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " item: $item" iecho "" iecho "" response=$(aws dynamodb put-item \ --table-name "$table_name" \ --item file://"$item") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports put-item operation failed.$response" return 1 fi return 0 } ############################################################################## # function dynamodb_update_item # # This function updates an item in a DynamoDB table. # # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to update. # -e update expression -- An expression that defines one or more attributes to be updated. # -v values -- Path to json file containing the update values. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################# function dynamodb_update_item() { local table_name keys update_expression values response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_update_item" echo "Update an item in a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to update." echo " -e update expression -- An expression that defines one or more attributes to be updated." echo " -v values -- Path to json file containing the update values." echo "" } while getopts "n:k:e:v:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; e) update_expression="${OPTARG}" ;; v) values="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi if [[ -z "$update_expression" ]]; then errecho "ERROR: You must provide an update expression with the -e parameter." usage return 1 fi if [[ -z "$values" ]]; then errecho "ERROR: You must provide a values json file path the -v parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " keys: $keys" iecho " update_expression: $update_expression" iecho " values: $values" response=$(aws dynamodb update-item \ --table-name "$table_name" \ --key file://"$keys" \ --update-expression "$update_expression" \ --expression-attribute-values file://"$values") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports update-item operation failed.$response" return 1 fi return 0 } ############################################################################## # function dynamodb_batch_write_item # # This function writes a batch of items into a DynamoDB table. # # Parameters: # -i item -- Path to json file containing the items to write. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################ function dynamodb_batch_write_item() { local item response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_batch_write_item" echo "Write a batch of items into a DynamoDB table." echo " -i item -- Path to json file containing the items to write." echo "" } while getopts "i:h" option; do case "${option}" in i) item="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$item" ]]; then errecho "ERROR: You must provide an item with the -i parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " item: $item" iecho "" response=$(aws dynamodb batch-write-item \ --request-items file://"$item") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports batch-write-item operation failed.$response" return 1 fi return 0 } ############################################################################# # function dynamodb_get_item # # This function gets an item from a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to get. # [-q query] -- Optional JMESPath query expression. # # Returns: # The item as text output. # And: # 0 - If successful. # 1 - If it fails. ############################################################################ function dynamodb_get_item() { local table_name keys query response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_get_item" echo "Get an item from a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to get." echo " [-q query] -- Optional JMESPath query expression." echo "" } query="" while getopts "n:k:q:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; q) query="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi if [[ -n "$query" ]]; then response=$(aws dynamodb get-item \ --table-name "$table_name" \ --key file://"$keys" \ --output text \ --query "$query") else response=$( aws dynamodb get-item \ --table-name "$table_name" \ --key file://"$keys" \ --output text ) fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports get-item operation failed.$response" return 1 fi if [[ -n "$query" ]]; then echo "$response" | sed "/^\t/s/\t//1" # Remove initial tab that the JMSEPath query inserts on some strings. else echo "$response" fi return 0 } ############################################################################# # function dynamodb_query # # This function queries a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k key_condition_expression -- The key condition expression. # -a attribute_names -- Path to JSON file containing the attribute names. # -v attribute_values -- Path to JSON file containing the attribute values. # [-p projection_expression] -- Optional projection expression. # # Returns: # The items as json output. # And: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_query() { local table_name key_condition_expression attribute_names attribute_values projection_expression response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_query" echo "Query a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k key_condition_expression -- The key condition expression." echo " -a attribute_names -- Path to JSON file containing the attribute names." echo " -v attribute_values -- Path to JSON file containing the attribute values." echo " [-p projection_expression] -- Optional projection expression." echo "" } while getopts "n:k:a:v:p:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) key_condition_expression="${OPTARG}" ;; a) attribute_names="${OPTARG}" ;; v) attribute_values="${OPTARG}" ;; p) projection_expression="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$key_condition_expression" ]]; then errecho "ERROR: You must provide a key condition expression with the -k parameter." usage return 1 fi if [[ -z "$attribute_names" ]]; then errecho "ERROR: You must provide a attribute names with the -a parameter." usage return 1 fi if [[ -z "$attribute_values" ]]; then errecho "ERROR: You must provide a attribute values with the -v parameter." usage return 1 fi if [[ -z "$projection_expression" ]]; then response=$(aws dynamodb query \ --table-name "$table_name" \ --key-condition-expression "$key_condition_expression" \ --expression-attribute-names file://"$attribute_names" \ --expression-attribute-values file://"$attribute_values") else response=$(aws dynamodb query \ --table-name "$table_name" \ --key-condition-expression "$key_condition_expression" \ --expression-attribute-names file://"$attribute_names" \ --expression-attribute-values file://"$attribute_values" \ --projection-expression "$projection_expression") fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports query operation failed.$response" return 1 fi echo "$response" return 0 } ############################################################################# # function dynamodb_scan # # This function scans a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -f filter_expression -- The filter expression. # -a expression_attribute_names -- Path to JSON file containing the expression attribute names. # -v expression_attribute_values -- Path to JSON file containing the expression attribute values. # [-p projection_expression] -- Optional projection expression. # # Returns: # The items as json output. # And: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_scan() { local table_name filter_expression expression_attribute_names expression_attribute_values projection_expression response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_scan" echo "Scan a DynamoDB table." echo " -n table_name -- The name of the table." echo " -f filter_expression -- The filter expression." echo " -a expression_attribute_names -- Path to JSON file containing the expression attribute names." echo " -v expression_attribute_values -- Path to JSON file containing the expression attribute values." echo " [-p projection_expression] -- Optional projection expression." echo "" } while getopts "n:f:a:v:p:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; f) filter_expression="${OPTARG}" ;; a) expression_attribute_names="${OPTARG}" ;; v) expression_attribute_values="${OPTARG}" ;; p) projection_expression="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$filter_expression" ]]; then errecho "ERROR: You must provide a filter expression with the -f parameter." usage return 1 fi if [[ -z "$expression_attribute_names" ]]; then errecho "ERROR: You must provide expression attribute names with the -a parameter." usage return 1 fi if [[ -z "$expression_attribute_values" ]]; then errecho "ERROR: You must provide expression attribute values with the -v parameter." usage return 1 fi if [[ -z "$projection_expression" ]]; then response=$(aws dynamodb scan \ --table-name "$table_name" \ --filter-expression "$filter_expression" \ --expression-attribute-names file://"$expression_attribute_names" \ --expression-attribute-values file://"$expression_attribute_values") else response=$(aws dynamodb scan \ --table-name "$table_name" \ --filter-expression "$filter_expression" \ --expression-attribute-names file://"$expression_attribute_names" \ --expression-attribute-values file://"$expression_attribute_values" \ --projection-expression "$projection_expression") fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports scan operation failed.$response" return 1 fi echo "$response" return 0 } ############################################################################## # function dynamodb_delete_item # # This function deletes an item from a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_delete_item() { local table_name keys response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_delete_item" echo "Delete an item from a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to delete." echo "" } while getopts "n:k:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " keys: $keys" iecho "" response=$(aws dynamodb delete-item \ --table-name "$table_name" \ --key file://"$keys") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-item operation failed.$response" return 1 fi return 0 } ############################################################################### # function dynamodb_delete_table # # This function deletes a DynamoDB table. # # Parameters: # -n table_name -- The name of the table to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function dynamodb_delete_table() { local table_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function dynamodb_delete_table" echo "Deletes an Amazon DynamoDB table." echo " -n table_name -- The name of the table to delete." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho "" response=$(aws dynamodb delete-table \ --table-name "$table_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-table operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas nesse cenário. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [BatchWriteItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/BatchWriteItem) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DeleteItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteItem) + [DeleteTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [GetItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/GetItem) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [Query](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Query) + [Scan](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Scan) + [UpdateItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateItem) ## Ações ### `BatchGetItem` O código de exemplo a seguir mostra como usar `BatchGetItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################# # function dynamodb_batch_get_item # # This function gets a batch of items from a DynamoDB table. # # Parameters: # -i item -- Path to json file containing the keys of the items to get. # # Returns: # The items as json output. # And: # 0 - If successful. # 1 - If it fails. ########################################################################## function dynamodb_batch_get_item() { local item response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_batch_get_item" echo "Get a batch of items from a DynamoDB table." echo " -i item -- Path to json file containing the keys of the items to get." echo "" } while getopts "i:h" option; do case "${option}" in i) item="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$item" ]]; then errecho "ERROR: You must provide an item with the -i parameter." usage return 1 fi response=$(aws dynamodb batch-get-item \ --request-items file://"$item") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports batch-get-item operation failed.$response" return 1 fi echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [BatchGetItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/BatchGetItem)em *Referência de AWS CLI Comandos*. ### `BatchWriteItem` O código de exemplo a seguir mostra como usar `BatchWriteItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################## # function dynamodb_batch_write_item # # This function writes a batch of items into a DynamoDB table. # # Parameters: # -i item -- Path to json file containing the items to write. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################ function dynamodb_batch_write_item() { local item response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_batch_write_item" echo "Write a batch of items into a DynamoDB table." echo " -i item -- Path to json file containing the items to write." echo "" } while getopts "i:h" option; do case "${option}" in i) item="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$item" ]]; then errecho "ERROR: You must provide an item with the -i parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " item: $item" iecho "" response=$(aws dynamodb batch-write-item \ --request-items file://"$item") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports batch-write-item operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [BatchWriteItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/BatchWriteItem)em *Referência de AWS CLI Comandos*. ### `CreateTable` O código de exemplo a seguir mostra como usar `CreateTable`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################### # function dynamodb_create_table # # This function creates an Amazon DynamoDB table. # # Parameters: # -n table_name -- The name of the table to create. # -a attribute_definitions -- JSON file path of a list of attributes and their types. # -k key_schema -- JSON file path of a list of attributes and their key types. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function dynamodb_create_table() { local table_name attribute_definitions key_schema response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_create_table" echo "Creates an Amazon DynamoDB table with on-demand billing." echo " -n table_name -- The name of the table to create." echo " -a attribute_definitions -- JSON file path of a list of attributes and their types." echo " -k key_schema -- JSON file path of a list of attributes and their key types." echo "" } # Retrieve the calling parameters. while getopts "n:a:k:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; a) attribute_definitions="${OPTARG}" ;; k) key_schema="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$attribute_definitions" ]]; then errecho "ERROR: You must provide an attribute definitions json file path the -a parameter." usage return 1 fi if [[ -z "$key_schema" ]]; then errecho "ERROR: You must provide a key schema json file path the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " attribute_definitions: $attribute_definitions" iecho " key_schema: $key_schema" iecho "" response=$(aws dynamodb create-table \ --table-name "$table_name" \ --attribute-definitions file://"$attribute_definitions" \ --billing-mode PAY_PER_REQUEST \ --key-schema file://"$key_schema" ) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-table operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable)em *Referência de AWS CLI Comandos*. ### `DeleteItem` O código de exemplo a seguir mostra como usar `DeleteItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################## # function dynamodb_delete_item # # This function deletes an item from a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_delete_item() { local table_name keys response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_delete_item" echo "Delete an item from a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to delete." echo "" } while getopts "n:k:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " keys: $keys" iecho "" response=$(aws dynamodb delete-item \ --table-name "$table_name" \ --key file://"$keys") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-item operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DeleteItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteItem)em *Referência de AWS CLI Comandos*. ### `DeleteTable` O código de exemplo a seguir mostra como usar `DeleteTable`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################### # function dynamodb_delete_table # # This function deletes a DynamoDB table. # # Parameters: # -n table_name -- The name of the table to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function dynamodb_delete_table() { local table_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function dynamodb_delete_table" echo "Deletes an Amazon DynamoDB table." echo " -n table_name -- The name of the table to delete." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho "" response=$(aws dynamodb delete-table \ --table-name "$table_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-table operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DeleteTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteTable)em *Referência de AWS CLI Comandos*. ### `DescribeTable` O código de exemplo a seguir mostra como usar `DescribeTable`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################### # function dynamodb_describe_table # # This function returns the status of a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # # Response: # - TableStatus: # And: # 0 - Table is active. # 1 - If it fails. ############################################################################### function dynamodb_describe_table { local table_name local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_describe_table" echo "Describe the status of a DynamoDB table." echo " -n table_name -- The name of the table." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi local table_status table_status=$( aws dynamodb describe-table \ --table-name "$table_name" \ --output text \ --query 'Table.TableStatus' ) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log "$error_code" errecho "ERROR: AWS reports describe-table operation failed.$table_status" return 1 fi echo "$table_status" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable)em *Referência de AWS CLI Comandos*. ### `GetItem` O código de exemplo a seguir mostra como usar `GetItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################# # function dynamodb_get_item # # This function gets an item from a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to get. # [-q query] -- Optional JMESPath query expression. # # Returns: # The item as text output. # And: # 0 - If successful. # 1 - If it fails. ############################################################################ function dynamodb_get_item() { local table_name keys query response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_get_item" echo "Get an item from a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to get." echo " [-q query] -- Optional JMESPath query expression." echo "" } query="" while getopts "n:k:q:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; q) query="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi if [[ -n "$query" ]]; then response=$(aws dynamodb get-item \ --table-name "$table_name" \ --key file://"$keys" \ --output text \ --query "$query") else response=$( aws dynamodb get-item \ --table-name "$table_name" \ --key file://"$keys" \ --output text ) fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports get-item operation failed.$response" return 1 fi if [[ -n "$query" ]]; then echo "$response" | sed "/^\t/s/\t//1" # Remove initial tab that the JMSEPath query inserts on some strings. else echo "$response" fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [GetItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/GetItem)em *Referência de AWS CLI Comandos*. ### `ListTables` O código de exemplo a seguir mostra como usar `ListTables`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################## # function dynamodb_list_tables # # This function lists all the tables in a DynamoDB. # # Returns: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_list_tables() { response=$(aws dynamodb list-tables \ --output text \ --query "TableNames") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports batch-write-item operation failed.$response" return 1 fi echo "$response" | tr -s "[:space:]" "\n" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [ListTables](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/ListTables)em *Referência de AWS CLI Comandos*. ### `PutItem` O código de exemplo a seguir mostra como usar `PutItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################## # function dynamodb_put_item # # This function puts an item into a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -i item -- Path to json file containing the item values. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################## function dynamodb_put_item() { local table_name item response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_put_item" echo "Put an item into a DynamoDB table." echo " -n table_name -- The name of the table." echo " -i item -- Path to json file containing the item values." echo "" } while getopts "n:i:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; i) item="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$item" ]]; then errecho "ERROR: You must provide an item with the -i parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " item: $item" iecho "" iecho "" response=$(aws dynamodb put-item \ --table-name "$table_name" \ --item file://"$item") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports put-item operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem)em *Referência de AWS CLI Comandos*. ### `Query` O código de exemplo a seguir mostra como usar `Query`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################# # function dynamodb_query # # This function queries a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -k key_condition_expression -- The key condition expression. # -a attribute_names -- Path to JSON file containing the attribute names. # -v attribute_values -- Path to JSON file containing the attribute values. # [-p projection_expression] -- Optional projection expression. # # Returns: # The items as json output. # And: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_query() { local table_name key_condition_expression attribute_names attribute_values projection_expression response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_query" echo "Query a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k key_condition_expression -- The key condition expression." echo " -a attribute_names -- Path to JSON file containing the attribute names." echo " -v attribute_values -- Path to JSON file containing the attribute values." echo " [-p projection_expression] -- Optional projection expression." echo "" } while getopts "n:k:a:v:p:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) key_condition_expression="${OPTARG}" ;; a) attribute_names="${OPTARG}" ;; v) attribute_values="${OPTARG}" ;; p) projection_expression="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$key_condition_expression" ]]; then errecho "ERROR: You must provide a key condition expression with the -k parameter." usage return 1 fi if [[ -z "$attribute_names" ]]; then errecho "ERROR: You must provide a attribute names with the -a parameter." usage return 1 fi if [[ -z "$attribute_values" ]]; then errecho "ERROR: You must provide a attribute values with the -v parameter." usage return 1 fi if [[ -z "$projection_expression" ]]; then response=$(aws dynamodb query \ --table-name "$table_name" \ --key-condition-expression "$key_condition_expression" \ --expression-attribute-names file://"$attribute_names" \ --expression-attribute-values file://"$attribute_values") else response=$(aws dynamodb query \ --table-name "$table_name" \ --key-condition-expression "$key_condition_expression" \ --expression-attribute-names file://"$attribute_names" \ --expression-attribute-values file://"$attribute_values" \ --projection-expression "$projection_expression") fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports query operation failed.$response" return 1 fi echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Consulte detalhes da API em [Query](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Query) na *Referência de comandos da AWS CLI *. ### `Scan` O código de exemplo a seguir mostra como usar `Scan`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################# # function dynamodb_scan # # This function scans a DynamoDB table. # # Parameters: # -n table_name -- The name of the table. # -f filter_expression -- The filter expression. # -a expression_attribute_names -- Path to JSON file containing the expression attribute names. # -v expression_attribute_values -- Path to JSON file containing the expression attribute values. # [-p projection_expression] -- Optional projection expression. # # Returns: # The items as json output. # And: # 0 - If successful. # 1 - If it fails. ########################################################################### function dynamodb_scan() { local table_name filter_expression expression_attribute_names expression_attribute_values projection_expression response local option OPTARG # Required to use getopts command in a function. # ###################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_scan" echo "Scan a DynamoDB table." echo " -n table_name -- The name of the table." echo " -f filter_expression -- The filter expression." echo " -a expression_attribute_names -- Path to JSON file containing the expression attribute names." echo " -v expression_attribute_values -- Path to JSON file containing the expression attribute values." echo " [-p projection_expression] -- Optional projection expression." echo "" } while getopts "n:f:a:v:p:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; f) filter_expression="${OPTARG}" ;; a) expression_attribute_names="${OPTARG}" ;; v) expression_attribute_values="${OPTARG}" ;; p) projection_expression="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$filter_expression" ]]; then errecho "ERROR: You must provide a filter expression with the -f parameter." usage return 1 fi if [[ -z "$expression_attribute_names" ]]; then errecho "ERROR: You must provide expression attribute names with the -a parameter." usage return 1 fi if [[ -z "$expression_attribute_values" ]]; then errecho "ERROR: You must provide expression attribute values with the -v parameter." usage return 1 fi if [[ -z "$projection_expression" ]]; then response=$(aws dynamodb scan \ --table-name "$table_name" \ --filter-expression "$filter_expression" \ --expression-attribute-names file://"$expression_attribute_names" \ --expression-attribute-values file://"$expression_attribute_values") else response=$(aws dynamodb scan \ --table-name "$table_name" \ --filter-expression "$filter_expression" \ --expression-attribute-names file://"$expression_attribute_names" \ --expression-attribute-values file://"$expression_attribute_values" \ --projection-expression "$projection_expression") fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports scan operation failed.$response" return 1 fi echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Consulte detalhes da API em [Scan](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Scan) na *Referência de comandos da AWS CLI *. ### `UpdateItem` O código de exemplo a seguir mostra como usar `UpdateItem`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/dynamodb#code-examples). ``` ############################################################################## # function dynamodb_update_item # # This function updates an item in a DynamoDB table. # # # Parameters: # -n table_name -- The name of the table. # -k keys -- Path to json file containing the keys that identify the item to update. # -e update expression -- An expression that defines one or more attributes to be updated. # -v values -- Path to json file containing the update values. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################# function dynamodb_update_item() { local table_name keys update_expression values response local option OPTARG # Required to use getopts command in a function. ####################################### # Function usage explanation ####################################### function usage() { echo "function dynamodb_update_item" echo "Update an item in a DynamoDB table." echo " -n table_name -- The name of the table." echo " -k keys -- Path to json file containing the keys that identify the item to update." echo " -e update expression -- An expression that defines one or more attributes to be updated." echo " -v values -- Path to json file containing the update values." echo "" } while getopts "n:k:e:v:h" option; do case "${option}" in n) table_name="${OPTARG}" ;; k) keys="${OPTARG}" ;; e) update_expression="${OPTARG}" ;; v) values="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$table_name" ]]; then errecho "ERROR: You must provide a table name with the -n parameter." usage return 1 fi if [[ -z "$keys" ]]; then errecho "ERROR: You must provide a keys json file path the -k parameter." usage return 1 fi if [[ -z "$update_expression" ]]; then errecho "ERROR: You must provide an update expression with the -e parameter." usage return 1 fi if [[ -z "$values" ]]; then errecho "ERROR: You must provide a values json file path the -v parameter." usage return 1 fi iecho "Parameters:\n" iecho " table_name: $table_name" iecho " keys: $keys" iecho " update_expression: $update_expression" iecho " values: $values" response=$(aws dynamodb update-item \ --table-name "$table_name" \ --key file://"$keys" \ --update-expression "$update_expression" \ --expression-attribute-values file://"$values") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports update-item operation failed.$response" return 1 fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # See https://docs.aws.amazon.com/cli/latest/topic/return-codes.html#cli-aws-help-return-codes. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [UpdateItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateItem)em *Referência de AWS CLI Comandos*. ## Cenários ### Cenários avançados do índice secundário global O exemplo de código a seguir mostra como trabalhar com configurações de índice secundário global (GSI). + Crie uma tabela com vários GSIs. + Crie uma tabela com capacidade e GSI sob demanda. + Coloque os itens em uma tabela com vários GSIs. + Consulte várias GSIs com condições diferentes. **AWS CLI com script Bash** Crie uma tabela com vários GSIs. ``` # Create a table with multiple GSIs aws dynamodb create-table \ --table-name MusicLibrary \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ AttributeName=AlbumTitle,AttributeType=S \ AttributeName=Genre,AttributeType=S \ AttributeName=Year,AttributeType=N \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST \ --global-secondary-indexes \ "[ { \"IndexName\": \"AlbumIndex\", \"KeySchema\": [{\"AttributeName\":\"AlbumTitle\",\"KeyType\":\"HASH\"}], \"Projection\": {\"ProjectionType\":\"ALL\"} }, { \"IndexName\": \"GenreYearIndex\", \"KeySchema\": [ {\"AttributeName\":\"Genre\",\"KeyType\":\"HASH\"}, {\"AttributeName\":\"Year\",\"KeyType\":\"RANGE\"} ], \"Projection\": {\"ProjectionType\":\"INCLUDE\",\"NonKeyAttributes\":[\"Artist\",\"SongTitle\"]} } ]" ``` Crie uma tabela com capacidade e GSI sob demanda. ``` # Create a table with on-demand capacity and GSI aws dynamodb create-table \ --table-name MusicOnDemand \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ AttributeName=Genre,AttributeType=S \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST \ --global-secondary-indexes \ "[ { \"IndexName\": \"GenreIndex\", \"KeySchema\": [{\"AttributeName\":\"Genre\",\"KeyType\":\"HASH\"}], \"Projection\": {\"ProjectionType\":\"ALL\"} } ]" ``` Coloque os itens em uma tabela com vários GSIs. ``` # Add items to MusicLibrary table aws dynamodb put-item \ --table-name MusicLibrary \ --item '{ "Artist": {"S": "The Beatles"}, "SongTitle": {"S": "Hey Jude"}, "AlbumTitle": {"S": "Past Masters"}, "Genre": {"S": "Rock"}, "Year": {"N": "1968"} }' aws dynamodb put-item \ --table-name MusicLibrary \ --item '{ "Artist": {"S": "Miles Davis"}, "SongTitle": {"S": "So What"}, "AlbumTitle": {"S": "Kind of Blue"}, "Genre": {"S": "Jazz"}, "Year": {"N": "1959"} }' ``` Consulte itens de uma tabela com vários GSIs. ``` # Query the AlbumIndex GSI echo "Querying AlbumIndex GSI:" aws dynamodb query \ --table-name MusicLibrary \ --index-name AlbumIndex \ --key-condition-expression "AlbumTitle = :album" \ --expression-attribute-values '{":album":{"S":"Kind of Blue"}}' # Query the GenreYearIndex GSI with a range condition echo "Querying GenreYearIndex GSI with range condition:" aws dynamodb query \ --table-name MusicLibrary \ --index-name GenreYearIndex \ --key-condition-expression "Genre = :genre AND #yr > :year" \ --expression-attribute-names '{"#yr": "Year"}' \ --expression-attribute-values '{":genre":{"S":"Rock"},":year":{"N":"1965"}}' ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [Consulta](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Query) ### Criar e gerenciar tabelas globais com MRSC O exemplo de código a seguir mostra como criar e gerenciar tabelas globais do DynamoDB com consistência forte multirregional (MRSC). + Crie uma tabela com consistência forte multirregional. + Verifique a configuração de MRSC e o status da réplica. + Teste a consistência forte entre regiões com leituras imediatas. + Faça gravações condicionais com garantia de MRSC. + Limpe os recursos da tabela global com MRSC. **AWS CLI com script Bash** Crie uma tabela com consistência forte multirregional. ``` # Step 1: Create a new table in us-east-2 (primary region for MRSC) # Note: Table must be empty when enabling MRSC aws dynamodb create-table \ --table-name MusicTable \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST \ --region us-east-2 # Wait for table to become active aws dynamodb wait table-exists --table-name MusicTable --region us-east-2 # Step 2: Add replica and witness with Multi-Region Strong Consistency # MRSC requires exactly three replicas in supported regions aws dynamodb update-table \ --table-name MusicTable \ --replica-updates '[{"Create": {"RegionName": "us-east-1"}}]' \ --global-table-witness-updates '[{"Create": {"RegionName": "us-west-2"}}]' \ --multi-region-consistency STRONG \ --region us-east-2 ``` Verifique a configuração de MRSC e o status da réplica. ``` # Verify the global table configuration and MRSC setting aws dynamodb describe-table \ --table-name MusicTable \ --region us-east-2 \ --query 'Table.{TableName:TableName,TableStatus:TableStatus,MultiRegionConsistency:MultiRegionConsistency,Replicas:Replicas[*],GlobalTableWitnesses:GlobalTableWitnesses[*].{Region:RegionName,Status:ReplicaStatus}}' ``` Teste a consistência forte com leituras imediatas entre regiões. ``` # Write an item to the primary region aws dynamodb put-item \ --table-name MusicTable \ --item '{"Artist": {"S":"The Beatles"},"SongTitle": {"S":"Hey Jude"},"Album": {"S":"The Beatles 1967-1970"},"Year": {"N":"1968"}}' \ --region us-east-2 # Read the item from replica region to verify strong consistency (cannot read or write to witness) # No wait time needed - MRSC provides immediate consistency echo "Reading from us-east-1 (immediate consistency):" aws dynamodb get-item \ --table-name MusicTable \ --key '{"Artist": {"S":"The Beatles"},"SongTitle": {"S":"Hey Jude"}}' \ --consistent-read \ --region us-east-1 ``` Faça gravações condicionais com garantia de MRSC. ``` # Perform a conditional update from a different region # This demonstrates that conditions work consistently across all regions aws dynamodb update-item \ --table-name MusicTable \ --key '{"Artist": {"S":"The Beatles"},"SongTitle": {"S":"Hey Jude"}}' \ --update-expression "SET #rating = :rating" \ --condition-expression "attribute_exists(Artist)" \ --expression-attribute-names '{"#rating": "Rating"}' \ --expression-attribute-values '{":rating": {"N":"5"}}' \ --region us-east-1 ``` Limpe os recursos da tabela global com MRSC. ``` # Remove replica tables (must be done before deleting the primary table) aws dynamodb update-table \ --table-name MusicTable \ --replica-updates '[{"Delete": {"RegionName": "us-east-1"}}]' \ --global-table-witness-updates '[{"Delete": {"RegionName": "us-west-2"}}]' \ --region us-east-2 # Wait for replicas to be deleted echo "Waiting for replicas to be deleted..." sleep 30 # Delete the primary table aws dynamodb delete-table \ --table-name MusicTable \ --region us-east-2 ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DeleteTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [GetItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/GetItem) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [UpdateItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateItem) + [UpdateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTable) ### Gerenciar índices secundários globais O exemplo de código a seguir mostra como gerenciar o ciclo de vida completo dos índices secundários globais. + Crie uma tabela com um índice secundário global. + Adicione um novo GSI a uma tabela existente. + Atualize (aumente) o throughput a quente do GSI. + Consulte dados usando GSIs. + Exclua um GSI. **AWS CLI com script Bash** Crie uma tabela com um índice secundário global. ``` # Create a table with a GSI aws dynamodb create-table \ --table-name MusicCollection \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ AttributeName=AlbumTitle,AttributeType=S \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST \ --global-secondary-indexes \ "IndexName=AlbumIndex,\ KeySchema=[{AttributeName=AlbumTitle,KeyType=HASH}],\ Projection={ProjectionType=ALL}" ``` Adicione um novo GSI (sob demanda) a uma tabela existente. ``` # Add a new GSI to an existing table aws dynamodb update-table \ --table-name MusicCollection \ --attribute-definitions \ AttributeName=Genre,AttributeType=S \ --global-secondary-index-updates \ "[{\"Create\":{\"IndexName\":\"GenreIndex\",\ \"KeySchema\":[{\"AttributeName\":\"Genre\",\"KeyType\":\"HASH\"}],\ \"Projection\":{\"ProjectionType\":\"ALL\"}}}]" ``` Atualize (aumente) o throughput a quente do GSI. ``` # Increase the warm throughput of a GSI (default values are 12k reads, 4k writes) aws dynamodb update-table \ --table-name MusicCollection \ --global-secondary-index-updates \ "[{\"Update\":{\"IndexName\":\"AlbumIndex\",\ \"WarmThroughput\":{\"ReadUnitsPerSecond\":15000,\"WriteUnitsPerSecond\":6000}}}]" ``` Consulte dados usando GSIs. ``` # Query the AlbumIndex GSI aws dynamodb query \ --table-name MusicCollection \ --index-name AlbumIndex \ --key-condition-expression "AlbumTitle = :album" \ --expression-attribute-values '{":album":{"S":"Let It Be"}}' # Query the GenreIndex GSI aws dynamodb query \ --table-name MusicCollection \ --index-name GenreIndex \ --key-condition-expression "Genre = :genre" \ --expression-attribute-values '{":genre":{"S":"Jazz"}}' ``` Exclua um GSI. ``` # Delete a GSI from a table aws dynamodb update-table \ --table-name MusicCollection \ --global-secondary-index-updates \ "[{\"Delete\":{\"IndexName\":\"GenreIndex\"}}]" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DeleteTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteTable) + [Consulta](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Query) + [UpdateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTable) ### Gerenciar políticas baseadas em recursos O exemplo de código a seguir mostra como gerenciar o ciclo de vida completo das políticas baseadas em recursos para tabelas do DynamoDB. + Crie uma tabela com uma política de recursos. + Obtenha uma política de recursos. + Atualize uma política de recursos. + Exclua uma política de recursos. **AWS CLI com script Bash** Crie uma tabela com uma política de recursos. ``` # Step 1: Create a DynamoDB table aws dynamodb create-table \ --table-name MusicCollection \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST # Step 2: Create a resource-based policy document cat > policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/DynamoDBReadOnly" }, "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection" } ] } EOF # Step 3: Attach the resource-based policy to the table aws dynamodb put-resource-policy \ --resource-arn arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection \ --policy file://policy.json ``` Obtenha uma política de recursos. ``` # Get the resource-based policy attached to a table aws dynamodb get-resource-policy \ --resource-arn arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection ``` Atualize uma política de recursos. ``` # Step 1: Create an updated policy document cat > updated-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::123456789012:role/DynamoDBReadOnly", "arn:aws:iam::123456789012:role/DynamoDBAnalytics" ] }, "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection" } ] } EOF # Step 2: Update the resource-based policy on the table aws dynamodb put-resource-policy \ --resource-arn arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection \ --policy file://updated-policy.json ``` Exclua uma política de recursos. ``` # Delete the resource-based policy from a table aws dynamodb delete-resource-policy \ --resource-arn arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DeleteResourcePolicy](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteResourcePolicy) + [GetResourcePolicy](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/GetResourcePolicy) + [PutResourcePolicy](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutResourcePolicy) ### Configuração do controle de acesso por atributo O exemplo de código apresentado a seguir demonstra como implementar o controle de acesso por atributo (ABAC) no DynamoDB. + Crie uma política do IAM para o ABAC. + Crie tabelas com etiquetas que representem diferentes departamentos. + Liste e filtre tabelas com base nas etiquetas. **AWS CLI com script Bash** Crie uma política do IAM para o ABAC. ``` # Step 1: Create a policy document for ABAC cat > abac-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:*:*:table/*", "Condition": { "StringEquals": { "aws:ResourceTag/Department": "${aws:PrincipalTag/Department}" } } }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem" ], "Resource": "arn:aws:dynamodb:*:*:table/*", "Condition": { "StringEquals": { "aws:ResourceTag/Department": "${aws:PrincipalTag/Department}", "aws:ResourceTag/Environment": "Development" } } } ] } EOF # Step 2: Create the IAM policy aws iam create-policy \ --policy-name DynamoDBDepartmentBasedAccess \ --policy-document file://abac-policy.json ``` Crie tabelas com etiquetas que representem diferentes departamentos. ``` # Create a DynamoDB table with tags for ABAC aws dynamodb create-table \ --table-name FinanceData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Department,Value=Finance \ Key=Environment,Value=Development # Create another table with different tags aws dynamodb create-table \ --table-name MarketingData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Department,Value=Marketing \ Key=Environment,Value=Production ``` Liste e filtre tabelas com base nas etiquetas. ``` # List all DynamoDB tables echo "Listing all tables:" aws dynamodb list-tables # Get ARNs for all tables echo -e "\nGetting ARNs for all tables:" TABLE_ARNS=$(aws dynamodb list-tables --query "TableNames[*]" --output text | xargs -I {} aws dynamodb describe-table --table-name {} --query "Table.TableArn" --output text) # For each table ARN, list its tags echo -e "\nListing tags for each table:" for ARN in $TABLE_ARNS; do TABLE_NAME=$(echo $ARN | awk -F/ '{print $2}') echo -e "\nTags for table: $TABLE_NAME" aws dynamodb list-tags-of-resource --resource-arn $ARN done # Example: Find tables with a specific tag echo -e "\nFinding tables with Environment=Production tag:" for ARN in $TABLE_ARNS; do TABLE_NAME=$(echo $ARN | awk -F/ '{print $2}') TAGS=$(aws dynamodb list-tags-of-resource --resource-arn $ARN --query "Tags[?Key=='Environment' && Value=='Production']" --output text) if [ ! -z "$TAGS" ]; then echo "Table with Production tag: $TABLE_NAME" fi done ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreatePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreatePolicy) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [ListTables](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/ListTables) ### Trabalhar com índices secundários locais O exemplo de código a seguir mostra como criar e consultar tabelas com índices secundários locais. + Crie uma tabela com um índice secundário local (LSI). + Crie uma tabela com várias LSIs com diferentes tipos de projeção. + Consulte dados usando LSIs. **AWS CLI com script Bash** Crie uma tabela com um índice secundário local. ``` # Create a table with a Local Secondary Index aws dynamodb create-table \ --table-name CustomerOrders \ --attribute-definitions \ AttributeName=CustomerID,AttributeType=S \ AttributeName=OrderID,AttributeType=S \ AttributeName=OrderDate,AttributeType=S \ --key-schema \ AttributeName=CustomerID,KeyType=HASH \ AttributeName=OrderID,KeyType=RANGE \ --local-secondary-indexes \ "IndexName=OrderDateIndex,\ KeySchema=[{AttributeName=CustomerID,KeyType=HASH},{AttributeName=OrderDate,KeyType=RANGE}],\ Projection={ProjectionType=ALL}" \ --billing-mode PAY_PER_REQUEST ``` Crie uma tabela com vários LSIs. ``` # Create a table with multiple Local Secondary Indexes aws dynamodb create-table \ --table-name CustomerDetails \ --attribute-definitions \ AttributeName=CustomerID,AttributeType=S \ AttributeName=Name,AttributeType=S \ AttributeName=Email,AttributeType=S \ AttributeName=RegistrationDate,AttributeType=S \ --key-schema \ AttributeName=CustomerID,KeyType=HASH \ AttributeName=Name,KeyType=RANGE \ --local-secondary-indexes \ "[ { \"IndexName\": \"EmailIndex\", \"KeySchema\": [ {\"AttributeName\":\"CustomerID\",\"KeyType\":\"HASH\"}, {\"AttributeName\":\"Email\",\"KeyType\":\"RANGE\"} ], \"Projection\": {\"ProjectionType\":\"INCLUDE\",\"NonKeyAttributes\":[\"Address\",\"Phone\"]} }, { \"IndexName\": \"RegistrationIndex\", \"KeySchema\": [ {\"AttributeName\":\"CustomerID\",\"KeyType\":\"HASH\"}, {\"AttributeName\":\"RegistrationDate\",\"KeyType\":\"RANGE\"} ], \"Projection\": {\"ProjectionType\":\"KEYS_ONLY\"} } ]" \ --billing-mode PAY_PER_REQUEST ``` Consulte dados usando LSIs. ``` # Query the OrderDateIndex LSI aws dynamodb query \ --table-name CustomerOrders \ --index-name OrderDateIndex \ --key-condition-expression "CustomerID = :custId AND OrderDate BETWEEN :date1 AND :date2" \ --expression-attribute-values '{ ":custId": {"S": "C1"}, ":date1": {"S": "2023-01-01"}, ":date2": {"S": "2023-02-01"} }' # Query with a filter expression aws dynamodb query \ --table-name CustomerOrders \ --index-name OrderDateIndex \ --key-condition-expression "CustomerID = :custId" \ --filter-expression "Amount > :amount" \ --expression-attribute-values '{ ":custId": {"S": "C1"}, ":amount": {"N": "150"} }' ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [Consulta](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/Query) ### Trabalhe com Streams e Time-to-Live O exemplo de código a seguir mostra como gerenciar os recursos e os streams do DynamoDB. Time-to-Live + Crie uma tabela com a opção de fluxos habilitada. + Descreva os fluxos. + Crie uma função do Lambda para processar os fluxos. + Habilite a vida útil (TTL) em uma tabela. + Adicione itens com atributos de TTL. + Descreva as configurações de TTL. **AWS CLI com script Bash** Crie uma tabela com a opção de fluxos habilitada. ``` # Create a table with DynamoDB Streams enabled aws dynamodb create-table \ --table-name StreamsDemo \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES ``` Descreva os fluxos. ``` # Get information about the stream aws dynamodb describe-table \ --table-name StreamsDemo \ --query "Table.StreamSpecification" # Get the stream ARN STREAM_ARN=$(aws dynamodb describe-table \ --table-name StreamsDemo \ --query "Table.LatestStreamArn" \ --output text) echo "Stream ARN: $STREAM_ARN" # Describe the stream aws dynamodbstreams describe-stream \ --stream-arn $STREAM_ARN ``` Crie uma função do Lambda para os fluxos. ``` # Step 1: Create an IAM role for the Lambda function cat > trust-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF aws iam create-role \ --role-name DynamoDBStreamsLambdaRole \ --assume-role-policy-document file://trust-policy.json # Step 2: Attach permissions to the role aws iam attach-role-policy \ --role-name DynamoDBStreamsLambdaRole \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole # Step 3: Create a Lambda function (code would be in a separate file) echo "Lambda function creation would be done separately with appropriate code" # Step 4: Create an event source mapping echo "Example command to create event source mapping:" echo "aws lambda create-event-source-mapping \\" echo " --function-name ProcessDynamoDBRecords \\" echo " --event-source $STREAM_ARN \\" echo " --batch-size 100 \\" echo " --starting-position LATEST" ``` Habilite a vida útil (TTL) em uma tabela. ``` # Create a table for TTL demonstration aws dynamodb create-table \ --table-name TTLDemo \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST # Wait for table to become active aws dynamodb wait table-exists --table-name TTLDemo # Enable TTL on the table aws dynamodb update-time-to-live \ --table-name TTLDemo \ --time-to-live-specification "Enabled=true, AttributeName=ExpirationTime" ``` Adicione itens com atributos de TTL. ``` # Calculate expiration time (current time + 1 day in seconds) EXPIRATION_TIME=$(date -d "+1 day" +%s) # Add an item with TTL attribute aws dynamodb put-item \ --table-name TTLDemo \ --item '{ "ID": {"S": "item1"}, "Data": {"S": "This item will expire in 1 day"}, "ExpirationTime": {"N": "'$EXPIRATION_TIME'"} }' # Add an item that expires in 1 hour EXPIRATION_TIME_HOUR=$(date -d "+1 hour" +%s) aws dynamodb put-item \ --table-name TTLDemo \ --item '{ "ID": {"S": "item2"}, "Data": {"S": "This item will expire in 1 hour"}, "ExpirationTime": {"N": "'$EXPIRATION_TIME_HOUR'"} }' ``` Descreva as configurações de TTL. ``` # Describe TTL settings for a table aws dynamodb describe-time-to-live \ --table-name TTLDemo ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy) + [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [DescribeTimeToLive](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTimeToLive) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [UpdateTimeToLive](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTimeToLive) ### Trabalhar com tabelas globais e a consistência final de replicação mutirregional (MREC) O exemplo de código a seguir mostra como gerenciar tabelas globais do DynamoDB com consistência final de replicação mutirregional (MREC). + Crie uma tabela com replicação mutirregional (MREC). + Insira e obtenha itens de tabelas-réplica. + Remova as réplicas one-by-one. + Exclua a tabela para fazer uma limpeza. **AWS CLI com script Bash** Crie uma tabela com replicação mutirregional. ``` # Step 1: Create a new table (MusicTable) in US East (Ohio), with DynamoDB Streams enabled (NEW_AND_OLD_IMAGES) aws dynamodb create-table \ --table-name MusicTable \ --attribute-definitions \ AttributeName=Artist,AttributeType=S \ AttributeName=SongTitle,AttributeType=S \ --key-schema \ AttributeName=Artist,KeyType=HASH \ AttributeName=SongTitle,KeyType=RANGE \ --billing-mode PAY_PER_REQUEST \ --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \ --region us-east-2 # Step 2: Create an identical MusicTable table in US East (N. Virginia) aws dynamodb update-table --table-name MusicTable --cli-input-json \ '{ "ReplicaUpdates": [ { "Create": { "RegionName": "us-east-1" } } ] }' \ --region us-east-2 # Step 3: Create a table in Europe (Ireland) aws dynamodb update-table --table-name MusicTable --cli-input-json \ '{ "ReplicaUpdates": [ { "Create": { "RegionName": "eu-west-1" } } ] }' \ --region us-east-2 ``` Descreva a tabela multirregional. ``` # Step 4: View the list of replicas created using describe-table aws dynamodb describe-table \ --table-name MusicTable \ --region us-east-2 \ --query 'Table.{TableName:TableName,TableStatus:TableStatus,MultiRegionConsistency:MultiRegionConsistency,Replicas:Replicas[*].{Region:RegionName,Status:ReplicaStatus}}' ``` Insira itens em uma tabela-réplica. ``` # Step 5: To verify that replication is working, add a new item to the Music table in US East (Ohio) aws dynamodb put-item \ --table-name MusicTable \ --item '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \ --region us-east-2 ``` Obtenha itens de tabelas-réplica. ``` # Step 6: Wait for a few seconds, and then check to see whether the item has been # successfully replicated to US East (N. Virginia) and Europe (Ireland) aws dynamodb get-item \ --table-name MusicTable \ --key '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \ --region us-east-1 aws dynamodb get-item \ --table-name MusicTable \ --key '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \ --region eu-west-1 ``` Remova as réplicas. ``` # Step 7: Delete the replica table in Europe (Ireland) Region aws dynamodb update-table --table-name MusicTable --cli-input-json \ '{ "ReplicaUpdates": [ { "Delete": { "RegionName": "eu-west-1" } } ] }' \ --region us-east-2 # Delete the replica table in US East (N. Virginia) Region aws dynamodb update-table --table-name MusicTable --cli-input-json \ '{ "ReplicaUpdates": [ { "Delete": { "RegionName": "us-east-1" } } ] }' \ --region us-east-2 ``` Exclua a tabela para fazer uma limpeza. ``` # Clean up: Delete the primary table aws dynamodb delete-table --table-name MusicTable --region us-east-2 echo "Global table demonstration complete." ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DeleteTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DeleteTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [GetItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/GetItem) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [UpdateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTable) ### Trabalhar com a marcação de recursos O exemplo de código a seguir mostra como gerenciar tags para recursos do DynamoDB. + Crie uma tabela com tags. + Listar as etiquetas de um recurso. + Adicione tags a um recurso. + Remova as tags de um recurso. + Filtre tabelas por tags. **AWS CLI com script Bash** Crie uma tabela com tags. ``` # Create a table with tags aws dynamodb create-table \ --table-name TaggedTable \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Environment,Value=Production \ Key=Project,Value=Analytics \ Key=Owner,Value=DataTeam ``` Listar as etiquetas de um recurso. ``` # Get the table ARN TABLE_ARN=$(aws dynamodb describe-table \ --table-name TaggedTable \ --query "Table.TableArn" \ --output text) # List tags for the table aws dynamodb list-tags-of-resource \ --resource-arn $TABLE_ARN ``` Adicione tags a um recurso. ``` # Add tags to an existing table aws dynamodb tag-resource \ --resource-arn $TABLE_ARN \ --tags \ Key=CostCenter,Value=12345 \ Key=BackupSchedule,Value=Daily ``` Remova as tags de um recurso. ``` # Remove tags from a table aws dynamodb untag-resource \ --resource-arn $TABLE_ARN \ --tag-keys Owner BackupSchedule ``` Filtre tabelas por tags. ``` # Create another table with different tags aws dynamodb create-table \ --table-name AnotherTaggedTable \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Environment,Value=Development \ Key=Project,Value=Testing # Wait for table to become active aws dynamodb wait table-exists --table-name AnotherTaggedTable # List all tables echo "All tables:" aws dynamodb list-tables # Get ARNs for all tables echo -e "\nFiltering tables by Environment=Production tag:" TABLE_ARNS=$(aws dynamodb list-tables --query "TableNames[*]" --output text | xargs -I {} aws dynamodb describe-table --table-name {} --query "Table.TableArn" --output text) # Find tables with specific tag for ARN in $TABLE_ARNS; do TABLE_NAME=$(echo $ARN | awk -F/ '{print $2}') TAGS=$(aws dynamodb list-tags-of-resource --resource-arn $ARN --query "Tags[?Key=='Environment' && Value=='Production']" --output text) if [ ! -z "$TAGS" ]; then echo "Table with Production tag: $TABLE_NAME" fi done ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [ListTagsOfResource](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/ListTagsOfResource) + [TagResource](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/TagResource) + [UntagResource](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UntagResource) ### Trabalhar com a criptografia de tabelas O exemplo de código a seguir mostra como gerenciar opções de criptografia para tabelas do DynamoDB. + Crie uma tabela com a criptografia padrão. + Crie uma tabela com uma chave gerenciada pelo cliente (CMK). + Atualize as configurações de criptografia da tabela. + Descreva a criptografia da tabela. **AWS CLI com script Bash** Crie uma tabela com a criptografia padrão. ``` # Create a table with default encryption (AWS owned key) aws dynamodb create-table \ --table-name CustomerData \ --attribute-definitions \ AttributeName=CustomerID,AttributeType=S \ --key-schema \ AttributeName=CustomerID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --sse-specification Enabled=true,SSEType=KMS ``` Crie uma tabela com uma chave gerenciada pelo cliente (CMK). ``` # Step 1: Create a customer managed key in KMS aws kms create-key \ --description "Key for DynamoDB table encryption" \ --key-usage ENCRYPT_DECRYPT \ --customer-master-key-spec SYMMETRIC_DEFAULT # Store the key ID for later use KEY_ID=$(aws kms list-keys --query "Keys[?contains(KeyArn, 'Key for DynamoDB')].KeyId" --output text) # Step 2: Create a table with the customer managed key aws dynamodb create-table \ --table-name SensitiveData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=$KEY_ID ``` Atualize a criptografia da tabela. ``` # Update a table to use a different KMS key aws dynamodb update-table \ --table-name CustomerData \ --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=$KEY_ID ``` Descreva a criptografia da tabela. ``` # Describe the table to see encryption settings aws dynamodb describe-table \ --table-name CustomerData \ --query "Table.SSEDescription" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateKey](https://docs.aws.amazon.com/goto/aws-cli/kms-2014-11-01/CreateKey) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [UpdateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTable) # Exemplos do Amazon EC2 usando o script AWS CLI Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash com o Amazon EC2. As *noções básicas* são exemplos de código que mostram como realizar as operações essenciais em um serviço. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Conceitos básicos](#basics) + [Ações](#actions) + [Cenários](#scenarios) ## Conceitos básicos ### Conheça os conceitos básicos O exemplo de código a seguir mostra como: + Criar um par de chaves e um grupo de segurança. + Selecionar uma imagem de máquina da Amazon (AMI) e um tipo de instância compatível e, em seguida, criar uma instância. + Interromper e reiniciar a instância. + Associar um endereço IP elástico à sua instância. + Conectar-se à sua instância via SSH e, em seguida, limpar os recursos. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). Execute um cenário interativo em um prompt de comando. ``` ############################################################################### # function get_started_with_ec2_instances # # Runs an interactive scenario that shows how to get started using EC2 instances. # # "EC2 access" permissions are needed to run this code. # # Returns: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function get_started_with_ec2_instances() { # Requires version 4 for mapfile. local required_version=4.0 # Get the current Bash version # Check if BASH_VERSION is set local current_version if [[ -n "$BASH_VERSION" ]]; then # Convert BASH_VERSION to a number for comparison current_version=$BASH_VERSION else # Get the current Bash version using the bash command current_version=$(bash --version | head -n 1 | awk '{ print $4 }') fi # Convert version strings to numbers for comparison local required_version_num current_version_num required_version_num=$(echo "$required_version" | awk -F. '{ print ($1 * 10000) + ($2 * 100) + $3 }') current_version_num=$(echo "$current_version" | awk -F. '{ print ($1 * 10000) + ($2 * 100) + $3 }') # Compare versions if ((current_version_num < required_version_num)); then echo "Error: This script requires Bash version $required_version or higher." echo "Your current Bash version is number is $current_version." exit 1 fi { if [ "$EC2_OPERATIONS_SOURCED" != "True" ]; then source ./ec2_operations.sh fi } echo_repeat "*" 88 echo "Welcome to the Amazon Elastic Compute Cloud (Amazon EC2) get started with instances demo." echo_repeat "*" 88 echo echo "Let's create an RSA key pair that you can be use to securely connect to " echo "your EC2 instance." echo -n "Enter a unique name for your key: " get_input local key_name key_name=$get_input_result local temp_dir temp_dir=$(mktemp -d) local key_file_name="$temp_dir/${key_name}.pem" if ec2_create_keypair -n "${key_name}" -f "${key_file_name}"; then echo "Created a key pair $key_name and saved the private key to $key_file_name" echo else errecho "The key pair failed to create. This demo will exit." return 1 fi chmod 400 "${key_file_name}" if yes_no_input "Do you want to list some of your key pairs? (y/n) "; then local keys_and_fingerprints keys_and_fingerprints="$(ec2_describe_key_pairs)" && { local image_name_and_id while IFS=$'\n' read -r image_name_and_id; do local entries IFS=$'\t' read -ra entries <<<"$image_name_and_id" echo "Found rsa key ${entries[0]} with fingerprint:" echo " ${entries[1]}" done <<<"$keys_and_fingerprints" } fi echo_repeat "*" 88 echo_repeat "*" 88 echo "Let's create a security group to manage access to your instance." echo -n "Enter a unique name for your security group: " get_input local security_group_name security_group_name=$get_input_result local security_group_id security_group_id=$(ec2_create_security_group -n "$security_group_name" \ -d "Security group for EC2 instance") || { errecho "The security failed to create. This demo will exit." clean_up "$key_name" "$key_file_name" return 1 } echo "Security group created with ID $security_group_id" echo local public_ip public_ip=$(curl -s http://checkip.amazonaws.com) echo "Let's add a rule to allow SSH only from your current IP address." echo "Your public IP address is $public_ip" echo -n "press return to add this rule to your security group." get_input if ! ec2_authorize_security_group_ingress -g "$security_group_id" -i "$public_ip" -p tcp -f 22 -t 22; then errecho "The security group rules failed to update. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 fi echo "Security group rules updated" local security_group_description security_group_description="$(ec2_describe_security_groups -g "${security_group_id}")" || { errecho "Failed to describe security groups. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 } mapfile -t parameters <<<"$security_group_description" IFS=$'\t' read -ra entries <<<"${parameters[0]}" echo "Security group: ${entries[0]}" echo " ID: ${entries[1]}" echo " VPC: ${entries[2]}" echo "Inbound permissions:" IFS=$'\t' read -ra entries <<<"${parameters[1]}" echo " IpProtocol: ${entries[0]}" echo " FromPort: ${entries[1]}" echo " ToPort: ${entries[2]}" echo " CidrIp: ${parameters[2]}" local parameters parameters="$(ssm_get_parameters_by_path -p "/aws/service/ami-amazon-linux-latest")" || { errecho "Failed to get parameters. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 } local image_ids="" mapfile -t parameters <<<"$parameters" for image_name_and_id in "${parameters[@]}"; do IFS=$'\t' read -ra values <<<"$image_name_and_id" if [[ "${values[0]}" == *"amzn2"* ]]; then image_ids+="${values[1]} " fi done local images images="$(ec2_describe_images -i "$image_ids")" || { errecho "Failed to describe images. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 } new_line_and_tab_to_list "$images" local images=("${list_result[@]}") # Get the size of the array local images_count=${#images[@]} if ((images_count == 0)); then errecho "No images found. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 fi echo_repeat "*" 88 echo_repeat "*" 88 echo "Let's create an instance from an Amazon Linux 2 AMI. Here are some options:" for ((i = 0; i < images_count; i += 3)); do echo "$(((i / 3) + 1)) - ${images[$i]}" done integer_input "Please enter the number of the AMI you want to use: " 1 "$((images_count / 3))" local choice=$get_input_result choice=$(((choice - 1) * 3)) echo "Great choice." echo local architecture=${images[$((choice + 1))]} local image_id=${images[$((choice + 2))]} echo "Here are some instance types that support the ${architecture} architecture of the image:" response="$(ec2_describe_instance_types -a "${architecture}" -t "*.micro,*.small")" || { errecho "Failed to describe instance types. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 } local instance_types mapfile -t instance_types <<<"$response" # Get the size of the array local instance_types_count=${#instance_types[@]} echo "Here are some options:" for ((i = 0; i < instance_types_count; i++)); do echo "$((i + 1)) - ${instance_types[$i]}" done integer_input "Which one do you want to use? " 1 "${#instance_types[@]} " choice=$get_input_result local instance_type=${instance_types[$((choice - 1))]} echo "Another great choice." echo echo "Creating your instance and waiting for it to start..." local instance_id instance_id=$(ec2_run_instances -i "$image_id" -t "$instance_type" -k "$key_name" -s "$security_group_id") || { errecho "Failed to run instance. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" return 1 } ec2_wait_for_instance_running -i "$instance_id" echo "Your instance is ready:" echo local instance_details instance_details="$(ec2_describe_instances -i "${instance_id}")" echo print_instance_details "${instance_details}" local public_ip public_ip=$(echo "${instance_details}" | awk '{print $6}') echo echo "You can use SSH to connect to your instance" echo "If the connection attempt times out, you might have to manually update the SSH ingress rule" echo "for your IP address in the AWS Management Console." connect_to_instance "$key_file_name" "$public_ip" echo -n "Press Enter when you're ready to continue the demo: " get_input echo_repeat "*" 88 echo_repeat "*" 88 echo "Let's stop and start your instance to see what changes." echo "Stopping your instance and waiting until it's stopped..." ec2_stop_instances -i "$instance_id" ec2_wait_for_instance_stopped -i "$instance_id" echo "Your instance is stopped. Restarting..." ec2_start_instances -i "$instance_id" ec2_wait_for_instance_running -i "$instance_id" echo "Your instance is running again." local instance_details instance_details="$(ec2_describe_instances -i "${instance_id}")" print_instance_details "${instance_details}" public_ip=$(echo "${instance_details}" | awk '{print $6}') echo "Every time your instance is restarted, its public IP address changes" connect_to_instance "$key_file_name" "$public_ip" echo -n "Press Enter when you're ready to continue the demo: " get_input echo_repeat "*" 88 echo_repeat "*" 88 echo "You can allocate an Elastic IP address and associate it with your instance" echo "to keep a consistent IP address even when your instance restarts." local result result=$(ec2_allocate_address -d vpc) || { errecho "Failed to allocate an address. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" "$instance_id" return 1 } local elastic_ip allocation_id elastic_ip=$(echo "$result" | awk '{print $1}') allocation_id=$(echo "$result" | awk '{print $2}') echo "Allocated static Elastic IP address: $elastic_ip" local association_id association_id=$(ec2_associate_address -i "$instance_id" -a "$allocation_id") || { errecho "Failed to associate an address. This demo will exit." clean_up "$key_name" "$key_file_name" "$security_group_id" "$instance_id" "$allocation_id" return 1 } echo "Associated your Elastic IP with your instance." echo "You can now use SSH to connect to your instance by using the Elastic IP." connect_to_instance "$key_file_name" "$elastic_ip" echo -n "Press Enter when you're ready to continue the demo: " get_input echo_repeat "*" 88 echo_repeat "*" 88 echo "Let's stop and start your instance to see what changes." echo "Stopping your instance and waiting until it's stopped..." ec2_stop_instances -i "$instance_id" ec2_wait_for_instance_stopped -i "$instance_id" echo "Your instance is stopped. Restarting..." ec2_start_instances -i "$instance_id" ec2_wait_for_instance_running -i "$instance_id" echo "Your instance is running again." local instance_details instance_details="$(ec2_describe_instances -i "${instance_id}")" print_instance_details "${instance_details}" echo "Because you have associated an Elastic IP with your instance, you can" echo "connect by using a consistent IP address after the instance restarts." connect_to_instance "$key_file_name" "$elastic_ip" echo -n "Press Enter when you're ready to continue the demo: " get_input echo_repeat "*" 88 echo_repeat "*" 88 if yes_no_input "Do you want to delete the resources created in this demo: (y/n) "; then clean_up "$key_name" "$key_file_name" "$security_group_id" "$instance_id" \ "$allocation_id" "$association_id" else echo "The following resources were not deleted." echo "Key pair: $key_name" echo "Key file: $key_file_name" echo "Security group: $security_group_id" echo "Instance: $instance_id" echo "Elastic IP address: $elastic_ip" fi } ############################################################################### # function clean_up # # This function cleans up the created resources. # $1 - The name of the ec2 key pair to delete. # $2 - The name of the key file to delete. # $3 - The ID of the security group to delete. # $4 - The ID of the instance to terminate. # $5 - The ID of the elastic IP address to release. # $6 - The ID of the elastic IP address to disassociate. # # Returns: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function clean_up() { local result=0 local key_pair_name=$1 local key_file_name=$2 local security_group_id=$3 local instance_id=$4 local allocation_id=$5 local association_id=$6 if [ -n "$association_id" ]; then # bashsupport disable=BP2002 if (ec2_disassociate_address -a "$association_id"); then echo "Disassociated elastic IP address with ID $association_id" else errecho "The elastic IP address disassociation failed." result=1 fi fi if [ -n "$allocation_id" ]; then # bashsupport disable=BP2002 if (ec2_release_address -a "$allocation_id"); then echo "Released elastic IP address with ID $allocation_id" else errecho "The elastic IP address release failed." result=1 fi fi if [ -n "$instance_id" ]; then # bashsupport disable=BP2002 if (ec2_terminate_instances -i "$instance_id"); then echo "Started terminating instance with ID $instance_id" ec2_wait_for_instance_terminated -i "$instance_id" else errecho "The instance terminate failed." result=1 fi fi if [ -n "$security_group_id" ]; then # bashsupport disable=BP2002 if (ec2_delete_security_group -i "$security_group_id"); then echo "Deleted security group with ID $security_group_id" else errecho "The security group delete failed." result=1 fi fi if [ -n "$key_pair_name" ]; then # bashsupport disable=BP2002 if (ec2_delete_keypair -n "$key_pair_name"); then echo "Deleted key pair named $key_pair_name" else errecho "The key pair delete failed." result=1 fi fi if [ -n "$key_file_name" ]; then rm -f "$key_file_name" fi return $result } ############################################################################### # function ssm_get_parameters_by_path # # This function retrieves one or more parameters from the AWS Systems Manager Parameter Store # by specifying a parameter path. # # Parameters: # -p parameter_path - The path of the parameter(s) to retrieve. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ssm_get_parameters_by_path() { local parameter_path response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ssm_get_parameters_by_path" echo "Retrieves one or more parameters from the AWS Systems Manager Parameter Store by specifying a parameter path." echo " -p parameter_path - The path of the parameter(s) to retrieve." echo "" } # Retrieve the calling parameters. while getopts "p:h" option; do case "${option}" in p) parameter_path="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$parameter_path" ]]; then errecho "ERROR: You must provide a parameter path with the -p parameter." usage return 1 fi response=$(aws ssm get-parameters-by-path \ --path "$parameter_path" \ --query "Parameters[*].[Name, Value]" \ --output text) || { aws_cli_error_log $? errecho "ERROR: AWS reports get-parameters-by-path operation failed.$response" return 1 } echo "$response" return 0 } ############################################################################### # function print_instance_details # # This function prints the details of an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # instance_details - The instance details in the format "InstanceId ImageId InstanceType KeyName VpcId PublicIpAddress State.Name". # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function print_instance_details() { local instance_details="$1" if [[ -z "${instance_details}" ]]; then echo "Error: Missing required instance details argument." return 1 fi local instance_id image_id instance_type key_name vpc_id public_ip state instance_id=$(echo "${instance_details}" | awk '{print $1}') image_id=$(echo "${instance_details}" | awk '{print $2}') instance_type=$(echo "${instance_details}" | awk '{print $3}') key_name=$(echo "${instance_details}" | awk '{print $4}') vpc_id=$(echo "${instance_details}" | awk '{print $5}') public_ip=$(echo "${instance_details}" | awk '{print $6}') state=$(echo "${instance_details}" | awk '{print $7}') echo " ID: ${instance_id}" echo " Image ID: ${image_id}" echo " Instance type: ${instance_type}" echo " Key name: ${key_name}" echo " VPC ID: ${vpc_id}" echo " Public IP: ${public_ip}" echo " State: ${state}" return 0 } ############################################################################### # function connect_to_instance # # This function displays the public IP address of an Amazon Elastic Compute Cloud (Amazon EC2) instance and prompts the user to connect to the instance via SSH. # # Parameters: # $1 - The name of the key file used to connect to the instance. # $2 - The public IP address of the instance. # # Returns: # None ############################################################################### function connect_to_instance() { local key_file_name="$1" local public_ip="$2" # Validate the input parameters if [[ -z "$key_file_name" ]]; then echo "ERROR: You must provide a key file name as the first argument." >&2 return 1 fi if [[ -z "$public_ip" ]]; then echo "ERROR: You must provide a public IP address as the second argument." >&2 return 1 fi # Display the public IP address and connection command echo "To connect, run the following command:" echo " ssh -i ${key_file_name} ec2-user@${public_ip}" # Prompt the user to connect to the instance if yes_no_input "Do you want to connect now? (y/n) "; then echo "After you have connected, you can return to this example by typing 'exit'" ssh -i "${key_file_name}" ec2-user@"${public_ip}" fi } ############################################################################### # function get_input # # This function gets user input from the command line. # # Outputs: # User input to stdout. # # Returns: # 0 ############################################################################### function get_input() { if [ -z "${mock_input+x}" ]; then read -r get_input_result else if [ "$mock_input_array_index" -lt ${#mock_input_array[@]} ]; then get_input_result="${mock_input_array[$mock_input_array_index]}" # bashsupport disable=BP2001 # shellcheck disable=SC2206 ((mock_input_array_index++)) echo -n "$get_input_result" else echo "MOCK_INPUT_ARRAY has no more elements" 1>&2 return 1 fi fi return 0 } ############################################################################### # function yes_no_input # # This function requests a yes/no answer from the user, following to a prompt. # # Parameters: # $1 - The prompt. # # Returns: # 0 - If yes. # 1 - If no. ############################################################################### function yes_no_input() { if [ -z "$1" ]; then echo "Internal error yes_no_input" return 1 fi local index=0 local response="N" while [[ $index -lt 10 ]]; do index=$((index + 1)) echo -n "$1" if ! get_input; then return 1 fi response=$(echo "$get_input_result" | tr '[:upper:]' '[:lower:]') if [ "$response" = "y" ] || [ "$response" = "n" ]; then break else echo -e "\nPlease enter or 'y' or 'n'." fi done echo if [ "$response" = "y" ]; then return 0 else return 1 fi } ############################################################################### # function integer_input # # This function prompts the user to enter an integer within a specified range # and validates the input. # # Parameters: # $1 - The prompt message to display to the user. # $2 - The minimum value of the accepted range. # $3 - The maximum value of the accepted range. # # Returns: # The valid integer input from the user. # If the input is invalid or out of range, the function will continue # prompting the user until a valid input is provided. ############################################################################### function integer_input() { local prompt="$1" local min_value="$2" local max_value="$3" local input="" while true; do # Display the prompt message and wait for user input echo -n "$prompt" if ! get_input; then return 1 fi input="$get_input_result" # Check if the input is a valid integer if [[ "$input" =~ ^-?[0-9]+$ ]]; then # Check if the input is within the specified range if ((input >= min_value && input <= max_value)); then return 0 else echo "Error: Input, $input, must be between $min_value and $max_value." fi else echo "Error: Invalid input- $input. Please enter an integer." fi done } ############################################################################### # function new_line_and_tab_to_list # # This function takes a string input containing newlines and tabs, and # converts it into a list (array) of elements. # # Parameters: # $1 - The input string containing newlines and tabs. # # Returns: # The resulting list (array) is stored in the global variable # 'list_result'. ############################################################################### function new_line_and_tab_to_list() { local input=$1 export list_result list_result=() mapfile -t lines <<<"$input" local line for line in "${lines[@]}"; do IFS=$'\t' read -ra parameters <<<"$line" list_result+=("${parameters[@]}") done } ############################################################################### # function echo_repeat # # This function prints a string 'n' times to stdout. # # Parameters: # $1 - The string. # $2 - Number of times to print the string. # # Outputs: # String 'n' times to stdout. # # Returns: # 0 ############################################################################### function echo_repeat() { local end=$2 for ((i = 0; i < end; i++)); do echo -n "$1" done echo } ``` As funções do DynamoDB usadas nesse cenário. ``` ############################################################################### # function ec2_create_keypair # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) ED25519 or 2048-bit RSA key pair # and writes it to a file. # # Parameters: # -n key_pair_name - A key pair name. # -f file_path - File to store the key pair. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_create_keypair() { local key_pair_name file_path response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_create_keypair" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) ED25519 or 2048-bit RSA key pair" echo " and writes it to a file." echo " -n key_pair_name - A key pair name." echo " -f file_path - File to store the key pair." echo "" } # Retrieve the calling parameters. while getopts "n:f:h" option; do case "${option}" in n) key_pair_name="${OPTARG}" ;; f) file_path="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key name with the -n parameter." usage return 1 fi if [[ -z "$file_path" ]]; then errecho "ERROR: You must provide a file path with the -f parameter." usage return 1 fi response=$(aws ec2 create-key-pair \ --key-name "$key_pair_name" \ --query 'KeyMaterial' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-access-key operation failed.$response" return 1 } if [[ -n "$file_path" ]]; then echo "$response" >"$file_path" fi return 0 } ############################################################################### # function ec2_describe_key_pairs # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) key pairs. # # Parameters: # -h - Display help. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_key_pairs() { local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_key_pairs" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) key pairs." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "h" option; do case "${option}" in h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local response response=$(aws ec2 describe-key-pairs \ --query 'KeyPairs[*].[KeyName, KeyFingerprint]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-key-pairs operation failed.$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_create_security_group # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -n security_group_name - The name of the security group. # -d security_group_description - The description of the security group. # # Returns: # The ID of the created security group, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_create_security_group() { local security_group_name security_group_description response # Function to display usage information function usage() { echo "function ec2_create_security_group" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -n security_group_name - The name of the security group." echo " -d security_group_description - The description of the security group." echo "" } # Parse the command-line arguments while getopts "n:d:h" option; do case "${option}" in n) security_group_name="${OPTARG}" ;; d) security_group_description="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$security_group_name" ]]; then errecho "ERROR: You must provide a security group name with the -n parameter." return 1 fi if [[ -z "$security_group_description" ]]; then errecho "ERROR: You must provide a security group description with the -d parameter." return 1 fi # Create the security group response=$(aws ec2 create-security-group \ --group-name "$security_group_name" \ --description "$security_group_description" \ --query "GroupId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-security-group operation failed." errecho "$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_describe_security_groups # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) security groups. # # Parameters: # -g security_group_id - The ID of the security group to describe (optional). # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_security_groups() { local security_group_id response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_security_groups" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) security groups." echo " -g security_group_id - The ID of the security group to describe (optional)." echo "" } # Retrieve the calling parameters. while getopts "g:h" option; do case "${option}" in g) security_group_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local query="SecurityGroups[*].[GroupName, GroupId, VpcId, IpPermissions[*].[IpProtocol, FromPort, ToPort, IpRanges[*].CidrIp]]" if [[ -n "$security_group_id" ]]; then response=$(aws ec2 describe-security-groups --group-ids "$security_group_id" --query "${query}" --output text) else response=$(aws ec2 describe-security-groups --query "${query}" --output text) fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports describe-security-groups operation failed.$response" return 1 fi echo "$response" return 0 } ############################################################################### # function ec2_authorize_security_group_ingress # # This function authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -g security_group_id - The ID of the security group. # -i ip_address - The IP address or CIDR block to authorize. # -p protocol - The protocol to authorize (e.g., tcp, udp, icmp). # -f from_port - The start of the port range to authorize. # -t to_port - The end of the port range to authorize. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_authorize_security_group_ingress() { local security_group_id ip_address protocol from_port to_port response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_authorize_security_group_ingress" echo "Authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -g security_group_id - The ID of the security group." echo " -i ip_address - The IP address or CIDR block to authorize." echo " -p protocol - The protocol to authorize (e.g., tcp, udp, icmp)." echo " -f from_port - The start of the port range to authorize." echo " -t to_port - The end of the port range to authorize." echo "" } # Retrieve the calling parameters. while getopts "g:i:p:f:t:h" option; do case "${option}" in g) security_group_id="${OPTARG}" ;; i) ip_address="${OPTARG}" ;; p) protocol="${OPTARG}" ;; f) from_port="${OPTARG}" ;; t) to_port="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -g parameter." usage return 1 fi if [[ -z "$ip_address" ]]; then errecho "ERROR: You must provide an IP address or CIDR block with the -i parameter." usage return 1 fi if [[ -z "$protocol" ]]; then errecho "ERROR: You must provide a protocol with the -p parameter." usage return 1 fi if [[ -z "$from_port" ]]; then errecho "ERROR: You must provide a start port with the -f parameter." usage return 1 fi if [[ -z "$to_port" ]]; then errecho "ERROR: You must provide an end port with the -t parameter." usage return 1 fi response=$(aws ec2 authorize-security-group-ingress \ --group-id "$security_group_id" \ --cidr "${ip_address}/32" \ --protocol "$protocol" \ --port "$from_port-$to_port" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports authorize-security-group-ingress operation failed.$response" return 1 } return 0 } ############################################################################### # function ec2_describe_images # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) images. # # Parameters: # -i image_ids - A space-separated list of image IDs (optional). # -h - Display help. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_images() { local image_ids response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_images" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) images." echo " -i image_ids - A space-separated list of image IDs (optional)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) image_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local aws_cli_args=() if [[ -n "$image_ids" ]]; then # shellcheck disable=SC2206 aws_cli_args+=("--image-ids" $image_ids) fi response=$(aws ec2 describe-images \ "${aws_cli_args[@]}" \ --query 'Images[*].[Description,Architecture,ImageId]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-images operation failed.$response" return 1 } echo "$response" return 0 } ############################################################################### # ec2_describe_instance_types # # This function describes EC2 instance types filtered by processor architecture # and optionally by instance type. It takes the following arguments: # # -a, --architecture ARCHITECTURE Specify the processor architecture (e.g., x86_64) # -t, --type INSTANCE_TYPE Comma-separated list of instance types (e.g., t2.micro) # -h, --help Show the usage help # # The function prints the instance type and supported architecture for each # matching instance type. ############################################################################### function ec2_describe_instance_types() { local architecture="" local instance_types="" # bashsupport disable=BP5008 function usage() { echo "Usage: ec2_describe_instance_types [-a|--architecture ARCHITECTURE] [-t|--type INSTANCE_TYPE] [-h|--help]" echo " -a, --architecture ARCHITECTURE Specify the processor architecture (e.g., x86_64)" echo " -t, --type INSTANCE_TYPE Comma-separated list of instance types (e.g., t2.micro)" echo " -h, --help Show this help message" } while [[ $# -gt 0 ]]; do case "$1" in -a | --architecture) architecture="$2" shift 2 ;; -t | --type) instance_types="$2" shift 2 ;; -h | --help) usage return 0 ;; *) echo "Unknown argument: $1" return 1 ;; esac done if [[ -z "$architecture" ]]; then errecho "Error: Architecture not specified." usage return 1 fi if [[ -z "$instance_types" ]]; then errecho "Error: Instance type not specified." usage return 1 fi local tmp_json_file="temp_ec2.json" echo -n '[ { "Name": "processor-info.supported-architecture", "Values": [' >"$tmp_json_file" local items IFS=',' read -ra items <<<"$architecture" local array_size array_size=${#items[@]} for i in $(seq 0 $((array_size - 1))); do echo -n '"'"${items[$i]}"'"' >>"$tmp_json_file" if [[ $i -lt $((array_size - 1)) ]]; then echo -n ',' >>"$tmp_json_file" fi done echo -n ']}, { "Name": "instance-type", "Values": [' >>"$tmp_json_file" IFS=',' read -ra items <<<"$instance_types" local array_size array_size=${#items[@]} for i in $(seq 0 $((array_size - 1))); do echo -n '"'"${items[$i]}"'"' >>"$tmp_json_file" if [[ $i -lt $((array_size - 1)) ]]; then echo -n ',' >>"$tmp_json_file" fi done echo -n ']}]' >>"$tmp_json_file" local response response=$(aws ec2 describe-instance-types --filters file://"$tmp_json_file" \ --query 'InstanceTypes[*].[InstanceType]' --output text) local error_code=$? rm "$tmp_json_file" if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code echo "ERROR: AWS reports describe-instance-types operation failed." return 1 fi echo "$response" return 0 } ############################################################################### # function ec2_run_instances # # This function launches one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i image_id - The ID of the Amazon Machine Image (AMI) to use. # -t instance_type - The instance type to use (e.g., t2.micro). # -k key_pair_name - The name of the key pair to use. # -s security_group_id - The ID of the security group to use. # -c count - The number of instances to launch (default: 1). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_run_instances() { local image_id instance_type key_pair_name security_group_id count response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_run_instances" echo "Launches one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i image_id - The ID of the Amazon Machine Image (AMI) to use." echo " -t instance_type - The instance type to use (e.g., t2.micro)." echo " -k key_pair_name - The name of the key pair to use." echo " -s security_group_id - The ID of the security group to use." echo " -c count - The number of instances to launch (default: 1)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:t:k:s:c:h" option; do case "${option}" in i) image_id="${OPTARG}" ;; t) instance_type="${OPTARG}" ;; k) key_pair_name="${OPTARG}" ;; s) security_group_id="${OPTARG}" ;; c) count="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$image_id" ]]; then errecho "ERROR: You must provide an Amazon Machine Image (AMI) ID with the -i parameter." usage return 1 fi if [[ -z "$instance_type" ]]; then errecho "ERROR: You must provide an instance type with the -t parameter." usage return 1 fi if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key pair name with the -k parameter." usage return 1 fi if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -s parameter." usage return 1 fi if [[ -z "$count" ]]; then count=1 fi response=$(aws ec2 run-instances \ --image-id "$image_id" \ --instance-type "$instance_type" \ --key-name "$key_pair_name" \ --security-group-ids "$security_group_id" \ --count "$count" \ --query 'Instances[*].[InstanceId]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports run-instances operation failed.$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_describe_instances # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID of the instance to describe (optional). # -q query - The query to filter the response (optional). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_instances() { local instance_id query response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_instances" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID of the instance to describe (optional)." echo " -q query - The query to filter the response (optional)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:q:h" option; do case "${option}" in i) instance_id="${OPTARG}" ;; q) query="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local aws_cli_args=() if [[ -n "$instance_id" ]]; then # shellcheck disable=SC2206 aws_cli_args+=("--instance-ids" $instance_id) fi local query_arg="" if [[ -n "$query" ]]; then query_arg="--query '$query'" else query_arg="--query Reservations[*].Instances[*].[InstanceId,ImageId,InstanceType,KeyName,VpcId,PublicIpAddress,State.Name]" fi # shellcheck disable=SC2086 response=$(aws ec2 describe-instances \ "${aws_cli_args[@]}" \ $query_arg \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-instances operation failed.$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_stop_instances # # This function stops one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID(s) of the instance(s) to stop (comma-separated). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_stop_instances() { local instance_ids local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_stop_instances" echo "Stops one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID(s) of the instance(s) to stop (comma-separated)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$instance_ids" ]]; then errecho "ERROR: You must provide one or more instance IDs with the -i parameter." usage return 1 fi response=$(aws ec2 stop-instances \ --instance-ids "${instance_ids}") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports stop-instances operation failed with $response." return 1 } return 0 } ############################################################################### # function ec2_start_instances # # This function starts one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID(s) of the instance(s) to start (comma-separated). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_start_instances() { local instance_ids local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_start_instances" echo "Starts one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID(s) of the instance(s) to start (comma-separated)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$instance_ids" ]]; then errecho "ERROR: You must provide one or more instance IDs with the -i parameter." usage return 1 fi response=$(aws ec2 start-instances \ --instance-ids "${instance_ids}") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports start-instances operation failed with $response." return 1 } return 0 } ############################################################################### # function ec2_allocate_address # # This function allocates an Elastic IP address for use with Amazon Elastic Compute Cloud (Amazon EC2) instances in a specific AWS Region. # # Parameters: # -d domain - The domain for the Elastic IP address (either 'vpc' or 'standard'). # # Returns: # The allocated Elastic IP address, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_allocate_address() { local domain response # Function to display usage information function usage() { echo "function ec2_allocate_address" echo "Allocates an Elastic IP address for use with Amazon Elastic Compute Cloud (Amazon EC2) instances in a specific AWS Region." echo " -d domain - The domain for the Elastic IP address (either 'vpc' or 'standard')." echo "" } # Parse the command-line arguments while getopts "d:h" option; do case "${option}" in d) domain="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$domain" ]]; then errecho "ERROR: You must provide a domain with the -d parameter (either 'vpc' or 'standard')." return 1 fi if [[ "$domain" != "vpc" && "$domain" != "standard" ]]; then errecho "ERROR: Invalid domain value. Must be either 'vpc' or 'standard'." return 1 fi # Allocate the Elastic IP address response=$(aws ec2 allocate-address \ --domain "$domain" \ --query "[PublicIp,AllocationId]" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports allocate-address operation failed." errecho "$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_associate_address # # This function associates an Elastic IP address with an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a allocation_id - The allocation ID of the Elastic IP address to associate. # -i instance_id - The ID of the EC2 instance to associate the Elastic IP address with. # # Returns: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_associate_address() { local allocation_id instance_id response # Function to display usage information function usage() { echo "function ec2_associate_address" echo "Associates an Elastic IP address with an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a allocation_id - The allocation ID of the Elastic IP address to associate." echo " -i instance_id - The ID of the EC2 instance to associate the Elastic IP address with." echo "" } # Parse the command-line arguments while getopts "a:i:h" option; do case "${option}" in a) allocation_id="${OPTARG}" ;; i) instance_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$allocation_id" ]]; then errecho "ERROR: You must provide an allocation ID with the -a parameter." return 1 fi if [[ -z "$instance_id" ]]; then errecho "ERROR: You must provide an instance ID with the -i parameter." return 1 fi # Associate the Elastic IP address response=$(aws ec2 associate-address \ --allocation-id "$allocation_id" \ --instance-id "$instance_id" \ --query "AssociationId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports associate-address operation failed." errecho "$response" return 1 } echo "$response" return 0 } ############################################################################### # function ec2_disassociate_address # # This function disassociates an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a association_id - The association ID that represents the association of the Elastic IP address with an instance. # # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_disassociate_address() { local association_id response # Function to display usage information function usage() { echo "function ec2_disassociate_address" echo "Disassociates an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a association_id - The association ID that represents the association of the Elastic IP address with an instance." echo "" } # Parse the command-line arguments while getopts "a:h" option; do case "${option}" in a) association_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$association_id" ]]; then errecho "ERROR: You must provide an association ID with the -a parameter." return 1 fi response=$(aws ec2 disassociate-address \ --association-id "$association_id") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports disassociate-address operation failed." errecho "$response" return 1 } return 0 } ############################################################################### # function ec2_release_address # # This function releases an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a allocation_id - The allocation ID of the Elastic IP address to release. # # Returns: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_release_address() { local allocation_id response # Function to display usage information function usage() { echo "function ec2_release_address" echo "Releases an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a allocation_id - The allocation ID of the Elastic IP address to release." echo "" } # Parse the command-line arguments while getopts "a:h" option; do case "${option}" in a) allocation_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$allocation_id" ]]; then errecho "ERROR: You must provide an allocation ID with the -a parameter." return 1 fi response=$(aws ec2 release-address \ --allocation-id "$allocation_id") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports release-address operation failed." errecho "$response" return 1 } return 0 } ############################################################################### # function ec2_terminate_instances # # This function terminates one or more Amazon Elastic Compute Cloud (Amazon EC2) # instances using the AWS CLI. # # Parameters: # -i instance_ids - A space-separated list of instance IDs. # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_terminate_instances() { local instance_ids response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_terminate_instances" echo "Terminates one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_ids - A space-separated list of instance IDs." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Check if instance ID is provided if [[ -z "${instance_ids}" ]]; then echo "Error: Missing required instance IDs parameter." usage return 1 fi # shellcheck disable=SC2086 response=$(aws ec2 terminate-instances \ "--instance-ids" $instance_ids \ --query 'TerminatingInstances[*].[InstanceId,CurrentState.Name]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports terminate-instances operation failed.$response" return 1 } return 0 } ############################################################################### # function ec2_delete_security_group # # This function deletes an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -i security_group_id - The ID of the security group to delete. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_delete_security_group() { local security_group_id response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_delete_security_group" echo "Deletes an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -i security_group_id - The ID of the security group to delete." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) security_group_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -i parameter." usage return 1 fi response=$(aws ec2 delete-security-group --group-id "$security_group_id" --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports delete-security-group operation failed.$response" return 1 } return 0 } ############################################################################### # function ec2_delete_keypair # # This function deletes an Amazon EC2 ED25519 or 2048-bit RSA key pair. # # Parameters: # -n key_pair_name - A key pair name. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_delete_keypair() { local key_pair_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_delete_keypair" echo "Deletes an Amazon EC2 ED25519 or 2048-bit RSA key pair." echo " -n key_pair_name - A key pair name." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) key_pair_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key pair name with the -n parameter." usage return 1 fi response=$(aws ec2 delete-key-pair \ --key-name "$key_pair_name") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports delete-key-pair operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas nesse cenário. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AllocateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AllocateAddress) + [AssociateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AssociateAddress) + [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress) + [CreateKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateKeyPair) + [CreateSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSecurityGroup) + [DeleteKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteKeyPair) + [DeleteSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSecurityGroup) + [DescribeImages](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeImages) + [DescribeInstanceTypes](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInstanceTypes) + [DescribeInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInstances) + [DescribeKeyPairs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeKeyPairs) + [DescribeSecurityGroups](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSecurityGroups) + [DisassociateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DisassociateAddress) + [ReleaseAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ReleaseAddress) + [RunInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/RunInstances) + [StartInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/StartInstances) + [StopInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/StopInstances) + [TerminateInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/TerminateInstances) + [UnmonitorInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/UnmonitorInstances) ## Ações ### `AllocateAddress` O código de exemplo a seguir mostra como usar `AllocateAddress`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_allocate_address # # This function allocates an Elastic IP address for use with Amazon Elastic Compute Cloud (Amazon EC2) instances in a specific AWS Region. # # Parameters: # -d domain - The domain for the Elastic IP address (either 'vpc' or 'standard'). # # Returns: # The allocated Elastic IP address, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_allocate_address() { local domain response # Function to display usage information function usage() { echo "function ec2_allocate_address" echo "Allocates an Elastic IP address for use with Amazon Elastic Compute Cloud (Amazon EC2) instances in a specific AWS Region." echo " -d domain - The domain for the Elastic IP address (either 'vpc' or 'standard')." echo "" } # Parse the command-line arguments while getopts "d:h" option; do case "${option}" in d) domain="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$domain" ]]; then errecho "ERROR: You must provide a domain with the -d parameter (either 'vpc' or 'standard')." return 1 fi if [[ "$domain" != "vpc" && "$domain" != "standard" ]]; then errecho "ERROR: Invalid domain value. Must be either 'vpc' or 'standard'." return 1 fi # Allocate the Elastic IP address response=$(aws ec2 allocate-address \ --domain "$domain" \ --query "[PublicIp,AllocationId]" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports allocate-address operation failed." errecho "$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [AllocateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AllocateAddress)em *Referência de AWS CLI Comandos*. ### `AssociateAddress` O código de exemplo a seguir mostra como usar `AssociateAddress`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_associate_address # # This function associates an Elastic IP address with an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a allocation_id - The allocation ID of the Elastic IP address to associate. # -i instance_id - The ID of the EC2 instance to associate the Elastic IP address with. # # Returns: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_associate_address() { local allocation_id instance_id response # Function to display usage information function usage() { echo "function ec2_associate_address" echo "Associates an Elastic IP address with an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a allocation_id - The allocation ID of the Elastic IP address to associate." echo " -i instance_id - The ID of the EC2 instance to associate the Elastic IP address with." echo "" } # Parse the command-line arguments while getopts "a:i:h" option; do case "${option}" in a) allocation_id="${OPTARG}" ;; i) instance_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$allocation_id" ]]; then errecho "ERROR: You must provide an allocation ID with the -a parameter." return 1 fi if [[ -z "$instance_id" ]]; then errecho "ERROR: You must provide an instance ID with the -i parameter." return 1 fi # Associate the Elastic IP address response=$(aws ec2 associate-address \ --allocation-id "$allocation_id" \ --instance-id "$instance_id" \ --query "AssociationId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports associate-address operation failed." errecho "$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [AssociateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AssociateAddress)em *Referência de AWS CLI Comandos*. ### `AuthorizeSecurityGroupIngress` O código de exemplo a seguir mostra como usar `AuthorizeSecurityGroupIngress`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_authorize_security_group_ingress # # This function authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -g security_group_id - The ID of the security group. # -i ip_address - The IP address or CIDR block to authorize. # -p protocol - The protocol to authorize (e.g., tcp, udp, icmp). # -f from_port - The start of the port range to authorize. # -t to_port - The end of the port range to authorize. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_authorize_security_group_ingress() { local security_group_id ip_address protocol from_port to_port response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_authorize_security_group_ingress" echo "Authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -g security_group_id - The ID of the security group." echo " -i ip_address - The IP address or CIDR block to authorize." echo " -p protocol - The protocol to authorize (e.g., tcp, udp, icmp)." echo " -f from_port - The start of the port range to authorize." echo " -t to_port - The end of the port range to authorize." echo "" } # Retrieve the calling parameters. while getopts "g:i:p:f:t:h" option; do case "${option}" in g) security_group_id="${OPTARG}" ;; i) ip_address="${OPTARG}" ;; p) protocol="${OPTARG}" ;; f) from_port="${OPTARG}" ;; t) to_port="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -g parameter." usage return 1 fi if [[ -z "$ip_address" ]]; then errecho "ERROR: You must provide an IP address or CIDR block with the -i parameter." usage return 1 fi if [[ -z "$protocol" ]]; then errecho "ERROR: You must provide a protocol with the -p parameter." usage return 1 fi if [[ -z "$from_port" ]]; then errecho "ERROR: You must provide a start port with the -f parameter." usage return 1 fi if [[ -z "$to_port" ]]; then errecho "ERROR: You must provide an end port with the -t parameter." usage return 1 fi response=$(aws ec2 authorize-security-group-ingress \ --group-id "$security_group_id" \ --cidr "${ip_address}/32" \ --protocol "$protocol" \ --port "$from_port-$to_port" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports authorize-security-group-ingress operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress)em *Referência de AWS CLI Comandos*. ### `CreateKeyPair` O código de exemplo a seguir mostra como usar `CreateKeyPair`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_create_keypair # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) ED25519 or 2048-bit RSA key pair # and writes it to a file. # # Parameters: # -n key_pair_name - A key pair name. # -f file_path - File to store the key pair. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_create_keypair() { local key_pair_name file_path response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_create_keypair" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) ED25519 or 2048-bit RSA key pair" echo " and writes it to a file." echo " -n key_pair_name - A key pair name." echo " -f file_path - File to store the key pair." echo "" } # Retrieve the calling parameters. while getopts "n:f:h" option; do case "${option}" in n) key_pair_name="${OPTARG}" ;; f) file_path="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key name with the -n parameter." usage return 1 fi if [[ -z "$file_path" ]]; then errecho "ERROR: You must provide a file path with the -f parameter." usage return 1 fi response=$(aws ec2 create-key-pair \ --key-name "$key_pair_name" \ --query 'KeyMaterial' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-access-key operation failed.$response" return 1 } if [[ -n "$file_path" ]]; then echo "$response" >"$file_path" fi return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [CreateKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateKeyPair)em *Referência de AWS CLI Comandos*. ### `CreateSecurityGroup` O código de exemplo a seguir mostra como usar `CreateSecurityGroup`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_create_security_group # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -n security_group_name - The name of the security group. # -d security_group_description - The description of the security group. # # Returns: # The ID of the created security group, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_create_security_group() { local security_group_name security_group_description response # Function to display usage information function usage() { echo "function ec2_create_security_group" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -n security_group_name - The name of the security group." echo " -d security_group_description - The description of the security group." echo "" } # Parse the command-line arguments while getopts "n:d:h" option; do case "${option}" in n) security_group_name="${OPTARG}" ;; d) security_group_description="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$security_group_name" ]]; then errecho "ERROR: You must provide a security group name with the -n parameter." return 1 fi if [[ -z "$security_group_description" ]]; then errecho "ERROR: You must provide a security group description with the -d parameter." return 1 fi # Create the security group response=$(aws ec2 create-security-group \ --group-name "$security_group_name" \ --description "$security_group_description" \ --query "GroupId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-security-group operation failed." errecho "$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [CreateSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSecurityGroup)em *Referência de AWS CLI Comandos*. ### `DeleteKeyPair` O código de exemplo a seguir mostra como usar `DeleteKeyPair`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_delete_keypair # # This function deletes an Amazon EC2 ED25519 or 2048-bit RSA key pair. # # Parameters: # -n key_pair_name - A key pair name. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_delete_keypair() { local key_pair_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_delete_keypair" echo "Deletes an Amazon EC2 ED25519 or 2048-bit RSA key pair." echo " -n key_pair_name - A key pair name." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) key_pair_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key pair name with the -n parameter." usage return 1 fi response=$(aws ec2 delete-key-pair \ --key-name "$key_pair_name") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports delete-key-pair operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DeleteKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteKeyPair)em *Referência de AWS CLI Comandos*. ### `DeleteSecurityGroup` O código de exemplo a seguir mostra como usar `DeleteSecurityGroup`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_delete_security_group # # This function deletes an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -i security_group_id - The ID of the security group to delete. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_delete_security_group() { local security_group_id response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_delete_security_group" echo "Deletes an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -i security_group_id - The ID of the security group to delete." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) security_group_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -i parameter." usage return 1 fi response=$(aws ec2 delete-security-group --group-id "$security_group_id" --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports delete-security-group operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DeleteSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSecurityGroup)em *Referência de AWS CLI Comandos*. ### `DescribeImages` O código de exemplo a seguir mostra como usar `DescribeImages`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_describe_images # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) images. # # Parameters: # -i image_ids - A space-separated list of image IDs (optional). # -h - Display help. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_images() { local image_ids response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_images" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) images." echo " -i image_ids - A space-separated list of image IDs (optional)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) image_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local aws_cli_args=() if [[ -n "$image_ids" ]]; then # shellcheck disable=SC2206 aws_cli_args+=("--image-ids" $image_ids) fi response=$(aws ec2 describe-images \ "${aws_cli_args[@]}" \ --query 'Images[*].[Description,Architecture,ImageId]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-images operation failed.$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeImages](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeImages)em *Referência de AWS CLI Comandos*. ### `DescribeInstanceTypes` O código de exemplo a seguir mostra como usar `DescribeInstanceTypes`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # ec2_describe_instance_types # # This function describes EC2 instance types filtered by processor architecture # and optionally by instance type. It takes the following arguments: # # -a, --architecture ARCHITECTURE Specify the processor architecture (e.g., x86_64) # -t, --type INSTANCE_TYPE Comma-separated list of instance types (e.g., t2.micro) # -h, --help Show the usage help # # The function prints the instance type and supported architecture for each # matching instance type. ############################################################################### function ec2_describe_instance_types() { local architecture="" local instance_types="" # bashsupport disable=BP5008 function usage() { echo "Usage: ec2_describe_instance_types [-a|--architecture ARCHITECTURE] [-t|--type INSTANCE_TYPE] [-h|--help]" echo " -a, --architecture ARCHITECTURE Specify the processor architecture (e.g., x86_64)" echo " -t, --type INSTANCE_TYPE Comma-separated list of instance types (e.g., t2.micro)" echo " -h, --help Show this help message" } while [[ $# -gt 0 ]]; do case "$1" in -a | --architecture) architecture="$2" shift 2 ;; -t | --type) instance_types="$2" shift 2 ;; -h | --help) usage return 0 ;; *) echo "Unknown argument: $1" return 1 ;; esac done if [[ -z "$architecture" ]]; then errecho "Error: Architecture not specified." usage return 1 fi if [[ -z "$instance_types" ]]; then errecho "Error: Instance type not specified." usage return 1 fi local tmp_json_file="temp_ec2.json" echo -n '[ { "Name": "processor-info.supported-architecture", "Values": [' >"$tmp_json_file" local items IFS=',' read -ra items <<<"$architecture" local array_size array_size=${#items[@]} for i in $(seq 0 $((array_size - 1))); do echo -n '"'"${items[$i]}"'"' >>"$tmp_json_file" if [[ $i -lt $((array_size - 1)) ]]; then echo -n ',' >>"$tmp_json_file" fi done echo -n ']}, { "Name": "instance-type", "Values": [' >>"$tmp_json_file" IFS=',' read -ra items <<<"$instance_types" local array_size array_size=${#items[@]} for i in $(seq 0 $((array_size - 1))); do echo -n '"'"${items[$i]}"'"' >>"$tmp_json_file" if [[ $i -lt $((array_size - 1)) ]]; then echo -n ',' >>"$tmp_json_file" fi done echo -n ']}]' >>"$tmp_json_file" local response response=$(aws ec2 describe-instance-types --filters file://"$tmp_json_file" \ --query 'InstanceTypes[*].[InstanceType]' --output text) local error_code=$? rm "$tmp_json_file" if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code echo "ERROR: AWS reports describe-instance-types operation failed." return 1 fi echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeInstanceTypes](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInstanceTypes)em *Referência de AWS CLI Comandos*. ### `DescribeInstances` O código de exemplo a seguir mostra como usar `DescribeInstances`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_describe_instances # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID of the instance to describe (optional). # -q query - The query to filter the response (optional). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_instances() { local instance_id query response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_instances" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID of the instance to describe (optional)." echo " -q query - The query to filter the response (optional)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:q:h" option; do case "${option}" in i) instance_id="${OPTARG}" ;; q) query="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local aws_cli_args=() if [[ -n "$instance_id" ]]; then # shellcheck disable=SC2206 aws_cli_args+=("--instance-ids" $instance_id) fi local query_arg="" if [[ -n "$query" ]]; then query_arg="--query '$query'" else query_arg="--query Reservations[*].Instances[*].[InstanceId,ImageId,InstanceType,KeyName,VpcId,PublicIpAddress,State.Name]" fi # shellcheck disable=SC2086 response=$(aws ec2 describe-instances \ "${aws_cli_args[@]}" \ $query_arg \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-instances operation failed.$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInstances)em *Referência de AWS CLI Comandos*. ### `DescribeKeyPairs` O código de exemplo a seguir mostra como usar `DescribeKeyPairs`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_describe_key_pairs # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) key pairs. # # Parameters: # -h - Display help. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_key_pairs() { local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_key_pairs" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) key pairs." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "h" option; do case "${option}" in h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local response response=$(aws ec2 describe-key-pairs \ --query 'KeyPairs[*].[KeyName, KeyFingerprint]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports describe-key-pairs operation failed.$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeKeyPairs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeKeyPairs)em *Referência de AWS CLI Comandos*. ### `DescribeSecurityGroups` O código de exemplo a seguir mostra como usar `DescribeSecurityGroups`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_describe_security_groups # # This function describes one or more Amazon Elastic Compute Cloud (Amazon EC2) security groups. # # Parameters: # -g security_group_id - The ID of the security group to describe (optional). # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_describe_security_groups() { local security_group_id response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_describe_security_groups" echo "Describes one or more Amazon Elastic Compute Cloud (Amazon EC2) security groups." echo " -g security_group_id - The ID of the security group to describe (optional)." echo "" } # Retrieve the calling parameters. while getopts "g:h" option; do case "${option}" in g) security_group_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local query="SecurityGroups[*].[GroupName, GroupId, VpcId, IpPermissions[*].[IpProtocol, FromPort, ToPort, IpRanges[*].CidrIp]]" if [[ -n "$security_group_id" ]]; then response=$(aws ec2 describe-security-groups --group-ids "$security_group_id" --query "${query}" --output text) else response=$(aws ec2 describe-security-groups --query "${query}" --output text) fi local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports describe-security-groups operation failed.$response" return 1 fi echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DescribeSecurityGroups](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSecurityGroups)em *Referência de AWS CLI Comandos*. ### `DisassociateAddress` O código de exemplo a seguir mostra como usar `DisassociateAddress`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_disassociate_address # # This function disassociates an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a association_id - The association ID that represents the association of the Elastic IP address with an instance. # # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_disassociate_address() { local association_id response # Function to display usage information function usage() { echo "function ec2_disassociate_address" echo "Disassociates an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a association_id - The association ID that represents the association of the Elastic IP address with an instance." echo "" } # Parse the command-line arguments while getopts "a:h" option; do case "${option}" in a) association_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$association_id" ]]; then errecho "ERROR: You must provide an association ID with the -a parameter." return 1 fi response=$(aws ec2 disassociate-address \ --association-id "$association_id") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports disassociate-address operation failed." errecho "$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [DisassociateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DisassociateAddress)em *Referência de AWS CLI Comandos*. ### `ReleaseAddress` O código de exemplo a seguir mostra como usar `ReleaseAddress`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_release_address # # This function releases an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance. # # Parameters: # -a allocation_id - The allocation ID of the Elastic IP address to release. # # Returns: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_release_address() { local allocation_id response # Function to display usage information function usage() { echo "function ec2_release_address" echo "Releases an Elastic IP address from an Amazon Elastic Compute Cloud (Amazon EC2) instance." echo " -a allocation_id - The allocation ID of the Elastic IP address to release." echo "" } # Parse the command-line arguments while getopts "a:h" option; do case "${option}" in a) allocation_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$allocation_id" ]]; then errecho "ERROR: You must provide an allocation ID with the -a parameter." return 1 fi response=$(aws ec2 release-address \ --allocation-id "$allocation_id") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports release-address operation failed." errecho "$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [ReleaseAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ReleaseAddress)em *Referência de AWS CLI Comandos*. ### `RunInstances` O código de exemplo a seguir mostra como usar `RunInstances`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_run_instances # # This function launches one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i image_id - The ID of the Amazon Machine Image (AMI) to use. # -t instance_type - The instance type to use (e.g., t2.micro). # -k key_pair_name - The name of the key pair to use. # -s security_group_id - The ID of the security group to use. # -c count - The number of instances to launch (default: 1). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_run_instances() { local image_id instance_type key_pair_name security_group_id count response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_run_instances" echo "Launches one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i image_id - The ID of the Amazon Machine Image (AMI) to use." echo " -t instance_type - The instance type to use (e.g., t2.micro)." echo " -k key_pair_name - The name of the key pair to use." echo " -s security_group_id - The ID of the security group to use." echo " -c count - The number of instances to launch (default: 1)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:t:k:s:c:h" option; do case "${option}" in i) image_id="${OPTARG}" ;; t) instance_type="${OPTARG}" ;; k) key_pair_name="${OPTARG}" ;; s) security_group_id="${OPTARG}" ;; c) count="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$image_id" ]]; then errecho "ERROR: You must provide an Amazon Machine Image (AMI) ID with the -i parameter." usage return 1 fi if [[ -z "$instance_type" ]]; then errecho "ERROR: You must provide an instance type with the -t parameter." usage return 1 fi if [[ -z "$key_pair_name" ]]; then errecho "ERROR: You must provide a key pair name with the -k parameter." usage return 1 fi if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -s parameter." usage return 1 fi if [[ -z "$count" ]]; then count=1 fi response=$(aws ec2 run-instances \ --image-id "$image_id" \ --instance-type "$instance_type" \ --key-name "$key_pair_name" \ --security-group-ids "$security_group_id" \ --count "$count" \ --query 'Instances[*].[InstanceId]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports run-instances operation failed.$response" return 1 } echo "$response" return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [RunInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/RunInstances)em *Referência de AWS CLI Comandos*. ### `StartInstances` O código de exemplo a seguir mostra como usar `StartInstances`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_start_instances # # This function starts one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID(s) of the instance(s) to start (comma-separated). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_start_instances() { local instance_ids local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_start_instances" echo "Starts one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID(s) of the instance(s) to start (comma-separated)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$instance_ids" ]]; then errecho "ERROR: You must provide one or more instance IDs with the -i parameter." usage return 1 fi response=$(aws ec2 start-instances \ --instance-ids "${instance_ids}") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports start-instances operation failed with $response." return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [StartInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/StartInstances)em *Referência de AWS CLI Comandos*. ### `StopInstances` O código de exemplo a seguir mostra como usar `StopInstances`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_stop_instances # # This function stops one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. # # Parameters: # -i instance_id - The ID(s) of the instance(s) to stop (comma-separated). # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_stop_instances() { local instance_ids local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_stop_instances" echo "Stops one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_id - The ID(s) of the instance(s) to stop (comma-separated)." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$instance_ids" ]]; then errecho "ERROR: You must provide one or more instance IDs with the -i parameter." usage return 1 fi response=$(aws ec2 stop-instances \ --instance-ids "${instance_ids}") || { aws_cli_error_log ${?} errecho "ERROR: AWS reports stop-instances operation failed with $response." return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [StopInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/StopInstances)em *Referência de AWS CLI Comandos*. ### `TerminateInstances` O código de exemplo a seguir mostra como usar `TerminateInstances`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_terminate_instances # # This function terminates one or more Amazon Elastic Compute Cloud (Amazon EC2) # instances using the AWS CLI. # # Parameters: # -i instance_ids - A space-separated list of instance IDs. # -h - Display help. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_terminate_instances() { local instance_ids response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_terminate_instances" echo "Terminates one or more Amazon Elastic Compute Cloud (Amazon EC2) instances." echo " -i instance_ids - A space-separated list of instance IDs." echo " -h - Display help." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) instance_ids="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Check if instance ID is provided if [[ -z "${instance_ids}" ]]; then echo "Error: Missing required instance IDs parameter." usage return 1 fi # shellcheck disable=SC2086 response=$(aws ec2 terminate-instances \ "--instance-ids" $instance_ids \ --query 'TerminatingInstances[*].[InstanceId,CurrentState.Name]' \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports terminate-instances operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [TerminateInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/TerminateInstances)em *Referência de AWS CLI Comandos*. ## Cenários ### Criar uma VPC com sub-redes privadas e gateways NAT O exemplo de código a seguir mostra como: + Criar uma VPC com sub-redes privadas e gateways NAT usando a CLI. + Configurar os componentes necessários, como VPC, sub-redes, tabelas de rotas e gateways NAT. + Configurar grupos de segurança e perfis do IAM para acesso e segurança adequados. + Usar os comandos da CLI para automatizar a criação e a configuração desses recursos. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/008-vpc-private-servers-gs). ``` #!/bin/bash # VPC with Private Subnets and NAT Gateways (IMDSv2 Compliant Version) # This script creates a VPC with public and private subnets in two Availability Zones, # NAT gateways, an internet gateway, route tables, a VPC endpoint for S3, # security groups, a launch template, an Auto Scaling group, and an Application Load Balancer. # Set up logging LOG_FILE="vpc-private-subnets-nat.log" exec > >(tee -a "$LOG_FILE") 2>&1 # Cleanup function to delete all created resources cleanup_resources() { echo "Cleaning up resources..." # Delete Auto Scaling group if it exists if [ -n "${ASG_NAME:-}" ]; then echo "Deleting Auto Scaling group: $ASG_NAME" aws autoscaling delete-auto-scaling-group --auto-scaling-group-name "$ASG_NAME" --force-delete echo "Waiting for Auto Scaling group to be deleted..." aws autoscaling wait auto-scaling-groups-deleted --auto-scaling-group-names "$ASG_NAME" fi # Delete load balancer if it exists if [ -n "${LB_ARN:-}" ]; then echo "Deleting load balancer: $LB_ARN" aws elbv2 delete-load-balancer --load-balancer-arn "$LB_ARN" # Wait for load balancer to be deleted sleep 30 fi # Delete target group if it exists if [ -n "${TARGET_GROUP_ARN:-}" ]; then echo "Deleting target group: $TARGET_GROUP_ARN" aws elbv2 delete-target-group --target-group-arn "$TARGET_GROUP_ARN" fi # Delete launch template if it exists if [ -n "${LAUNCH_TEMPLATE_NAME:-}" ]; then echo "Deleting launch template: $LAUNCH_TEMPLATE_NAME" aws ec2 delete-launch-template --launch-template-name "$LAUNCH_TEMPLATE_NAME" fi # Delete NAT Gateways if they exist if [ -n "${NAT_GW1_ID:-}" ]; then echo "Deleting NAT Gateway 1: $NAT_GW1_ID" aws ec2 delete-nat-gateway --nat-gateway-id "$NAT_GW1_ID" fi if [ -n "${NAT_GW2_ID:-}" ]; then echo "Deleting NAT Gateway 2: $NAT_GW2_ID" aws ec2 delete-nat-gateway --nat-gateway-id "$NAT_GW2_ID" fi # Wait for NAT Gateways to be deleted if [ -n "${NAT_GW1_ID:-}" ] || [ -n "${NAT_GW2_ID:-}" ]; then echo "Waiting for NAT Gateways to be deleted..." sleep 60 fi # Release Elastic IPs if they exist if [ -n "${EIP1_ALLOC_ID:-}" ]; then echo "Releasing Elastic IP 1: $EIP1_ALLOC_ID" aws ec2 release-address --allocation-id "$EIP1_ALLOC_ID" fi if [ -n "${EIP2_ALLOC_ID:-}" ]; then echo "Releasing Elastic IP 2: $EIP2_ALLOC_ID" aws ec2 release-address --allocation-id "$EIP2_ALLOC_ID" fi # Delete VPC endpoint if it exists if [ -n "${VPC_ENDPOINT_ID:-}" ]; then echo "Deleting VPC endpoint: $VPC_ENDPOINT_ID" aws ec2 delete-vpc-endpoints --vpc-endpoint-ids "$VPC_ENDPOINT_ID" fi # Delete security groups if they exist if [ -n "${APP_SG_ID:-}" ]; then echo "Deleting application security group: $APP_SG_ID" aws ec2 delete-security-group --group-id "$APP_SG_ID" fi if [ -n "${LB_SG_ID:-}" ]; then echo "Deleting load balancer security group: $LB_SG_ID" aws ec2 delete-security-group --group-id "$LB_SG_ID" fi # Detach and delete Internet Gateway if it exists if [ -n "${IGW_ID:-}" ] && [ -n "${VPC_ID:-}" ]; then echo "Detaching Internet Gateway: $IGW_ID from VPC: $VPC_ID" aws ec2 detach-internet-gateway --internet-gateway-id "$IGW_ID" --vpc-id "$VPC_ID" echo "Deleting Internet Gateway: $IGW_ID" aws ec2 delete-internet-gateway --internet-gateway-id "$IGW_ID" fi # Delete route table associations and route tables if they exist if [ -n "${PUBLIC_RT_ASSOC1_ID:-}" ]; then echo "Disassociating public route table from subnet 1: $PUBLIC_RT_ASSOC1_ID" aws ec2 disassociate-route-table --association-id "$PUBLIC_RT_ASSOC1_ID" fi if [ -n "${PUBLIC_RT_ASSOC2_ID:-}" ]; then echo "Disassociating public route table from subnet 2: $PUBLIC_RT_ASSOC2_ID" aws ec2 disassociate-route-table --association-id "$PUBLIC_RT_ASSOC2_ID" fi if [ -n "${PRIVATE_RT1_ASSOC_ID:-}" ]; then echo "Disassociating private route table 1: $PRIVATE_RT1_ASSOC_ID" aws ec2 disassociate-route-table --association-id "$PRIVATE_RT1_ASSOC_ID" fi if [ -n "${PRIVATE_RT2_ASSOC_ID:-}" ]; then echo "Disassociating private route table 2: $PRIVATE_RT2_ASSOC_ID" aws ec2 disassociate-route-table --association-id "$PRIVATE_RT2_ASSOC_ID" fi if [ -n "${PUBLIC_RT_ID:-}" ]; then echo "Deleting public route table: $PUBLIC_RT_ID" aws ec2 delete-route-table --route-table-id "$PUBLIC_RT_ID" fi if [ -n "${PRIVATE_RT1_ID:-}" ]; then echo "Deleting private route table 1: $PRIVATE_RT1_ID" aws ec2 delete-route-table --route-table-id "$PRIVATE_RT1_ID" fi if [ -n "${PRIVATE_RT2_ID:-}" ]; then echo "Deleting private route table 2: $PRIVATE_RT2_ID" aws ec2 delete-route-table --route-table-id "$PRIVATE_RT2_ID" fi # Delete subnets if they exist if [ -n "${PUBLIC_SUBNET1_ID:-}" ]; then echo "Deleting public subnet 1: $PUBLIC_SUBNET1_ID" aws ec2 delete-subnet --subnet-id "$PUBLIC_SUBNET1_ID" fi if [ -n "${PUBLIC_SUBNET2_ID:-}" ]; then echo "Deleting public subnet 2: $PUBLIC_SUBNET2_ID" aws ec2 delete-subnet --subnet-id "$PUBLIC_SUBNET2_ID" fi if [ -n "${PRIVATE_SUBNET1_ID:-}" ]; then echo "Deleting private subnet 1: $PRIVATE_SUBNET1_ID" aws ec2 delete-subnet --subnet-id "$PRIVATE_SUBNET1_ID" fi if [ -n "${PRIVATE_SUBNET2_ID:-}" ]; then echo "Deleting private subnet 2: $PRIVATE_SUBNET2_ID" aws ec2 delete-subnet --subnet-id "$PRIVATE_SUBNET2_ID" fi # Delete VPC if it exists if [ -n "${VPC_ID:-}" ]; then echo "Deleting VPC: $VPC_ID" aws ec2 delete-vpc --vpc-id "$VPC_ID" fi echo "Cleanup completed." } # Error handling function handle_error() { echo "ERROR: $1" echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to check command success check_command() { if [ $? -ne 0 ]; then handle_error "$1" fi } # Generate a random identifier for resource names RANDOM_ID=$(openssl rand -hex 4) echo "Using random identifier: $RANDOM_ID" # Create VPC echo "Creating VPC..." VPC_RESULT=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=ProductionVPC-$RANDOM_ID}]") check_command "Failed to create VPC" VPC_ID=$(echo "$VPC_RESULT" | jq -r '.Vpc.VpcId') echo "VPC created with ID: $VPC_ID" # Get Availability Zones echo "Getting Availability Zones..." AZ_RESULT=$(aws ec2 describe-availability-zones --query 'AvailabilityZones[0:2].ZoneName' --output text) check_command "Failed to get Availability Zones" # Convert space-separated output to array read -r -a AZS <<< "$AZ_RESULT" AZ1=${AZS[0]} AZ2=${AZS[1]} echo "Using Availability Zones: $AZ1 and $AZ2" # Create subnets echo "Creating subnets..." PUBLIC_SUBNET1_RESULT=$(aws ec2 create-subnet --vpc-id "$VPC_ID" --cidr-block 10.0.0.0/24 --availability-zone "$AZ1" --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=PublicSubnet1-$RANDOM_ID}]") check_command "Failed to create public subnet 1" PUBLIC_SUBNET1_ID=$(echo "$PUBLIC_SUBNET1_RESULT" | jq -r '.Subnet.SubnetId') PRIVATE_SUBNET1_RESULT=$(aws ec2 create-subnet --vpc-id "$VPC_ID" --cidr-block 10.0.1.0/24 --availability-zone "$AZ1" --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=PrivateSubnet1-$RANDOM_ID}]") check_command "Failed to create private subnet 1" PRIVATE_SUBNET1_ID=$(echo "$PRIVATE_SUBNET1_RESULT" | jq -r '.Subnet.SubnetId') PUBLIC_SUBNET2_RESULT=$(aws ec2 create-subnet --vpc-id "$VPC_ID" --cidr-block 10.0.2.0/24 --availability-zone "$AZ2" --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=PublicSubnet2-$RANDOM_ID}]") check_command "Failed to create public subnet 2" PUBLIC_SUBNET2_ID=$(echo "$PUBLIC_SUBNET2_RESULT" | jq -r '.Subnet.SubnetId') PRIVATE_SUBNET2_RESULT=$(aws ec2 create-subnet --vpc-id "$VPC_ID" --cidr-block 10.0.3.0/24 --availability-zone "$AZ2" --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=PrivateSubnet2-$RANDOM_ID}]") check_command "Failed to create private subnet 2" PRIVATE_SUBNET2_ID=$(echo "$PRIVATE_SUBNET2_RESULT" | jq -r '.Subnet.SubnetId') echo "Subnets created with IDs:" echo "Public Subnet 1: $PUBLIC_SUBNET1_ID" echo "Private Subnet 1: $PRIVATE_SUBNET1_ID" echo "Public Subnet 2: $PUBLIC_SUBNET2_ID" echo "Private Subnet 2: $PRIVATE_SUBNET2_ID" # Create Internet Gateway echo "Creating Internet Gateway..." IGW_RESULT=$(aws ec2 create-internet-gateway --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=ProductionIGW-$RANDOM_ID}]") check_command "Failed to create Internet Gateway" IGW_ID=$(echo "$IGW_RESULT" | jq -r '.InternetGateway.InternetGatewayId') echo "Internet Gateway created with ID: $IGW_ID" # Attach Internet Gateway to VPC echo "Attaching Internet Gateway to VPC..." aws ec2 attach-internet-gateway --internet-gateway-id "$IGW_ID" --vpc-id "$VPC_ID" check_command "Failed to attach Internet Gateway to VPC" # Create route tables echo "Creating route tables..." PUBLIC_RT_RESULT=$(aws ec2 create-route-table --vpc-id "$VPC_ID" --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=PublicRouteTable-$RANDOM_ID}]") check_command "Failed to create public route table" PUBLIC_RT_ID=$(echo "$PUBLIC_RT_RESULT" | jq -r '.RouteTable.RouteTableId') PRIVATE_RT1_RESULT=$(aws ec2 create-route-table --vpc-id "$VPC_ID" --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=PrivateRouteTable1-$RANDOM_ID}]") check_command "Failed to create private route table 1" PRIVATE_RT1_ID=$(echo "$PRIVATE_RT1_RESULT" | jq -r '.RouteTable.RouteTableId') PRIVATE_RT2_RESULT=$(aws ec2 create-route-table --vpc-id "$VPC_ID" --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=PrivateRouteTable2-$RANDOM_ID}]") check_command "Failed to create private route table 2" PRIVATE_RT2_ID=$(echo "$PRIVATE_RT2_RESULT" | jq -r '.RouteTable.RouteTableId') echo "Route tables created with IDs:" echo "Public Route Table: $PUBLIC_RT_ID" echo "Private Route Table 1: $PRIVATE_RT1_ID" echo "Private Route Table 2: $PRIVATE_RT2_ID" # Add route to Internet Gateway in public route table echo "Adding route to Internet Gateway in public route table..." aws ec2 create-route --route-table-id "$PUBLIC_RT_ID" --destination-cidr-block 0.0.0.0/0 --gateway-id "$IGW_ID" check_command "Failed to add route to Internet Gateway" # Associate subnets with route tables echo "Associating subnets with route tables..." PUBLIC_RT_ASSOC1_RESULT=$(aws ec2 associate-route-table --route-table-id "$PUBLIC_RT_ID" --subnet-id "$PUBLIC_SUBNET1_ID") check_command "Failed to associate public subnet 1 with route table" PUBLIC_RT_ASSOC1_ID=$(echo "$PUBLIC_RT_ASSOC1_RESULT" | jq -r '.AssociationId') PUBLIC_RT_ASSOC2_RESULT=$(aws ec2 associate-route-table --route-table-id "$PUBLIC_RT_ID" --subnet-id "$PUBLIC_SUBNET2_ID") check_command "Failed to associate public subnet 2 with route table" PUBLIC_RT_ASSOC2_ID=$(echo "$PUBLIC_RT_ASSOC2_RESULT" | jq -r '.AssociationId') PRIVATE_RT1_ASSOC_RESULT=$(aws ec2 associate-route-table --route-table-id "$PRIVATE_RT1_ID" --subnet-id "$PRIVATE_SUBNET1_ID") check_command "Failed to associate private subnet 1 with route table" PRIVATE_RT1_ASSOC_ID=$(echo "$PRIVATE_RT1_ASSOC_RESULT" | jq -r '.AssociationId') PRIVATE_RT2_ASSOC_RESULT=$(aws ec2 associate-route-table --route-table-id "$PRIVATE_RT2_ID" --subnet-id "$PRIVATE_SUBNET2_ID") check_command "Failed to associate private subnet 2 with route table" PRIVATE_RT2_ASSOC_ID=$(echo "$PRIVATE_RT2_ASSOC_RESULT" | jq -r '.AssociationId') echo "Route table associations created with IDs:" echo "Public Subnet 1 Association: $PUBLIC_RT_ASSOC1_ID" echo "Public Subnet 2 Association: $PUBLIC_RT_ASSOC2_ID" echo "Private Subnet 1 Association: $PRIVATE_RT1_ASSOC_ID" echo "Private Subnet 2 Association: $PRIVATE_RT2_ASSOC_ID" # Create NAT Gateways echo "Creating NAT Gateways..." # Allocate Elastic IPs for NAT Gateways echo "Allocating Elastic IPs for NAT Gateways..." EIP1_RESULT=$(aws ec2 allocate-address --domain vpc --tag-specifications "ResourceType=elastic-ip,Tags=[{Key=Name,Value=NAT1-EIP-$RANDOM_ID}]") check_command "Failed to allocate Elastic IP 1" EIP1_ALLOC_ID=$(echo "$EIP1_RESULT" | jq -r '.AllocationId') EIP2_RESULT=$(aws ec2 allocate-address --domain vpc --tag-specifications "ResourceType=elastic-ip,Tags=[{Key=Name,Value=NAT2-EIP-$RANDOM_ID}]") check_command "Failed to allocate Elastic IP 2" EIP2_ALLOC_ID=$(echo "$EIP2_RESULT" | jq -r '.AllocationId') echo "Elastic IPs allocated with IDs:" echo "EIP 1 Allocation ID: $EIP1_ALLOC_ID" echo "EIP 2 Allocation ID: $EIP2_ALLOC_ID" # Create NAT Gateways echo "Creating NAT Gateway in public subnet 1..." NAT_GW1_RESULT=$(aws ec2 create-nat-gateway --subnet-id "$PUBLIC_SUBNET1_ID" --allocation-id "$EIP1_ALLOC_ID" --tag-specifications "ResourceType=natgateway,Tags=[{Key=Name,Value=NAT-Gateway1-$RANDOM_ID}]") check_command "Failed to create NAT Gateway 1" NAT_GW1_ID=$(echo "$NAT_GW1_RESULT" | jq -r '.NatGateway.NatGatewayId') echo "Creating NAT Gateway in public subnet 2..." NAT_GW2_RESULT=$(aws ec2 create-nat-gateway --subnet-id "$PUBLIC_SUBNET2_ID" --allocation-id "$EIP2_ALLOC_ID" --tag-specifications "ResourceType=natgateway,Tags=[{Key=Name,Value=NAT-Gateway2-$RANDOM_ID}]") check_command "Failed to create NAT Gateway 2" NAT_GW2_ID=$(echo "$NAT_GW2_RESULT" | jq -r '.NatGateway.NatGatewayId') echo "NAT Gateways created with IDs:" echo "NAT Gateway 1: $NAT_GW1_ID" echo "NAT Gateway 2: $NAT_GW2_ID" # Wait for NAT Gateways to be available echo "Waiting for NAT Gateways to be available..." aws ec2 wait nat-gateway-available --nat-gateway-ids "$NAT_GW1_ID" check_command "NAT Gateway 1 did not become available" aws ec2 wait nat-gateway-available --nat-gateway-ids "$NAT_GW2_ID" check_command "NAT Gateway 2 did not become available" echo "NAT Gateways are now available" # Add routes to NAT Gateways in private route tables echo "Adding routes to NAT Gateways in private route tables..." aws ec2 create-route --route-table-id "$PRIVATE_RT1_ID" --destination-cidr-block 0.0.0.0/0 --nat-gateway-id "$NAT_GW1_ID" check_command "Failed to add route to NAT Gateway 1" aws ec2 create-route --route-table-id "$PRIVATE_RT2_ID" --destination-cidr-block 0.0.0.0/0 --nat-gateway-id "$NAT_GW2_ID" check_command "Failed to add route to NAT Gateway 2" # Create VPC Endpoint for S3 echo "Creating VPC Endpoint for S3..." S3_PREFIX_LIST_ID=$(aws ec2 describe-prefix-lists --filters "Name=prefix-list-name,Values=com.amazonaws.$(aws configure get region).s3" --query 'PrefixLists[0].PrefixListId' --output text) check_command "Failed to get S3 prefix list ID" VPC_ENDPOINT_RESULT=$(aws ec2 create-vpc-endpoint --vpc-id "$VPC_ID" --service-name "com.amazonaws.$(aws configure get region).s3" --route-table-ids "$PRIVATE_RT1_ID" "$PRIVATE_RT2_ID" --tag-specifications "ResourceType=vpc-endpoint,Tags=[{Key=Name,Value=S3-Endpoint-$RANDOM_ID}]") check_command "Failed to create VPC endpoint for S3" VPC_ENDPOINT_ID=$(echo "$VPC_ENDPOINT_RESULT" | jq -r '.VpcEndpoint.VpcEndpointId') echo "VPC Endpoint created with ID: $VPC_ENDPOINT_ID" # Create security groups echo "Creating security groups..." LB_SG_RESULT=$(aws ec2 create-security-group --group-name "LoadBalancerSG-$RANDOM_ID" --description "Security group for the load balancer" --vpc-id "$VPC_ID" --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=LoadBalancerSG-$RANDOM_ID}]") check_command "Failed to create load balancer security group" LB_SG_ID=$(echo "$LB_SG_RESULT" | jq -r '.GroupId') # Allow inbound HTTP traffic from anywhere to the load balancer aws ec2 authorize-security-group-ingress --group-id "$LB_SG_ID" --protocol tcp --port 80 --cidr 0.0.0.0/0 check_command "Failed to authorize ingress to load balancer security group" APP_SG_RESULT=$(aws ec2 create-security-group --group-name "AppServerSG-$RANDOM_ID" --description "Security group for the application servers" --vpc-id "$VPC_ID" --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=AppServerSG-$RANDOM_ID}]") check_command "Failed to create application server security group" APP_SG_ID=$(echo "$APP_SG_RESULT" | jq -r '.GroupId') # Allow inbound HTTP traffic from the load balancer security group to the application servers aws ec2 authorize-security-group-ingress --group-id "$APP_SG_ID" --protocol tcp --port 80 --source-group "$LB_SG_ID" check_command "Failed to authorize ingress to application server security group" echo "Security groups created with IDs:" echo "Load Balancer Security Group: $LB_SG_ID" echo "Application Server Security Group: $APP_SG_ID" # Create a launch template echo "Creating launch template..." # Create user data script with IMDSv2 support cat > user-data.sh << 'EOF' #!/bin/bash yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd # Use IMDSv2 with session token TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") AZ=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/placement/availability-zone) HOSTNAME=$(hostname -f) echo "

Hello from $HOSTNAME in $AZ

" > /var/www/html/index.html EOF # Encode user data USER_DATA=$(base64 -w 0 user-data.sh) # Get latest Amazon Linux 2 AMI echo "Getting latest Amazon Linux 2 AMI..." AMI_ID=$(aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" "Name=state,Values=available" --query 'sort_by(Images, &CreationDate)[-1].ImageId' --output text) check_command "Failed to get latest Amazon Linux 2 AMI" echo "Using AMI: $AMI_ID" # Create launch template with IMDSv2 required LAUNCH_TEMPLATE_NAME="AppServerTemplate-$RANDOM_ID" echo "Creating launch template: $LAUNCH_TEMPLATE_NAME" aws ec2 create-launch-template \ --launch-template-name "$LAUNCH_TEMPLATE_NAME" \ --version-description "Initial version" \ --tag-specifications "ResourceType=launch-template,Tags=[{Key=Name,Value=$LAUNCH_TEMPLATE_NAME}]" \ --launch-template-data "{ \"NetworkInterfaces\": [{ \"DeviceIndex\": 0, \"Groups\": [\"$APP_SG_ID\"], \"DeleteOnTermination\": true }], \"ImageId\": \"$AMI_ID\", \"InstanceType\": \"t3.micro\", \"UserData\": \"$USER_DATA\", \"MetadataOptions\": { \"HttpTokens\": \"required\", \"HttpEndpoint\": \"enabled\" }, \"TagSpecifications\": [{ \"ResourceType\": \"instance\", \"Tags\": [{ \"Key\": \"Name\", \"Value\": \"AppServer-$RANDOM_ID\" }] }] }" check_command "Failed to create launch template" # Create target group echo "Creating target group..." TARGET_GROUP_NAME="AppTargetGroup-$RANDOM_ID" TARGET_GROUP_RESULT=$(aws elbv2 create-target-group \ --name "$TARGET_GROUP_NAME" \ --protocol HTTP \ --port 80 \ --vpc-id "$VPC_ID" \ --target-type instance \ --health-check-protocol HTTP \ --health-check-path "/" \ --health-check-port traffic-port) check_command "Failed to create target group" TARGET_GROUP_ARN=$(echo "$TARGET_GROUP_RESULT" | jq -r '.TargetGroups[0].TargetGroupArn') echo "Target group created with ARN: $TARGET_GROUP_ARN" # Create load balancer echo "Creating load balancer..." LB_NAME="AppLoadBalancer-$RANDOM_ID" LB_RESULT=$(aws elbv2 create-load-balancer \ --name "$LB_NAME" \ --subnets "$PUBLIC_SUBNET1_ID" "$PUBLIC_SUBNET2_ID" \ --security-groups "$LB_SG_ID" \ --tags "Key=Name,Value=$LB_NAME") check_command "Failed to create load balancer" LB_ARN=$(echo "$LB_RESULT" | jq -r '.LoadBalancers[0].LoadBalancerArn') echo "Load balancer created with ARN: $LB_ARN" # Wait for load balancer to be active echo "Waiting for load balancer to be active..." aws elbv2 wait load-balancer-available --load-balancer-arns "$LB_ARN" check_command "Load balancer did not become available" # Create listener echo "Creating listener..." LISTENER_RESULT=$(aws elbv2 create-listener \ --load-balancer-arn "$LB_ARN" \ --protocol HTTP \ --port 80 \ --default-actions "Type=forward,TargetGroupArn=$TARGET_GROUP_ARN") check_command "Failed to create listener" LISTENER_ARN=$(echo "$LISTENER_RESULT" | jq -r '.Listeners[0].ListenerArn') echo "Listener created with ARN: $LISTENER_ARN" # Create Auto Scaling group echo "Creating Auto Scaling group..." ASG_NAME="AppAutoScalingGroup-$RANDOM_ID" aws autoscaling create-auto-scaling-group \ --auto-scaling-group-name "$ASG_NAME" \ --launch-template "LaunchTemplateName=$LAUNCH_TEMPLATE_NAME,Version=\$Latest" \ --min-size 2 \ --max-size 4 \ --desired-capacity 2 \ --vpc-zone-identifier "$PRIVATE_SUBNET1_ID,$PRIVATE_SUBNET2_ID" \ --target-group-arns "$TARGET_GROUP_ARN" \ --health-check-type ELB \ --health-check-grace-period 300 \ --tags "Key=Name,Value=AppServer-$RANDOM_ID,PropagateAtLaunch=true" check_command "Failed to create Auto Scaling group" echo "Auto Scaling group created with name: $ASG_NAME" # Get load balancer DNS name LB_DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns "$LB_ARN" --query 'LoadBalancers[0].DNSName' --output text) check_command "Failed to get load balancer DNS name" echo "" echo "===========================================" echo "DEPLOYMENT COMPLETE" echo "===========================================" echo "VPC ID: $VPC_ID" echo "Public Subnet 1: $PUBLIC_SUBNET1_ID (AZ: $AZ1)" echo "Private Subnet 1: $PRIVATE_SUBNET1_ID (AZ: $AZ1)" echo "Public Subnet 2: $PUBLIC_SUBNET2_ID (AZ: $AZ2)" echo "Private Subnet 2: $PRIVATE_SUBNET2_ID (AZ: $AZ2)" echo "NAT Gateway 1: $NAT_GW1_ID" echo "NAT Gateway 2: $NAT_GW2_ID" echo "Load Balancer: $LB_NAME" echo "Auto Scaling Group: $ASG_NAME" echo "" echo "Your application will be available at: http://$LB_DNS_NAME" echo "It may take a few minutes for the instances to launch and pass health checks." echo "" # Add health check monitoring echo "===========================================" echo "MONITORING INSTANCE HEALTH AND LOAD BALANCER" echo "===========================================" echo "Waiting for instances to launch and pass health checks..." echo "This may take 3-5 minutes. Checking every 30 seconds..." # Monitor instance health and load balancer accessibility MAX_ATTEMPTS=10 ATTEMPT=1 HEALTHY_INSTANCES=0 while [ $ATTEMPT -le $MAX_ATTEMPTS ] && [ $HEALTHY_INSTANCES -lt 2 ]; do echo "Check attempt $ATTEMPT of $MAX_ATTEMPTS..." # Check Auto Scaling group instances echo "Checking Auto Scaling group instances..." ASG_INSTANCES=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names "$ASG_NAME" --query 'AutoScalingGroups[0].Instances[*].[InstanceId,HealthStatus]' --output json) echo "ASG Instances status:" echo "$ASG_INSTANCES" | jq -r '.[] | "Instance: \(.[0]), Health: \(.[1])"' # Check target group health echo "Checking target group health..." TARGET_HEALTH=$(aws elbv2 describe-target-health --target-group-arn "$TARGET_GROUP_ARN" --output json) echo "Target health status:" echo "$TARGET_HEALTH" | jq -r '.TargetHealthDescriptions[] | "Instance: \(.Target.Id), State: \(.TargetHealth.State), Reason: \(.TargetHealth.Reason // "N/A"), Description: \(.TargetHealth.Description // "N/A")"' # Count healthy instances HEALTHY_INSTANCES=$(echo "$TARGET_HEALTH" | jq -r '[.TargetHealthDescriptions[] | select(.TargetHealth.State=="healthy")] | length') echo "Number of healthy instances: $HEALTHY_INSTANCES of 2 expected" # Check if we have healthy instances if [ $HEALTHY_INSTANCES -ge 2 ]; then echo "All instances are healthy!" # Test load balancer accessibility echo "Testing load balancer accessibility..." HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "http://$LB_DNS_NAME") if [ "$HTTP_STATUS" = "200" ]; then echo "Load balancer is accessible! HTTP Status: $HTTP_STATUS" echo "You can access your application at: http://$LB_DNS_NAME" # Try to get the content to verify IMDSv2 is working echo "Fetching content to verify IMDSv2 functionality..." CONTENT=$(curl -s "http://$LB_DNS_NAME") echo "Response from server:" echo "$CONTENT" # Check if the content contains the expected pattern if [[ "$CONTENT" == *"Hello from"* && "$CONTENT" == *"in"* ]]; then echo "IMDSv2 is working correctly! The instance was able to access metadata using the token-based approach." else echo "Warning: Content doesn't match expected pattern. IMDSv2 functionality could not be verified." fi break else echo "Load balancer returned HTTP status: $HTTP_STATUS" echo "Will try again in 30 seconds..." fi else echo "Waiting for instances to become healthy..." echo "Will check again in 30 seconds..." fi ATTEMPT=$((ATTEMPT+1)) if [ $ATTEMPT -le $MAX_ATTEMPTS ]; then sleep 30 fi done if [ $HEALTHY_INSTANCES -lt 2 ]; then echo "Warning: Not all instances are healthy after maximum attempts." echo "You may need to wait longer or check for configuration issues." fi echo "To test your application, run:" echo "curl http://$LB_DNS_NAME" echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "$CLEANUP_CHOICE" =~ ^[Yy]$ ]]; then cleanup_resources echo "All resources have been deleted." else echo "Resources will not be deleted. You can manually delete them later." echo "To delete resources, run this script again and choose to clean up." fi ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AllocateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AllocateAddress) + [AssociateRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AssociateRouteTable) + [AttachInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AttachInternetGateway) + [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress) + [CreateInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateInternetGateway) + [CreateLaunchTemplate](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateLaunchTemplate) + [CreateNatGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateNatGateway) + [CreateRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRoute) + [CreateRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRouteTable) + [CreateSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSecurityGroup) + [CreateSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSubnet) + [CreateVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpc) + [CreateVpcEndpoint](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpcEndpoint) + [DeleteAutoScalingGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteAutoScalingGroup) + [DeleteInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteInternetGateway) + [DeleteLaunchTemplate](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteLaunchTemplate) + [DeleteLoadBalancer](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteLoadBalancer) + [DeleteNatGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteNatGateway) + [DeleteRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteRouteTable) + [DeleteSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSecurityGroup) + [DeleteSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSubnet) + [DeleteTargetGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteTargetGroup) + [DeleteVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteVpc) + [DeleteVpcEndpoints](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteVpcEndpoints) + [DescribeAvailabilityZones](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeAvailabilityZones) + [DescribeImages](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeImages) + [DescribePrefixLists](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribePrefixLists) + [DetachInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DetachInternetGateway) + [ReleaseAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ReleaseAddress) ### Conceitos básicos da Amazon VPC O exemplo de código a seguir mostra como: + Configurar a conta. + Criar e configurar uma VPC. + Configurar sua rede. + Configurar a segurança. + Implantar recursos. + Testar e verificar. + Limpar recursos. + Considerar as implicações da produção. + Considerar as implicações de segurança. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/002-vpc-gs). ``` #!/bin/bash # VPC Creation Script # This script creates a VPC with public and private subnets, internet gateway, NAT gateway, and security groups # Set up logging LOG_FILE="vpc_creation.log" exec > >(tee -a "$LOG_FILE") 2>&1 # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created before error:" for resource in "${CREATED_RESOURCES[@]}" do echo "- $resource" done echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to clean up resources cleanup_resources() { echo "Cleaning up resources in reverse order..." # Reverse the array to delete in reverse order of creation for ((i=${#CREATED_RESOURCES[@]}-1; i>=0; i--)) do resource="${CREATED_RESOURCES[$i]}" resource_type=$(echo "$resource" | cut -d':' -f1) resource_id=$(echo "$resource" | cut -d':' -f2) case "$resource_type" in "INSTANCE") echo "Terminating EC2 instance: $resource_id" aws ec2 terminate-instances --instance-ids "$resource_id" || echo "Failed to terminate instance: $resource_id" # Wait for instance to terminate echo "Waiting for instance to terminate..." aws ec2 wait instance-terminated --instance-ids "$resource_id" || echo "Failed to wait for instance termination: $resource_id" ;; "KEY_PAIR") echo "Deleting key pair: $resource_id" aws ec2 delete-key-pair --key-name "$resource_id" || echo "Failed to delete key pair: $resource_id" # Remove the .pem file if it exists if [ -f "${resource_id}.pem" ]; then rm -f "${resource_id}.pem" fi ;; "NAT_GATEWAY") echo "Deleting NAT Gateway: $resource_id" aws ec2 delete-nat-gateway --nat-gateway-id "$resource_id" || echo "Failed to delete NAT Gateway: $resource_id" # NAT Gateway deletion takes time, wait for it to complete echo "Waiting for NAT Gateway to be deleted..." aws ec2 wait nat-gateway-deleted --nat-gateway-ids "$resource_id" || echo "Failed to wait for NAT Gateway deletion: $resource_id" ;; "EIP") echo "Releasing Elastic IP: $resource_id" aws ec2 release-address --allocation-id "$resource_id" || echo "Failed to release Elastic IP: $resource_id" ;; "ROUTE_TABLE_ASSOCIATION") echo "Disassociating Route Table: $resource_id" aws ec2 disassociate-route-table --association-id "$resource_id" || echo "Failed to disassociate Route Table: $resource_id" ;; "ROUTE_TABLE") echo "Deleting Route Table: $resource_id" aws ec2 delete-route-table --route-table-id "$resource_id" || echo "Failed to delete Route Table: $resource_id" ;; "INTERNET_GATEWAY") echo "Detaching Internet Gateway: $resource_id from VPC: $VPC_ID" aws ec2 detach-internet-gateway --internet-gateway-id "$resource_id" --vpc-id "$VPC_ID" || echo "Failed to detach Internet Gateway: $resource_id" echo "Deleting Internet Gateway: $resource_id" aws ec2 delete-internet-gateway --internet-gateway-id "$resource_id" || echo "Failed to delete Internet Gateway: $resource_id" ;; "SECURITY_GROUP") echo "Deleting Security Group: $resource_id" aws ec2 delete-security-group --group-id "$resource_id" || echo "Failed to delete Security Group: $resource_id" ;; "SUBNET") echo "Deleting Subnet: $resource_id" aws ec2 delete-subnet --subnet-id "$resource_id" || echo "Failed to delete Subnet: $resource_id" ;; "VPC") echo "Deleting VPC: $resource_id" aws ec2 delete-vpc --vpc-id "$resource_id" || echo "Failed to delete VPC: $resource_id" ;; esac done } # Initialize array to track created resources CREATED_RESOURCES=() echo "Starting VPC creation script at $(date)" # Verify AWS CLI configuration echo "Verifying AWS CLI configuration..." aws configure list || handle_error "AWS CLI is not properly configured" # Verify identity and permissions echo "Verifying identity and permissions..." if ! aws sts get-caller-identity; then echo "ERROR: Unable to verify AWS identity. This could be due to:" echo " - Expired credentials" echo " - Missing or invalid AWS credentials" echo " - Insufficient permissions" echo "" echo "Please run 'aws configure' to update your credentials or check your IAM permissions." exit 1 fi # Create VPC echo "Creating VPC with CIDR block 10.0.0.0/16..." VPC_ID=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]' --query 'Vpc.VpcId' --output text) if [ -z "$VPC_ID" ]; then handle_error "Failed to create VPC" fi CREATED_RESOURCES+=("VPC:$VPC_ID") echo "VPC created with ID: $VPC_ID" # Enable DNS support and hostnames echo "Enabling DNS support and hostnames for VPC..." aws ec2 modify-vpc-attribute --vpc-id "$VPC_ID" --enable-dns-support || handle_error "Failed to enable DNS support" aws ec2 modify-vpc-attribute --vpc-id "$VPC_ID" --enable-dns-hostnames || handle_error "Failed to enable DNS hostnames" # Get available Availability Zones echo "Getting available Availability Zones..." AZ1=$(aws ec2 describe-availability-zones --query 'AvailabilityZones[0].ZoneName' --output text) AZ2=$(aws ec2 describe-availability-zones --query 'AvailabilityZones[1].ZoneName' --output text) if [ -z "$AZ1" ] || [ -z "$AZ2" ]; then handle_error "Failed to get Availability Zones" fi echo "Using Availability Zones: $AZ1 and $AZ2" # Create public subnets echo "Creating public subnet in $AZ1..." PUBLIC_SUBNET_AZ1=$(aws ec2 create-subnet \ --vpc-id "$VPC_ID" \ --cidr-block 10.0.0.0/24 \ --availability-zone "$AZ1" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ1}]' \ --query 'Subnet.SubnetId' \ --output text) if [ -z "$PUBLIC_SUBNET_AZ1" ]; then handle_error "Failed to create public subnet in AZ1" fi CREATED_RESOURCES+=("SUBNET:$PUBLIC_SUBNET_AZ1") echo "Public subnet created in $AZ1 with ID: $PUBLIC_SUBNET_AZ1" echo "Creating public subnet in $AZ2..." PUBLIC_SUBNET_AZ2=$(aws ec2 create-subnet \ --vpc-id "$VPC_ID" \ --cidr-block 10.0.1.0/24 \ --availability-zone "$AZ2" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ2}]' \ --query 'Subnet.SubnetId' \ --output text) if [ -z "$PUBLIC_SUBNET_AZ2" ]; then handle_error "Failed to create public subnet in AZ2" fi CREATED_RESOURCES+=("SUBNET:$PUBLIC_SUBNET_AZ2") echo "Public subnet created in $AZ2 with ID: $PUBLIC_SUBNET_AZ2" # Create private subnets echo "Creating private subnet in $AZ1..." PRIVATE_SUBNET_AZ1=$(aws ec2 create-subnet \ --vpc-id "$VPC_ID" \ --cidr-block 10.0.2.0/24 \ --availability-zone "$AZ1" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ1}]' \ --query 'Subnet.SubnetId' \ --output text) if [ -z "$PRIVATE_SUBNET_AZ1" ]; then handle_error "Failed to create private subnet in AZ1" fi CREATED_RESOURCES+=("SUBNET:$PRIVATE_SUBNET_AZ1") echo "Private subnet created in $AZ1 with ID: $PRIVATE_SUBNET_AZ1" echo "Creating private subnet in $AZ2..." PRIVATE_SUBNET_AZ2=$(aws ec2 create-subnet \ --vpc-id "$VPC_ID" \ --cidr-block 10.0.3.0/24 \ --availability-zone "$AZ2" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ2}]' \ --query 'Subnet.SubnetId' \ --output text) if [ -z "$PRIVATE_SUBNET_AZ2" ]; then handle_error "Failed to create private subnet in AZ2" fi CREATED_RESOURCES+=("SUBNET:$PRIVATE_SUBNET_AZ2") echo "Private subnet created in $AZ2 with ID: $PRIVATE_SUBNET_AZ2" # Create Internet Gateway echo "Creating Internet Gateway..." IGW_ID=$(aws ec2 create-internet-gateway \ --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=MyIGW}]' \ --query 'InternetGateway.InternetGatewayId' \ --output text) if [ -z "$IGW_ID" ]; then handle_error "Failed to create Internet Gateway" fi CREATED_RESOURCES+=("INTERNET_GATEWAY:$IGW_ID") echo "Internet Gateway created with ID: $IGW_ID" # Attach Internet Gateway to VPC echo "Attaching Internet Gateway to VPC..." aws ec2 attach-internet-gateway --internet-gateway-id "$IGW_ID" --vpc-id "$VPC_ID" || handle_error "Failed to attach Internet Gateway to VPC" # Create public route table echo "Creating public route table..." PUBLIC_RT=$(aws ec2 create-route-table \ --vpc-id "$VPC_ID" \ --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Public-RT}]' \ --query 'RouteTable.RouteTableId' \ --output text) if [ -z "$PUBLIC_RT" ]; then handle_error "Failed to create public route table" fi CREATED_RESOURCES+=("ROUTE_TABLE:$PUBLIC_RT") echo "Public route table created with ID: $PUBLIC_RT" # Add route to Internet Gateway echo "Adding route to Internet Gateway in public route table..." aws ec2 create-route --route-table-id "$PUBLIC_RT" --destination-cidr-block 0.0.0.0/0 --gateway-id "$IGW_ID" || handle_error "Failed to add route to Internet Gateway" # Associate public subnets with public route table echo "Associating public subnet in $AZ1 with public route table..." PUBLIC_RT_ASSOC_1=$(aws ec2 associate-route-table --route-table-id "$PUBLIC_RT" --subnet-id "$PUBLIC_SUBNET_AZ1" --query 'AssociationId' --output text) if [ -z "$PUBLIC_RT_ASSOC_1" ]; then handle_error "Failed to associate public subnet in AZ1 with public route table" fi CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PUBLIC_RT_ASSOC_1") echo "Associating public subnet in $AZ2 with public route table..." PUBLIC_RT_ASSOC_2=$(aws ec2 associate-route-table --route-table-id "$PUBLIC_RT" --subnet-id "$PUBLIC_SUBNET_AZ2" --query 'AssociationId' --output text) if [ -z "$PUBLIC_RT_ASSOC_2" ]; then handle_error "Failed to associate public subnet in AZ2 with public route table" fi CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PUBLIC_RT_ASSOC_2") # Create private route table echo "Creating private route table..." PRIVATE_RT=$(aws ec2 create-route-table \ --vpc-id "$VPC_ID" \ --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Private-RT}]' \ --query 'RouteTable.RouteTableId' \ --output text) if [ -z "$PRIVATE_RT" ]; then handle_error "Failed to create private route table" fi CREATED_RESOURCES+=("ROUTE_TABLE:$PRIVATE_RT") echo "Private route table created with ID: $PRIVATE_RT" # Associate private subnets with private route table echo "Associating private subnet in $AZ1 with private route table..." PRIVATE_RT_ASSOC_1=$(aws ec2 associate-route-table --route-table-id "$PRIVATE_RT" --subnet-id "$PRIVATE_SUBNET_AZ1" --query 'AssociationId' --output text) if [ -z "$PRIVATE_RT_ASSOC_1" ]; then handle_error "Failed to associate private subnet in AZ1 with private route table" fi CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PRIVATE_RT_ASSOC_1") echo "Associating private subnet in $AZ2 with private route table..." PRIVATE_RT_ASSOC_2=$(aws ec2 associate-route-table --route-table-id "$PRIVATE_RT" --subnet-id "$PRIVATE_SUBNET_AZ2" --query 'AssociationId' --output text) if [ -z "$PRIVATE_RT_ASSOC_2" ]; then handle_error "Failed to associate private subnet in AZ2 with private route table" fi CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PRIVATE_RT_ASSOC_2") # Allocate Elastic IP for NAT Gateway echo "Allocating Elastic IP for NAT Gateway..." EIP_ALLOC=$(aws ec2 allocate-address --domain vpc --query 'AllocationId' --output text) if [ -z "$EIP_ALLOC" ]; then handle_error "Failed to allocate Elastic IP" fi CREATED_RESOURCES+=("EIP:$EIP_ALLOC") echo "Elastic IP allocated with ID: $EIP_ALLOC" # Create NAT Gateway echo "Creating NAT Gateway in public subnet in $AZ1..." NAT_GW=$(aws ec2 create-nat-gateway \ --subnet-id "$PUBLIC_SUBNET_AZ1" \ --allocation-id "$EIP_ALLOC" \ --tag-specifications 'ResourceType=natgateway,Tags=[{Key=Name,Value=MyNATGateway}]' \ --query 'NatGateway.NatGatewayId' \ --output text) if [ -z "$NAT_GW" ]; then handle_error "Failed to create NAT Gateway" fi CREATED_RESOURCES+=("NAT_GATEWAY:$NAT_GW") echo "NAT Gateway created with ID: $NAT_GW" # Wait for NAT Gateway to be available echo "Waiting for NAT Gateway to be available..." aws ec2 wait nat-gateway-available --nat-gateway-ids "$NAT_GW" || handle_error "NAT Gateway did not become available" # Add route to NAT Gateway in private route table echo "Adding route to NAT Gateway in private route table..." aws ec2 create-route --route-table-id "$PRIVATE_RT" --destination-cidr-block 0.0.0.0/0 --nat-gateway-id "$NAT_GW" || handle_error "Failed to add route to NAT Gateway" # Enable auto-assign public IP for instances in public subnets echo "Enabling auto-assign public IP for instances in public subnet in $AZ1..." aws ec2 modify-subnet-attribute --subnet-id "$PUBLIC_SUBNET_AZ1" --map-public-ip-on-launch || handle_error "Failed to enable auto-assign public IP for public subnet in AZ1" echo "Enabling auto-assign public IP for instances in public subnet in $AZ2..." aws ec2 modify-subnet-attribute --subnet-id "$PUBLIC_SUBNET_AZ2" --map-public-ip-on-launch || handle_error "Failed to enable auto-assign public IP for public subnet in AZ2" # Create security group for web servers echo "Creating security group for web servers..." WEB_SG=$(aws ec2 create-security-group \ --group-name "WebServerSG-$(date +%s)" \ --description "Security group for web servers" \ --vpc-id "$VPC_ID" \ --query 'GroupId' \ --output text) if [ -z "$WEB_SG" ]; then handle_error "Failed to create security group for web servers" fi CREATED_RESOURCES+=("SECURITY_GROUP:$WEB_SG") echo "Security group for web servers created with ID: $WEB_SG" # Allow HTTP and HTTPS traffic echo "Allowing HTTP traffic to web servers security group..." aws ec2 authorize-security-group-ingress --group-id "$WEB_SG" --protocol tcp --port 80 --cidr 0.0.0.0/0 || handle_error "Failed to allow HTTP traffic" echo "Allowing HTTPS traffic to web servers security group..." aws ec2 authorize-security-group-ingress --group-id "$WEB_SG" --protocol tcp --port 443 --cidr 0.0.0.0/0 || handle_error "Failed to allow HTTPS traffic" # Note: In a production environment, you should restrict the source IP ranges for security echo "NOTE: In a production environment, you should restrict the source IP ranges for HTTP and HTTPS traffic" # Create security group for database servers echo "Creating security group for database servers..." DB_SG=$(aws ec2 create-security-group \ --group-name "DBServerSG-$(date +%s)" \ --description "Security group for database servers" \ --vpc-id "$VPC_ID" \ --query 'GroupId' \ --output text) if [ -z "$DB_SG" ]; then handle_error "Failed to create security group for database servers" fi CREATED_RESOURCES+=("SECURITY_GROUP:$DB_SG") echo "Security group for database servers created with ID: $DB_SG" # Allow MySQL/Aurora traffic from web servers only echo "Allowing MySQL/Aurora traffic from web servers to database servers..." aws ec2 authorize-security-group-ingress --group-id "$DB_SG" --protocol tcp --port 3306 --source-group "$WEB_SG" || handle_error "Failed to allow MySQL/Aurora traffic" # Verify VPC configuration echo "Verifying VPC configuration..." echo "VPC:" aws ec2 describe-vpcs --vpc-id "$VPC_ID" || handle_error "Failed to describe VPC" echo "Subnets:" aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" || handle_error "Failed to describe subnets" echo "Route tables:" aws ec2 describe-route-tables --filters "Name=vpc-id,Values=$VPC_ID" || handle_error "Failed to describe route tables" echo "Internet gateway:" aws ec2 describe-internet-gateways --filters "Name=attachment.vpc-id,Values=$VPC_ID" || handle_error "Failed to describe Internet Gateway" echo "NAT gateway:" aws ec2 describe-nat-gateways --filter "Name=vpc-id,Values=$VPC_ID" || handle_error "Failed to describe NAT Gateway" echo "Security groups:" aws ec2 describe-security-groups --filters "Name=vpc-id,Values=$VPC_ID" || handle_error "Failed to describe security groups" echo "" # Summary of created resources echo "VPC creation completed successfully!" echo "Summary of created resources:" echo "- VPC: $VPC_ID" echo "- Public Subnet in $AZ1: $PUBLIC_SUBNET_AZ1" echo "- Public Subnet in $AZ2: $PUBLIC_SUBNET_AZ2" echo "- Private Subnet in $AZ1: $PRIVATE_SUBNET_AZ1" echo "- Private Subnet in $AZ2: $PRIVATE_SUBNET_AZ2" echo "- Internet Gateway: $IGW_ID" echo "- Public Route Table: $PUBLIC_RT" echo "- Private Route Table: $PRIVATE_RT" echo "- Elastic IP: $EIP_ALLOC" echo "- NAT Gateway: $NAT_GW" echo "- Web Servers Security Group: $WEB_SG" echo "- Database Servers Security Group: $DB_SG" # Deploy EC2 instances echo "" echo "Deploying EC2 instances..." # Create key pair for SSH access KEY_NAME="vpc-tutorial-key-$(date +%s)" echo "Creating key pair $KEY_NAME..." aws ec2 create-key-pair --key-name "$KEY_NAME" --query 'KeyMaterial' --output text > "${KEY_NAME}.pem" || handle_error "Failed to create key pair" chmod 400 "${KEY_NAME}.pem" echo "Key pair saved to ${KEY_NAME}.pem" CREATED_RESOURCES+=("KEY_PAIR:$KEY_NAME") # Get latest Amazon Linux 2 AMI echo "Getting latest Amazon Linux 2 AMI..." AMI_ID=$(aws ec2 describe-images --owners amazon \ --filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" "Name=state,Values=available" \ --query "sort_by(Images, &CreationDate)[-1].ImageId" --output text) || handle_error "Failed to get AMI" echo "Using AMI: $AMI_ID" # Launch web server in public subnet echo "Launching web server in public subnet..." WEB_INSTANCE=$(aws ec2 run-instances \ --image-id "$AMI_ID" \ --count 1 \ --instance-type t2.micro \ --key-name "$KEY_NAME" \ --security-group-ids "$WEB_SG" \ --subnet-id "$PUBLIC_SUBNET_AZ1" \ --associate-public-ip-address \ --user-data '#!/bin/bash yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "

Hello from $(hostname -f) in the public subnet

" > /var/www/html/index.html' \ --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer}]' \ --query 'Instances[0].InstanceId' \ --output text) || handle_error "Failed to launch web server" echo "Web server instance created with ID: $WEB_INSTANCE" CREATED_RESOURCES+=("INSTANCE:$WEB_INSTANCE") # Wait for web server to be running echo "Waiting for web server to be running..." aws ec2 wait instance-running --instance-ids "$WEB_INSTANCE" # Get web server public IP WEB_PUBLIC_IP=$(aws ec2 describe-instances --instance-ids "$WEB_INSTANCE" \ --query 'Reservations[0].Instances[0].PublicIpAddress' --output text) echo "Web server public IP: $WEB_PUBLIC_IP" echo "You can access the web server at: http://$WEB_PUBLIC_IP" # Launch database server in private subnet echo "Launching database server in private subnet..." DB_INSTANCE=$(aws ec2 run-instances \ --image-id "$AMI_ID" \ --count 1 \ --instance-type t2.micro \ --key-name "$KEY_NAME" \ --security-group-ids "$DB_SG" \ --subnet-id "$PRIVATE_SUBNET_AZ1" \ --user-data '#!/bin/bash yum update -y yum install -y mariadb-server systemctl start mariadb systemctl enable mariadb' \ --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=DBServer}]' \ --query 'Instances[0].InstanceId' \ --output text) || handle_error "Failed to launch database server" echo "Database server instance created with ID: $DB_INSTANCE" CREATED_RESOURCES+=("INSTANCE:$DB_INSTANCE") # Wait for database server to be running echo "Waiting for database server to be running..." aws ec2 wait instance-running --instance-ids "$DB_INSTANCE" # Get database server private IP DB_PRIVATE_IP=$(aws ec2 describe-instances --instance-ids "$DB_INSTANCE" \ --query 'Reservations[0].Instances[0].PrivateIpAddress' --output text) echo "Database server private IP: $DB_PRIVATE_IP" echo "EC2 instances deployed successfully!" echo "- Web Server (Public): $WEB_INSTANCE ($WEB_PUBLIC_IP)" echo "- Database Server (Private): $DB_INSTANCE ($DB_PRIVATE_IP)" echo "" echo "Note: To connect to the web server: ssh -i ${KEY_NAME}.pem ec2-user@$WEB_PUBLIC_IP" echo "To connect to the database server, you must first connect to the web server, then use it as a bastion host." echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "$CLEANUP_CHOICE" =~ ^[Yy]$ ]]; then echo "Cleaning up resources..." cleanup_resources echo "All resources have been cleaned up." else echo "Resources will not be cleaned up. You can manually clean them up later." fi echo "Script completed at $(date)" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AllocateAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AllocateAddress) + [AssociateRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AssociateRouteTable) + [AttachInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AttachInternetGateway) + [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress) + [CreateInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateInternetGateway) + [CreateKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateKeyPair) + [CreateNatGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateNatGateway) + [CreateRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRoute) + [CreateRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRouteTable) + [CreateSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSecurityGroup) + [CreateSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSubnet) + [CreateVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpc) + [DeleteInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteInternetGateway) + [DeleteKeyPair](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteKeyPair) + [DeleteNatGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteNatGateway) + [DeleteRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteRouteTable) + [DeleteSecurityGroup](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSecurityGroup) + [DeleteSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteSubnet) + [DeleteVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteVpc) + [DescribeAvailabilityZones](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeAvailabilityZones) + [DescribeImages](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeImages) + [DescribeInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInstances) + [DescribeInternetGateways](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeInternetGateways) + [DescribeNatGateways](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeNatGateways) + [DescribeRouteTables](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeRouteTables) + [DescribeSecurityGroups](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSecurityGroups) + [DescribeSubnets](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSubnets) + [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs) + [DetachInternetGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DetachInternetGateway) + [DisassociateRouteTable](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DisassociateRouteTable) + [ModifySubnetAttribute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ModifySubnetAttribute) + [ModifyVpcAttribute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ModifyVpcAttribute) + [ReleaseAddress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ReleaseAddress) + [RunInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/RunInstances) + [TerminateInstances](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/TerminateInstances) ### Conceitos básico do Transit Gateway O exemplo de código a seguir mostra como: + Criar um gateway de trânsito com suporte a DNS e configurações padrão da tabela de rotas. + Aguardar até que o gateway de trânsito fique disponível. + Conecte dois VPCs ao gateway de trânsito usando sub-redes + Aguardar até que os anexos da VPC estejam disponíveis. + Adicione rotas entre VPCs por meio do gateway de trânsito + Testar a conectividade entre recursos da VPC. + Limpar os recursos, incluindo rotas, anexos e gateway de trânsito. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/012-transitgateway-gettingstarted). ``` #!/bin/bash # Amazon VPC Transit Gateway CLI Script # This script demonstrates how to create a transit gateway and connect two VPCs # Modified to work with older AWS CLI versions that don't support transit gateway wait commands # Error handling set -e LOG_FILE="transit-gateway-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 # Function to wait for transit gateway to be available wait_for_tgw() { local tgw_id=$1 echo "Waiting for Transit Gateway $tgw_id to become available..." while true; do status=$(aws ec2 describe-transit-gateways --transit-gateway-ids "$tgw_id" --query "TransitGateways[0].State" --output text) echo "Current status: $status" if [ "$status" = "available" ]; then echo "Transit Gateway is now available" break fi echo "Waiting for transit gateway to become available. Current state: $status" sleep 10 done } # Function to wait for transit gateway attachment to be available wait_for_tgw_attachment() { local attachment_id=$1 echo "Waiting for Transit Gateway Attachment $attachment_id to become available..." while true; do status=$(aws ec2 describe-transit-gateway-vpc-attachments --transit-gateway-attachment-ids "$attachment_id" --query "TransitGatewayVpcAttachments[0].State" --output text) echo "Current status: $status" if [ "$status" = "available" ]; then echo "Transit Gateway Attachment is now available" break fi echo "Waiting for transit gateway attachment to become available. Current state: $status" sleep 10 done } # Function to wait for transit gateway attachment to be deleted wait_for_tgw_attachment_deleted() { local attachment_id=$1 echo "Waiting for Transit Gateway Attachment $attachment_id to be deleted..." while true; do # Check if the attachment still exists count=$(aws ec2 describe-transit-gateway-vpc-attachments --filters "Name=transit-gateway-attachment-id,Values=$attachment_id" --query "length(TransitGatewayVpcAttachments)" --output text) if [ "$count" = "0" ]; then echo "Transit Gateway Attachment has been deleted" break fi status=$(aws ec2 describe-transit-gateway-vpc-attachments --transit-gateway-attachment-ids "$attachment_id" --query "TransitGatewayVpcAttachments[0].State" --output text 2>/dev/null || echo "deleted") if [ "$status" = "deleted" ]; then echo "Transit Gateway Attachment has been deleted" break fi echo "Waiting for transit gateway attachment to be deleted. Current state: $status" sleep 10 done } # Function to clean up resources cleanup() { echo "Error occurred. Cleaning up resources..." # Delete resources in reverse order if [ ! -z "$TGW_ATTACHMENT_1_ID" ]; then echo "Deleting Transit Gateway VPC Attachment 1: $TGW_ATTACHMENT_1_ID" aws ec2 delete-transit-gateway-vpc-attachment --transit-gateway-attachment-id "$TGW_ATTACHMENT_1_ID" || true wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_1_ID" || true fi if [ ! -z "$TGW_ATTACHMENT_2_ID" ]; then echo "Deleting Transit Gateway VPC Attachment 2: $TGW_ATTACHMENT_2_ID" aws ec2 delete-transit-gateway-vpc-attachment --transit-gateway-attachment-id "$TGW_ATTACHMENT_2_ID" || true wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_2_ID" || true fi if [ ! -z "$TGW_ID" ]; then echo "Deleting Transit Gateway: $TGW_ID" aws ec2 delete-transit-gateway --transit-gateway-id "$TGW_ID" || true fi exit 1 } # Set up trap for error handling trap cleanup ERR echo "=== Amazon VPC Transit Gateway Tutorial ===" echo "This script will create a transit gateway and connect two VPCs" echo "" # Get a valid availability zone dynamically echo "Getting available AZ in current region..." AZ=$(aws ec2 describe-availability-zones --query "AvailabilityZones[0].ZoneName" --output text) echo "Using availability zone: $AZ" # Check if VPCs exist echo "Checking for existing VPCs..." VPC1_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=VPC1" --query "Vpcs[0].VpcId" --output text) VPC2_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=VPC2" --query "Vpcs[0].VpcId" --output text) if [ "$VPC1_ID" == "None" ] || [ -z "$VPC1_ID" ]; then echo "Creating VPC1..." VPC1_ID=$(aws ec2 create-vpc --cidr-block 10.1.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=VPC1}]' --query Vpc.VpcId --output text) echo "Created VPC1: $VPC1_ID" # Create a subnet in VPC1 echo "Creating subnet in VPC1..." SUBNET1_ID=$(aws ec2 create-subnet --vpc-id "$VPC1_ID" --cidr-block 10.1.0.0/24 --availability-zone "$AZ" --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC1-Subnet}]' --query Subnet.SubnetId --output text) echo "Created subnet in VPC1: $SUBNET1_ID" else echo "Using existing VPC1: $VPC1_ID" SUBNET1_ID=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC1_ID" --query "Subnets[0].SubnetId" --output text) if [ "$SUBNET1_ID" == "None" ] || [ -z "$SUBNET1_ID" ]; then echo "Creating subnet in VPC1..." SUBNET1_ID=$(aws ec2 create-subnet --vpc-id "$VPC1_ID" --cidr-block 10.1.0.0/24 --availability-zone "$AZ" --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC1-Subnet}]' --query Subnet.SubnetId --output text) echo "Created subnet in VPC1: $SUBNET1_ID" else echo "Using existing subnet in VPC1: $SUBNET1_ID" fi fi if [ "$VPC2_ID" == "None" ] || [ -z "$VPC2_ID" ]; then echo "Creating VPC2..." VPC2_ID=$(aws ec2 create-vpc --cidr-block 10.2.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=VPC2}]' --query Vpc.VpcId --output text) echo "Created VPC2: $VPC2_ID" # Create a subnet in VPC2 echo "Creating subnet in VPC2..." SUBNET2_ID=$(aws ec2 create-subnet --vpc-id "$VPC2_ID" --cidr-block 10.2.0.0/24 --availability-zone "$AZ" --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC2-Subnet}]' --query Subnet.SubnetId --output text) echo "Created subnet in VPC2: $SUBNET2_ID" else echo "Using existing VPC2: $VPC2_ID" SUBNET2_ID=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC2_ID" --query "Subnets[0].SubnetId" --output text) if [ "$SUBNET2_ID" == "None" ] || [ -z "$SUBNET2_ID" ]; then echo "Creating subnet in VPC2..." SUBNET2_ID=$(aws ec2 create-subnet --vpc-id "$VPC2_ID" --cidr-block 10.2.0.0/24 --availability-zone "$AZ" --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC2-Subnet}]' --query Subnet.SubnetId --output text) echo "Created subnet in VPC2: $SUBNET2_ID" else echo "Using existing subnet in VPC2: $SUBNET2_ID" fi fi # Get route tables for each VPC RTB1_ID=$(aws ec2 describe-route-tables --filters "Name=vpc-id,Values=$VPC1_ID" --query "RouteTables[0].RouteTableId" --output text) RTB2_ID=$(aws ec2 describe-route-tables --filters "Name=vpc-id,Values=$VPC2_ID" --query "RouteTables[0].RouteTableId" --output text) echo "Route table for VPC1: $RTB1_ID" echo "Route table for VPC2: $RTB2_ID" # Step 1: Create the transit gateway echo "Creating Transit Gateway..." TGW_ID=$(aws ec2 create-transit-gateway \ --description "My Transit Gateway" \ --options AmazonSideAsn=64512,AutoAcceptSharedAttachments=disable,DefaultRouteTableAssociation=enable,DefaultRouteTablePropagation=enable,VpnEcmpSupport=enable,DnsSupport=enable,MulticastSupport=disable \ --tag-specifications 'ResourceType=transit-gateway,Tags=[{Key=Name,Value=MyTransitGateway}]' \ --query TransitGateway.TransitGatewayId \ --output text) echo "Created Transit Gateway: $TGW_ID" # Wait for the transit gateway to become available wait_for_tgw "$TGW_ID" # Step 2: Attach VPCs to the transit gateway echo "Attaching VPC1 to Transit Gateway..." TGW_ATTACHMENT_1_ID=$(aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id "$TGW_ID" \ --vpc-id "$VPC1_ID" \ --subnet-ids "$SUBNET1_ID" \ --tag-specifications 'ResourceType=transit-gateway-attachment,Tags=[{Key=Name,Value=VPC1-Attachment}]' \ --query TransitGatewayVpcAttachment.TransitGatewayAttachmentId \ --output text) echo "Created Transit Gateway VPC Attachment for VPC1: $TGW_ATTACHMENT_1_ID" echo "Attaching VPC2 to Transit Gateway..." TGW_ATTACHMENT_2_ID=$(aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id "$TGW_ID" \ --vpc-id "$VPC2_ID" \ --subnet-ids "$SUBNET2_ID" \ --tag-specifications 'ResourceType=transit-gateway-attachment,Tags=[{Key=Name,Value=VPC2-Attachment}]' \ --query TransitGatewayVpcAttachment.TransitGatewayAttachmentId \ --output text) echo "Created Transit Gateway VPC Attachment for VPC2: $TGW_ATTACHMENT_2_ID" # Wait for the attachments to become available wait_for_tgw_attachment "$TGW_ATTACHMENT_1_ID" wait_for_tgw_attachment "$TGW_ATTACHMENT_2_ID" # Step 3: Add routes between the transit gateway and VPCs echo "Adding route from VPC1 to VPC2 via Transit Gateway..." aws ec2 create-route \ --route-table-id "$RTB1_ID" \ --destination-cidr-block 10.2.0.0/16 \ --transit-gateway-id "$TGW_ID" echo "Adding route from VPC2 to VPC1 via Transit Gateway..." aws ec2 create-route \ --route-table-id "$RTB2_ID" \ --destination-cidr-block 10.1.0.0/16 \ --transit-gateway-id "$TGW_ID" echo "Routes added successfully" # Step 4: Display information for testing echo "" echo "=== Transit Gateway Setup Complete ===" echo "Transit Gateway ID: $TGW_ID" echo "VPC1 ID: $VPC1_ID" echo "VPC2 ID: $VPC2_ID" echo "" echo "To test connectivity:" echo "1. Launch an EC2 instance in each VPC" echo "2. Configure security groups to allow ICMP traffic" echo "3. Connect to one instance and ping the other instance's private IP" echo "" # Prompt user before cleanup read -p "Press Enter to view created resources, or Ctrl+C to exit without cleanup..." echo "" echo "=== Resources Created ===" echo "Transit Gateway: $TGW_ID" echo "VPC1: $VPC1_ID" echo "VPC2: $VPC2_ID" echo "Subnet in VPC1: $SUBNET1_ID" echo "Subnet in VPC2: $SUBNET2_ID" echo "Transit Gateway Attachment for VPC1: $TGW_ATTACHMENT_1_ID" echo "Transit Gateway Attachment for VPC2: $TGW_ATTACHMENT_2_ID" echo "" read -p "Do you want to clean up these resources? (y/n): " CLEANUP_CONFIRM if [[ $CLEANUP_CONFIRM == "y" || $CLEANUP_CONFIRM == "Y" ]]; then echo "Starting cleanup..." # Delete routes echo "Deleting routes..." aws ec2 delete-route --route-table-id "$RTB1_ID" --destination-cidr-block 10.2.0.0/16 aws ec2 delete-route --route-table-id "$RTB2_ID" --destination-cidr-block 10.1.0.0/16 # Delete transit gateway attachments echo "Deleting Transit Gateway VPC Attachment for VPC1: $TGW_ATTACHMENT_1_ID" aws ec2 delete-transit-gateway-vpc-attachment --transit-gateway-attachment-id "$TGW_ATTACHMENT_1_ID" echo "Deleting Transit Gateway VPC Attachment for VPC2: $TGW_ATTACHMENT_2_ID" aws ec2 delete-transit-gateway-vpc-attachment --transit-gateway-attachment-id "$TGW_ATTACHMENT_2_ID" # Wait for attachments to be deleted wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_1_ID" wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_2_ID" # Delete transit gateway echo "Deleting Transit Gateway: $TGW_ID" aws ec2 delete-transit-gateway --transit-gateway-id "$TGW_ID" echo "Cleanup completed successfully" else echo "Skipping cleanup. Resources will continue to incur charges until manually deleted." fi echo "Tutorial completed. See $LOG_FILE for detailed logs." ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRoute) + [CreateSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSubnet) + [CreateTransitGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateTransitGateway) + [CreateTransitGatewayVpcAttachment](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateTransitGatewayVpcAttachment) + [CreateVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpc) + [DeleteRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteRoute) + [DeleteTransitGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteTransitGateway) + [DeleteTransitGatewayVpcAttachment](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteTransitGatewayVpcAttachment) + [DescribeAvailabilityZones](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeAvailabilityZones) + [DescribeRouteTables](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeRouteTables) + [DescribeSubnets](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSubnets) + [DescribeTransitGatewayAttachments](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGatewayAttachments) + [DescribeTransitGatewayVpcAttachments](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGatewayVpcAttachments) + [DescribeTransitGateways](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGateways) + [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs) ### Conceitos básicos do IPAM da VPC O exemplo de código a seguir mostra como: + Definir e configurar o Gerenciador de endereços IP (IPAM) da Amazon VPC usando a CLI. + Criar um IPAM com regiões de operação (p. ex., us-east-1 e us-west-2). + Recuperar o ID do escopo privado do IPAM. + Crie uma estrutura hierárquica de IPv4 grupos (grupos de nível superior, regionais e de desenvolvimento). + Provisionar blocos CIDR para cada grupo (p. ex., 10.0.0.0/8, 10.0.0.0/16 e 10.0.0.0/24). + Criar uma VPC usando um CIDR alocado em um grupo do IPAM. + Verificar as alocações do grupo do IPAM e a criação da VPC. + Solucionar problemas comuns, como erros de permissão, falhas na alocação de CIDR e violações de dependências. + Limpe os recursos do IPAM (VPC CIDRs, pools e IPAM) para evitar cobranças desnecessárias. + Explorar as próximas etapas para recursos avançados do IPAM. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/009-vpc-ipam-gs). ``` #!/bin/bash # IPAM Getting Started CLI Script - Version 7 # This script creates an IPAM, creates a hierarchy of IP address pools, and allocates a CIDR to a VPC # Fixed to correctly identify the private scope ID, wait for resources to be available, add locale to development pool, # use the correct parameter names for VPC creation, and wait for CIDR provisioning to complete # Set up logging LOG_FILE="ipam_script.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting IPAM setup script at $(date)" echo "All commands and outputs will be logged to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to clean up resources cleanup_resources() { echo "" echo "===========================================" echo "RESOURCES CREATED:" echo "===========================================" if [ -n "$VPC_ID" ]; then echo "VPC: $VPC_ID" fi if [ -n "$DEV_POOL_ID" ]; then echo "Development Pool: $DEV_POOL_ID" fi if [ -n "$REGIONAL_POOL_ID" ]; then echo "Regional Pool: $REGIONAL_POOL_ID" fi if [ -n "$TOP_POOL_ID" ]; then echo "Top-level Pool: $TOP_POOL_ID" fi if [ -n "$IPAM_ID" ]; then echo "IPAM: $IPAM_ID" fi echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "$CLEANUP_CHOICE" =~ ^[Yy]$ ]]; then echo "Starting cleanup..." # Delete resources in reverse order of creation to handle dependencies if [ -n "$VPC_ID" ]; then echo "Deleting VPC: $VPC_ID" aws ec2 delete-vpc --vpc-id "$VPC_ID" || echo "Failed to delete VPC" echo "Waiting for VPC to be deleted..." sleep 10 fi if [ -n "$DEV_POOL_ID" ]; then echo "Deleting Development Pool: $DEV_POOL_ID" # First deprovision any CIDRs from the pool CIDRS=$(aws ec2 get-ipam-pool-cidrs --ipam-pool-id "$DEV_POOL_ID" --query 'IpamPoolCidrs[].Cidr' --output text) for CIDR in $CIDRS; do echo "Deprovisioning CIDR $CIDR from Development Pool" aws ec2 deprovision-ipam-pool-cidr --ipam-pool-id "$DEV_POOL_ID" --cidr "$CIDR" || echo "Failed to deprovision CIDR $CIDR" sleep 5 done aws ec2 delete-ipam-pool --ipam-pool-id "$DEV_POOL_ID" || echo "Failed to delete Development Pool" echo "Waiting for Development Pool to be deleted..." sleep 10 fi if [ -n "$REGIONAL_POOL_ID" ]; then echo "Deleting Regional Pool: $REGIONAL_POOL_ID" # First deprovision any CIDRs from the pool CIDRS=$(aws ec2 get-ipam-pool-cidrs --ipam-pool-id "$REGIONAL_POOL_ID" --query 'IpamPoolCidrs[].Cidr' --output text) for CIDR in $CIDRS; do echo "Deprovisioning CIDR $CIDR from Regional Pool" aws ec2 deprovision-ipam-pool-cidr --ipam-pool-id "$REGIONAL_POOL_ID" --cidr "$CIDR" || echo "Failed to deprovision CIDR $CIDR" sleep 5 done aws ec2 delete-ipam-pool --ipam-pool-id "$REGIONAL_POOL_ID" || echo "Failed to delete Regional Pool" echo "Waiting for Regional Pool to be deleted..." sleep 10 fi if [ -n "$TOP_POOL_ID" ]; then echo "Deleting Top-level Pool: $TOP_POOL_ID" # First deprovision any CIDRs from the pool CIDRS=$(aws ec2 get-ipam-pool-cidrs --ipam-pool-id "$TOP_POOL_ID" --query 'IpamPoolCidrs[].Cidr' --output text) for CIDR in $CIDRS; do echo "Deprovisioning CIDR $CIDR from Top-level Pool" aws ec2 deprovision-ipam-pool-cidr --ipam-pool-id "$TOP_POOL_ID" --cidr "$CIDR" || echo "Failed to deprovision CIDR $CIDR" sleep 5 done aws ec2 delete-ipam-pool --ipam-pool-id "$TOP_POOL_ID" || echo "Failed to delete Top-level Pool" echo "Waiting for Top-level Pool to be deleted..." sleep 10 fi if [ -n "$IPAM_ID" ]; then echo "Deleting IPAM: $IPAM_ID" aws ec2 delete-ipam --ipam-id "$IPAM_ID" || echo "Failed to delete IPAM" fi echo "Cleanup completed." else echo "Cleanup skipped. Resources will remain in your account." fi } # Function to wait for a pool to be in the 'create-complete' state wait_for_pool() { local pool_id=$1 local max_attempts=30 local attempt=1 local state="" echo "Waiting for pool $pool_id to be available..." while [ $attempt -le $max_attempts ]; do state=$(aws ec2 describe-ipam-pools --ipam-pool-ids "$pool_id" --query 'IpamPools[0].State' --output text) if [ "$state" = "create-complete" ]; then echo "Pool $pool_id is now available (state: $state)" return 0 fi echo "Attempt $attempt/$max_attempts: Pool $pool_id is in state: $state. Waiting..." sleep 10 ((attempt++)) done echo "Timed out waiting for pool $pool_id to be available" return 1 } # Function to wait for a CIDR to be fully provisioned wait_for_cidr_provisioning() { local pool_id=$1 local cidr=$2 local max_attempts=30 local attempt=1 local state="" echo "Waiting for CIDR $cidr to be fully provisioned in pool $pool_id..." while [ $attempt -le $max_attempts ]; do state=$(aws ec2 get-ipam-pool-cidrs --ipam-pool-id "$pool_id" --query "IpamPoolCidrs[?Cidr=='$cidr'].State" --output text) if [ "$state" = "provisioned" ]; then echo "CIDR $cidr is now fully provisioned (state: $state)" return 0 fi echo "Attempt $attempt/$max_attempts: CIDR $cidr is in state: $state. Waiting..." sleep 10 ((attempt++)) done echo "Timed out waiting for CIDR $cidr to be provisioned" return 1 } # Step 1: Create an IPAM echo "Creating IPAM..." IPAM_RESULT=$(aws ec2 create-ipam \ --description "My IPAM" \ --operating-regions RegionName=us-east-1 RegionName=us-west-2) if [ $? -ne 0 ]; then handle_error "Failed to create IPAM" fi IPAM_ID=$(echo "$IPAM_RESULT" | grep -o '"IpamId": "[^"]*' | cut -d'"' -f4) echo "IPAM created with ID: $IPAM_ID" # Wait for IPAM to be created and available echo "Waiting for IPAM to be available..." sleep 20 # Step 2: Get the IPAM Scope ID - FIXED to correctly identify the private scope echo "Getting IPAM Scope ID..." SCOPE_RESULT=$(aws ec2 describe-ipams --ipam-id "$IPAM_ID") if [ $? -ne 0 ]; then handle_error "Failed to get IPAM details" fi # Extract the private scope ID directly from the IPAM details PRIVATE_SCOPE_ID=$(echo "$SCOPE_RESULT" | grep -o '"PrivateDefaultScopeId": "[^"]*' | cut -d'"' -f4) echo "Private Scope ID: $PRIVATE_SCOPE_ID" if [ -z "$PRIVATE_SCOPE_ID" ]; then handle_error "Failed to get Private Scope ID" fi # Step 3: Create a Top-Level IPv4 Pool echo "Creating Top-level IPv4 Pool..." TOP_POOL_RESULT=$(aws ec2 create-ipam-pool \ --ipam-scope-id "$PRIVATE_SCOPE_ID" \ --address-family ipv4 \ --description "Top-level pool") if [ $? -ne 0 ]; then handle_error "Failed to create Top-level Pool" fi TOP_POOL_ID=$(echo "$TOP_POOL_RESULT" | grep -o '"IpamPoolId": "[^"]*' | cut -d'"' -f4) echo "Top-level Pool created with ID: $TOP_POOL_ID" # Wait for the top-level pool to be available if ! wait_for_pool "$TOP_POOL_ID"; then handle_error "Top-level Pool did not become available in time" fi # Provision CIDR to the top-level pool echo "Provisioning CIDR to Top-level Pool..." TOP_POOL_CIDR="10.0.0.0/8" PROVISION_RESULT=$(aws ec2 provision-ipam-pool-cidr \ --ipam-pool-id "$TOP_POOL_ID" \ --cidr "$TOP_POOL_CIDR") if [ $? -ne 0 ]; then handle_error "Failed to provision CIDR to Top-level Pool" fi echo "$PROVISION_RESULT" # Wait for the CIDR to be fully provisioned if ! wait_for_cidr_provisioning "$TOP_POOL_ID" "$TOP_POOL_CIDR"; then handle_error "CIDR provisioning to Top-level Pool did not complete in time" fi # Step 4: Create a Regional IPv4 Pool echo "Creating Regional IPv4 Pool..." REGIONAL_POOL_RESULT=$(aws ec2 create-ipam-pool \ --ipam-scope-id "$PRIVATE_SCOPE_ID" \ --source-ipam-pool-id "$TOP_POOL_ID" \ --locale us-east-1 \ --address-family ipv4 \ --description "Regional pool in us-east-1") if [ $? -ne 0 ]; then handle_error "Failed to create Regional Pool" fi REGIONAL_POOL_ID=$(echo "$REGIONAL_POOL_RESULT" | grep -o '"IpamPoolId": "[^"]*' | cut -d'"' -f4) echo "Regional Pool created with ID: $REGIONAL_POOL_ID" # Wait for the regional pool to be available if ! wait_for_pool "$REGIONAL_POOL_ID"; then handle_error "Regional Pool did not become available in time" fi # Provision CIDR to the regional pool echo "Provisioning CIDR to Regional Pool..." REGIONAL_POOL_CIDR="10.0.0.0/16" PROVISION_RESULT=$(aws ec2 provision-ipam-pool-cidr \ --ipam-pool-id "$REGIONAL_POOL_ID" \ --cidr "$REGIONAL_POOL_CIDR") if [ $? -ne 0 ]; then handle_error "Failed to provision CIDR to Regional Pool" fi echo "$PROVISION_RESULT" # Wait for the CIDR to be fully provisioned if ! wait_for_cidr_provisioning "$REGIONAL_POOL_ID" "$REGIONAL_POOL_CIDR"; then handle_error "CIDR provisioning to Regional Pool did not complete in time" fi # Step 5: Create a Development IPv4 Pool - FIXED to include locale echo "Creating Development IPv4 Pool..." DEV_POOL_RESULT=$(aws ec2 create-ipam-pool \ --ipam-scope-id "$PRIVATE_SCOPE_ID" \ --source-ipam-pool-id "$REGIONAL_POOL_ID" \ --locale us-east-1 \ --address-family ipv4 \ --description "Development pool") if [ $? -ne 0 ]; then handle_error "Failed to create Development Pool" fi DEV_POOL_ID=$(echo "$DEV_POOL_RESULT" | grep -o '"IpamPoolId": "[^"]*' | cut -d'"' -f4) echo "Development Pool created with ID: $DEV_POOL_ID" # Wait for the development pool to be available if ! wait_for_pool "$DEV_POOL_ID"; then handle_error "Development Pool did not become available in time" fi # Provision CIDR to the development pool echo "Provisioning CIDR to Development Pool..." DEV_POOL_CIDR="10.0.0.0/24" PROVISION_RESULT=$(aws ec2 provision-ipam-pool-cidr \ --ipam-pool-id "$DEV_POOL_ID" \ --cidr "$DEV_POOL_CIDR") if [ $? -ne 0 ]; then handle_error "Failed to provision CIDR to Development Pool" fi echo "$PROVISION_RESULT" # Wait for the CIDR to be fully provisioned if ! wait_for_cidr_provisioning "$DEV_POOL_ID" "$DEV_POOL_CIDR"; then handle_error "CIDR provisioning to Development Pool did not complete in time" fi # Step 6: Create a VPC Using an IPAM Pool CIDR - FIXED to use the correct parameter names and a smaller netmask length echo "Creating VPC using IPAM Pool CIDR..." VPC_RESULT=$(aws ec2 create-vpc \ --ipv4-ipam-pool-id "$DEV_POOL_ID" \ --ipv4-netmask-length 26 \ --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=IPAM-VPC}]') if [ $? -ne 0 ]; then handle_error "Failed to create VPC" fi VPC_ID=$(echo "$VPC_RESULT" | grep -o '"VpcId": "[^"]*' | cut -d'"' -f4) echo "VPC created with ID: $VPC_ID" # Step 7: Verify the IPAM Pool Allocation echo "Verifying IPAM Pool Allocation..." ALLOCATION_RESULT=$(aws ec2 get-ipam-pool-allocations \ --ipam-pool-id "$DEV_POOL_ID") if [ $? -ne 0 ]; then handle_error "Failed to verify IPAM Pool Allocation" fi echo "IPAM Pool Allocation verified:" echo "$ALLOCATION_RESULT" | grep -A 5 "Allocations" echo "" echo "IPAM setup completed successfully!" echo "" # Prompt for cleanup cleanup_resources echo "Script completed at $(date)" exit 0 ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateIpam](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateIpam) + [CreateIpamPool](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateIpamPool) + [CreateVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpc) + [DeleteIpam](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteIpam) + [DeleteIpamPool](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteIpamPool) + [DeleteVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteVpc) + [DeprovisionIpamPoolCidr](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeprovisionIpamPoolCidr) + [DescribeIpamPools](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeIpamPools) + [DescribeIpams](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeIpams) + [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs) + [GetIpamPoolAllocations](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/GetIpamPoolAllocations) + [GetIpamPoolCidrs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/GetIpamPoolCidrs) + [ProvisionIpamPoolCidr](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/ProvisionIpamPoolCidr) # HealthImaging exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with HealthImaging. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Ações](#actions) ## Ações ### `CreateDatastore` O código de exemplo a seguir mostra como usar `CreateDatastore`. **AWS CLI com script Bash** ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function imaging_create_datastore # # This function creates an AWS HealthImaging data store for importing DICOM P10 files. # # Parameters: # -n data_store_name - The name of the data store. # # Returns: # The datastore ID. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function imaging_create_datastore() { local datastore_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function imaging_create_datastore" echo "Creates an AWS HealthImaging data store for importing DICOM P10 files." echo " -n data_store_name - The name of the data store." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) datastore_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$datastore_name" ]]; then errecho "ERROR: You must provide a data store name with the -n parameter." usage return 1 fi response=$(aws medical-imaging create-datastore \ --datastore-name "$datastore_name" \ --output text \ --query 'datastoreId') local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports medical-imaging create-datastore operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [CreateDatastore](https://docs.aws.amazon.com/goto/aws-cli/medical-imaging-2023-07-19/CreateDatastore)em *Referência de AWS CLI Comandos*. Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/medical-imaging#code-examples). ### `DeleteDatastore` O código de exemplo a seguir mostra como usar `DeleteDatastore`. **AWS CLI com script Bash** ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function imaging_delete_datastore # # This function deletes an AWS HealthImaging data store. # # Parameters: # -i datastore_id - The ID of the data store. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function imaging_delete_datastore() { local datastore_id response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function imaging_delete_datastore" echo "Deletes an AWS HealthImaging data store." echo " -i datastore_id - The ID of the data store." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) datastore_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$datastore_id" ]]; then errecho "ERROR: You must provide a data store ID with the -i parameter." usage return 1 fi response=$(aws medical-imaging delete-datastore \ --datastore-id "$datastore_id") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports medical-imaging delete-datastore operation failed.$response" return 1 fi return 0 } ``` + Para obter detalhes da API, consulte [DeleteDatastore](https://docs.aws.amazon.com/goto/aws-cli/medical-imaging-2023-07-19/DeleteDatastore)em *Referência de AWS CLI Comandos*. Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/medical-imaging#code-examples). ### `GetDatastore` O código de exemplo a seguir mostra como usar `GetDatastore`. **AWS CLI com script Bash** ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function imaging_get_datastore # # Get a data store's properties. # # Parameters: # -i data_store_id - The ID of the data store. # # Returns: # [datastore_name, datastore_id, datastore_status, datastore_arn, created_at, updated_at] # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function imaging_get_datastore() { local datastore_id option OPTARG # Required to use getopts command in a function. local error_code # bashsupport disable=BP5008 function usage() { echo "function imaging_get_datastore" echo "Gets a data store's properties." echo " -i datastore_id - The ID of the data store." echo "" } # Retrieve the calling parameters. while getopts "i:h" option; do case "${option}" in i) datastore_id="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$datastore_id" ]]; then errecho "ERROR: You must provide a data store ID with the -i parameter." usage return 1 fi local response response=$( aws medical-imaging get-datastore \ --datastore-id "$datastore_id" \ --output text \ --query "[ datastoreProperties.datastoreName, datastoreProperties.datastoreId, datastoreProperties.datastoreStatus, datastoreProperties.datastoreArn, datastoreProperties.createdAt, datastoreProperties.updatedAt]" ) error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports list-datastores operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [GetDatastore](https://docs.aws.amazon.com/goto/aws-cli/medical-imaging-2023-07-19/GetDatastore)em *Referência de AWS CLI Comandos*. Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/medical-imaging#code-examples). ### `ListDatastores` O código de exemplo a seguir mostra como usar `ListDatastores`. **AWS CLI com script Bash** ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function imaging_list_datastores # # List the HealthImaging data stores in the account. # # Returns: # [[datastore_name, datastore_id, datastore_status]] # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function imaging_list_datastores() { local option OPTARG # Required to use getopts command in a function. local error_code # bashsupport disable=BP5008 function usage() { echo "function imaging_list_datastores" echo "Lists the AWS HealthImaging data stores in the account." echo "" } # Retrieve the calling parameters. while getopts "h" option; do case "${option}" in h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local response response=$(aws medical-imaging list-datastores \ --output text \ --query "datastoreSummaries[*][datastoreName, datastoreId, datastoreStatus]") error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports list-datastores operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [ListDatastores](https://docs.aws.amazon.com/goto/aws-cli/medical-imaging-2023-07-19/ListDatastores)em *Referência de AWS CLI Comandos*. Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/medical-imaging#code-examples). # Exemplos de IAM usando AWS CLI o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash com IAM. As *noções básicas* são exemplos de código que mostram como realizar as operações essenciais em um serviço. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Conceitos básicos](#basics) + [Ações](#actions) + [Cenários](#scenarios) ## Conceitos básicos ### Conheça os conceitos básicos O exemplo de código a seguir mostra como criar um usuário e assumir um perfil. **Atenção** Para evitar riscos de segurança, não use usuários do IAM para autenticação ao desenvolver software com propósito específico ou trabalhar com dados reais. Em vez disso, use federação com um provedor de identidade, como [Centro de Identidade do AWS IAM](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). + Crie um usuário sem permissões. + Crie uma função que conceda permissão para listar os buckets do Amazon S3 para a conta. + Adicione uma política para permitir que o usuário assuma a função. + Assuma o perfil e liste buckets do S3 usando credenciais temporárias, depois limpe os recursos. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iam_create_user_assume_role # # Scenario to create an IAM user, create an IAM role, and apply the role to the user. # # "IAM access" permissions are needed to run this code. # "STS assume role" permissions are needed to run this code. (Note: It might be necessary to # create a custom policy). # # Returns: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function iam_create_user_assume_role() { { if [ "$IAM_OPERATIONS_SOURCED" != "True" ]; then source ./iam_operations.sh fi } echo_repeat "*" 88 echo "Welcome to the IAM create user and assume role demo." echo echo "This demo will create an IAM user, create an IAM role, and apply the role to the user." echo_repeat "*" 88 echo echo -n "Enter a name for a new IAM user: " get_input user_name=$get_input_result local user_arn user_arn=$(iam_create_user -u "$user_name") # shellcheck disable=SC2181 if [[ ${?} == 0 ]]; then echo "Created demo IAM user named $user_name" else errecho "$user_arn" errecho "The user failed to create. This demo will exit." return 1 fi local access_key_response access_key_response=$(iam_create_user_access_key -u "$user_name") # shellcheck disable=SC2181 if [[ ${?} != 0 ]]; then errecho "The access key failed to create. This demo will exit." clean_up "$user_name" return 1 fi IFS=$'\t ' read -r -a access_key_values <<<"$access_key_response" local key_name=${access_key_values[0]} local key_secret=${access_key_values[1]} echo "Created access key named $key_name" echo "Wait 10 seconds for the user to be ready." sleep 10 echo_repeat "*" 88 echo local iam_role_name iam_role_name=$(generate_random_name "test-role") echo "Creating a role named $iam_role_name with user $user_name as the principal." local assume_role_policy_document="{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Principal\": {\"AWS\": \"$user_arn\"}, \"Action\": \"sts:AssumeRole\" }] }" local role_arn role_arn=$(iam_create_role -n "$iam_role_name" -p "$assume_role_policy_document") # shellcheck disable=SC2181 if [ ${?} == 0 ]; then echo "Created IAM role named $iam_role_name" else errecho "The role failed to create. This demo will exit." clean_up "$user_name" "$key_name" return 1 fi local policy_name policy_name=$(generate_random_name "test-policy") local policy_document="{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Action\": \"s3:ListAllMyBuckets\", \"Resource\": \"arn:aws:s3:::*\"}]}" local policy_arn policy_arn=$(iam_create_policy -n "$policy_name" -p "$policy_document") # shellcheck disable=SC2181 if [[ ${?} == 0 ]]; then echo "Created IAM policy named $policy_name" else errecho "The policy failed to create." clean_up "$user_name" "$key_name" "$iam_role_name" return 1 fi if (iam_attach_role_policy -n "$iam_role_name" -p "$policy_arn"); then echo "Attached policy $policy_arn to role $iam_role_name" else errecho "The policy failed to attach." clean_up "$user_name" "$key_name" "$iam_role_name" "$policy_arn" return 1 fi local assume_role_policy_document="{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Action\": \"sts:AssumeRole\", \"Resource\": \"$role_arn\"}]}" local assume_role_policy_name assume_role_policy_name=$(generate_random_name "test-assume-role-") # shellcheck disable=SC2181 local assume_role_policy_arn assume_role_policy_arn=$(iam_create_policy -n "$assume_role_policy_name" -p "$assume_role_policy_document") # shellcheck disable=SC2181 if [ ${?} == 0 ]; then echo "Created IAM policy named $assume_role_policy_name for sts assume role" else errecho "The policy failed to create." clean_up "$user_name" "$key_name" "$iam_role_name" "$policy_arn" "$policy_arn" return 1 fi echo "Wait 10 seconds to give AWS time to propagate these new resources and connections." sleep 10 echo_repeat "*" 88 echo echo "Try to list buckets without the new user assuming the role." echo_repeat "*" 88 echo # Set the environment variables for the created user. # bashsupport disable=BP2001 export AWS_ACCESS_KEY_ID=$key_name # bashsupport disable=BP2001 export AWS_SECRET_ACCESS_KEY=$key_secret local buckets buckets=$(s3_list_buckets) # shellcheck disable=SC2181 if [ ${?} == 0 ]; then local bucket_count bucket_count=$(echo "$buckets" | wc -w | xargs) echo "There are $bucket_count buckets in the account. This should not have happened." else errecho "Because the role with permissions has not been assumed, listing buckets failed." fi echo echo_repeat "*" 88 echo "Now assume the role $iam_role_name and list the buckets." echo_repeat "*" 88 echo local credentials credentials=$(sts_assume_role -r "$role_arn" -n "AssumeRoleDemoSession") # shellcheck disable=SC2181 if [ ${?} == 0 ]; then echo "Assumed role $iam_role_name" else errecho "Failed to assume role." export AWS_ACCESS_KEY_ID="" export AWS_SECRET_ACCESS_KEY="" clean_up "$user_name" "$key_name" "$iam_role_name" "$policy_arn" "$policy_arn" "$assume_role_policy_arn" return 1 fi IFS=$'\t ' read -r -a credentials <<<"$credentials" export AWS_ACCESS_KEY_ID=${credentials[0]} export AWS_SECRET_ACCESS_KEY=${credentials[1]} # bashsupport disable=BP2001 export AWS_SESSION_TOKEN=${credentials[2]} buckets=$(s3_list_buckets) # shellcheck disable=SC2181 if [ ${?} == 0 ]; then local bucket_count bucket_count=$(echo "$buckets" | wc -w | xargs) echo "There are $bucket_count buckets in the account. Listing buckets succeeded because of " echo "the assumed role." else errecho "Failed to list buckets. This should not happen." export AWS_ACCESS_KEY_ID="" export AWS_SECRET_ACCESS_KEY="" export AWS_SESSION_TOKEN="" clean_up "$user_name" "$key_name" "$iam_role_name" "$policy_arn" "$policy_arn" "$assume_role_policy_arn" return 1 fi local result=0 export AWS_ACCESS_KEY_ID="" export AWS_SECRET_ACCESS_KEY="" echo echo_repeat "*" 88 echo "The created resources will now be deleted." echo_repeat "*" 88 echo clean_up "$user_name" "$key_name" "$iam_role_name" "$policy_arn" "$policy_arn" "$assume_role_policy_arn" # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then result=1 fi return $result } ``` As funções do IAM usadas neste cenário. ``` ############################################################################### # function iam_user_exists # # This function checks to see if the specified AWS Identity and Access Management (IAM) user already exists. # # Parameters: # $1 - The name of the IAM user to check. # # Returns: # 0 - If the user already exists. # 1 - If the user doesn't exist. ############################################################################### function iam_user_exists() { local user_name user_name=$1 # Check whether the IAM user already exists. # We suppress all output - we're interested only in the return code. local errors errors=$(aws iam get-user \ --user-name "$user_name" 2>&1 >/dev/null) local error_code=${?} if [[ $error_code -eq 0 ]]; then return 0 # 0 in Bash script means true. else if [[ $errors != *"error"*"(NoSuchEntity)"* ]]; then aws_cli_error_log $error_code errecho "Error calling iam get-user $errors" fi return 1 # 1 in Bash script means false. fi } ############################################################################### # function iam_create_user # # This function creates the specified IAM user, unless # it already exists. # # Parameters: # -u user_name -- The name of the user to create. # # Returns: # The ARN of the user. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_user() { local user_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user" echo "Creates an AWS Identity and Access Management (IAM) user. You must supply a username:" echo " -u user_name The name of the user. It must be unique within the account." echo "" } # Retrieve the calling parameters. while getopts "u:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi iecho "Parameters:\n" iecho " User name: $user_name" iecho "" # If the user already exists, we don't want to try to create it. if (iam_user_exists "$user_name"); then errecho "ERROR: A user with that name already exists in the account." return 1 fi response=$(aws iam create-user --user-name "$user_name" \ --output text \ --query 'User.Arn') local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-user operation failed.$response" return 1 fi echo "$response" return 0 } ############################################################################### # function iam_create_user_access_key # # This function creates an IAM access key for the specified user. # # Parameters: # -u user_name -- The name of the IAM user. # [-f file_name] -- The optional file name for the access key output. # # Returns: # [access_key_id access_key_secret] # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_user_access_key() { local user_name file_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user_access_key" echo "Creates an AWS Identity and Access Management (IAM) key pair." echo " -u user_name The name of the IAM user." echo " [-f file_name] Optional file name for the access key output." echo "" } # Retrieve the calling parameters. while getopts "u:f:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; f) file_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi response=$(aws iam create-access-key \ --user-name "$user_name" \ --output text) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-access-key operation failed.$response" return 1 fi if [[ -n "$file_name" ]]; then echo "$response" >"$file_name" fi local key_id key_secret # shellcheck disable=SC2086 key_id=$(echo $response | cut -f 2 -d ' ') # shellcheck disable=SC2086 key_secret=$(echo $response | cut -f 4 -d ' ') echo "$key_id $key_secret" return 0 } ############################################################################### # function iam_create_role # # This function creates an IAM role. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_json -- The assume role policy document. # # Returns: # The ARN of the role. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_role() { local role_name policy_document response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user_access_key" echo "Creates an AWS Identity and Access Management (IAM) role." echo " -n role_name The name of the IAM role." echo " -p policy_json -- The assume role policy document." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_document="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_document" ]]; then errecho "ERROR: You must provide a policy document with the -p parameter." usage return 1 fi response=$(aws iam create-role \ --role-name "$role_name" \ --assume-role-policy-document "$policy_document" \ --output text \ --query Role.Arn) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-role operation failed.\n$response" return 1 fi echo "$response" return 0 } ############################################################################### # function iam_create_policy # # This function creates an IAM policy. # # Parameters: # -n policy_name -- The name of the IAM policy. # -p policy_json -- The policy document. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_policy() { local policy_name policy_document response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_policy" echo "Creates an AWS Identity and Access Management (IAM) policy." echo " -n policy_name The name of the IAM policy." echo " -p policy_json -- The policy document." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) policy_name="${OPTARG}" ;; p) policy_document="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$policy_name" ]]; then errecho "ERROR: You must provide a policy name with the -n parameter." usage return 1 fi if [[ -z "$policy_document" ]]; then errecho "ERROR: You must provide a policy document with the -p parameter." usage return 1 fi response=$(aws iam create-policy \ --policy-name "$policy_name" \ --policy-document "$policy_document" \ --output text \ --query Policy.Arn) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-policy operation failed.\n$response" return 1 fi echo "$response" } ############################################################################### # function iam_attach_role_policy # # This function attaches an IAM policy to a tole. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_ARN -- The IAM policy document ARN.. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_attach_role_policy() { local role_name policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_attach_role_policy" echo "Attaches an AWS Identity and Access Management (IAM) policy to an IAM role." echo " -n role_name The name of the IAM role." echo " -p policy_ARN -- The IAM policy document ARN." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy ARN with the -p parameter." usage return 1 fi response=$(aws iam attach-role-policy \ --role-name "$role_name" \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports attach-role-policy operation failed.\n$response" return 1 fi echo "$response" return 0 } ############################################################################### # function iam_detach_role_policy # # This function detaches an IAM policy to a tole. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_ARN -- The IAM policy document ARN.. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_detach_role_policy() { local role_name policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_detach_role_policy" echo "Detaches an AWS Identity and Access Management (IAM) policy to an IAM role." echo " -n role_name The name of the IAM role." echo " -p policy_ARN -- The IAM policy document ARN." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy ARN with the -p parameter." usage return 1 fi response=$(aws iam detach-role-policy \ --role-name "$role_name" \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports detach-role-policy operation failed.\n$response" return 1 fi echo "$response" return 0 } ############################################################################### # function iam_delete_policy # # This function deletes an IAM policy. # # Parameters: # -n policy_arn -- The name of the IAM policy arn. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_policy() { local policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_policy" echo "Deletes an AWS Identity and Access Management (IAM) policy" echo " -n policy_arn -- The name of the IAM policy arn." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy arn with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " Policy arn: $policy_arn" iecho "" response=$(aws iam delete-policy \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-policy operation failed.\n$response" return 1 fi iecho "delete-policy response:$response" iecho return 0 } ############################################################################### # function iam_delete_role # # This function deletes an IAM role. # # Parameters: # -n role_name -- The name of the IAM role. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_role() { local role_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_role" echo "Deletes an AWS Identity and Access Management (IAM) role" echo " -n role_name -- The name of the IAM role." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 echo "role_name:$role_name" if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " Role name: $role_name" iecho "" response=$(aws iam delete-role \ --role-name "$role_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-role operation failed.\n$response" return 1 fi iecho "delete-role response:$response" iecho return 0 } ############################################################################### # function iam_delete_access_key # # This function deletes an IAM access key for the specified IAM user. # # Parameters: # -u user_name -- The name of the user. # -k access_key -- The access key to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_access_key() { local user_name access_key response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_access_key" echo "Deletes an AWS Identity and Access Management (IAM) access key for the specified IAM user" echo " -u user_name The name of the user." echo " -k access_key The access key to delete." echo "" } # Retrieve the calling parameters. while getopts "u:k:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; k) access_key="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi if [[ -z "$access_key" ]]; then errecho "ERROR: You must provide an access key with the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " Username: $user_name" iecho " Access key: $access_key" iecho "" response=$(aws iam delete-access-key \ --user-name "$user_name" \ --access-key-id "$access_key") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-access-key operation failed.\n$response" return 1 fi iecho "delete-access-key response:$response" iecho return 0 } ############################################################################### # function iam_delete_user # # This function deletes the specified IAM user. # # Parameters: # -u user_name -- The name of the user to create. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_user() { local user_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_user" echo "Deletes an AWS Identity and Access Management (IAM) user. You must supply a username:" echo " -u user_name The name of the user." echo "" } # Retrieve the calling parameters. while getopts "u:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi iecho "Parameters:\n" iecho " User name: $user_name" iecho "" # If the user does not exist, we don't want to try to delete it. if (! iam_user_exists "$user_name"); then errecho "ERROR: A user with that name does not exist in the account." return 1 fi response=$(aws iam delete-user \ --user-name "$user_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-user operation failed.$response" return 1 fi iecho "delete-user response:$response" iecho return 0 } ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy) + [CreateAccessKey](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateAccessKey) + [CreatePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreatePolicy) + [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole) + [CreateUser](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateUser) + [DeleteAccessKey](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteAccessKey) + [DeletePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeletePolicy) + [DeleteRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteRole) + [DeleteUser](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteUser) + [DeleteUserPolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteUserPolicy) + [DetachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DetachRolePolicy) + [PutUserPolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/PutUserPolicy) ## Ações ### `AttachRolePolicy` O código de exemplo a seguir mostra como usar `AttachRolePolicy`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_attach_role_policy # # This function attaches an IAM policy to a tole. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_ARN -- The IAM policy document ARN.. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_attach_role_policy() { local role_name policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_attach_role_policy" echo "Attaches an AWS Identity and Access Management (IAM) policy to an IAM role." echo " -n role_name The name of the IAM role." echo " -p policy_ARN -- The IAM policy document ARN." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy ARN with the -p parameter." usage return 1 fi response=$(aws iam attach-role-policy \ --role-name "$role_name" \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports attach-role-policy operation failed.\n$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy)em *Referência de AWS CLI Comandos*. ### `CreateAccessKey` O código de exemplo a seguir mostra como usar `CreateAccessKey`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_create_user_access_key # # This function creates an IAM access key for the specified user. # # Parameters: # -u user_name -- The name of the IAM user. # [-f file_name] -- The optional file name for the access key output. # # Returns: # [access_key_id access_key_secret] # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_user_access_key() { local user_name file_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user_access_key" echo "Creates an AWS Identity and Access Management (IAM) key pair." echo " -u user_name The name of the IAM user." echo " [-f file_name] Optional file name for the access key output." echo "" } # Retrieve the calling parameters. while getopts "u:f:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; f) file_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi response=$(aws iam create-access-key \ --user-name "$user_name" \ --output text) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-access-key operation failed.$response" return 1 fi if [[ -n "$file_name" ]]; then echo "$response" >"$file_name" fi local key_id key_secret # shellcheck disable=SC2086 key_id=$(echo $response | cut -f 2 -d ' ') # shellcheck disable=SC2086 key_secret=$(echo $response | cut -f 4 -d ' ') echo "$key_id $key_secret" return 0 } ``` + Para obter detalhes da API, consulte [CreateAccessKey](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateAccessKey)em *Referência de AWS CLI Comandos*. ### `CreatePolicy` O código de exemplo a seguir mostra como usar `CreatePolicy`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_create_policy # # This function creates an IAM policy. # # Parameters: # -n policy_name -- The name of the IAM policy. # -p policy_json -- The policy document. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_policy() { local policy_name policy_document response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_policy" echo "Creates an AWS Identity and Access Management (IAM) policy." echo " -n policy_name The name of the IAM policy." echo " -p policy_json -- The policy document." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) policy_name="${OPTARG}" ;; p) policy_document="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$policy_name" ]]; then errecho "ERROR: You must provide a policy name with the -n parameter." usage return 1 fi if [[ -z "$policy_document" ]]; then errecho "ERROR: You must provide a policy document with the -p parameter." usage return 1 fi response=$(aws iam create-policy \ --policy-name "$policy_name" \ --policy-document "$policy_document" \ --output text \ --query Policy.Arn) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-policy operation failed.\n$response" return 1 fi echo "$response" } ``` + Para obter detalhes da API, consulte [CreatePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreatePolicy)em *Referência de AWS CLI Comandos*. ### `CreateRole` O código de exemplo a seguir mostra como usar `CreateRole`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_create_role # # This function creates an IAM role. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_json -- The assume role policy document. # # Returns: # The ARN of the role. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_role() { local role_name policy_document response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user_access_key" echo "Creates an AWS Identity and Access Management (IAM) role." echo " -n role_name The name of the IAM role." echo " -p policy_json -- The assume role policy document." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_document="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_document" ]]; then errecho "ERROR: You must provide a policy document with the -p parameter." usage return 1 fi response=$(aws iam create-role \ --role-name "$role_name" \ --assume-role-policy-document "$policy_document" \ --output text \ --query Role.Arn) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-role operation failed.\n$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole)em *Referência de AWS CLI Comandos*. ### `CreateUser` O código de exemplo a seguir mostra como usar `CreateUser`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_create_user # # This function creates the specified IAM user, unless # it already exists. # # Parameters: # -u user_name -- The name of the user to create. # # Returns: # The ARN of the user. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_create_user() { local user_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_create_user" echo "Creates an AWS Identity and Access Management (IAM) user. You must supply a username:" echo " -u user_name The name of the user. It must be unique within the account." echo "" } # Retrieve the calling parameters. while getopts "u:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi iecho "Parameters:\n" iecho " User name: $user_name" iecho "" # If the user already exists, we don't want to try to create it. if (iam_user_exists "$user_name"); then errecho "ERROR: A user with that name already exists in the account." return 1 fi response=$(aws iam create-user --user-name "$user_name" \ --output text \ --query 'User.Arn') local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-user operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [CreateUser](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateUser)em *Referência de AWS CLI Comandos*. ### `DeleteAccessKey` O código de exemplo a seguir mostra como usar `DeleteAccessKey`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_delete_access_key # # This function deletes an IAM access key for the specified IAM user. # # Parameters: # -u user_name -- The name of the user. # -k access_key -- The access key to delete. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_access_key() { local user_name access_key response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_access_key" echo "Deletes an AWS Identity and Access Management (IAM) access key for the specified IAM user" echo " -u user_name The name of the user." echo " -k access_key The access key to delete." echo "" } # Retrieve the calling parameters. while getopts "u:k:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; k) access_key="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi if [[ -z "$access_key" ]]; then errecho "ERROR: You must provide an access key with the -k parameter." usage return 1 fi iecho "Parameters:\n" iecho " Username: $user_name" iecho " Access key: $access_key" iecho "" response=$(aws iam delete-access-key \ --user-name "$user_name" \ --access-key-id "$access_key") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-access-key operation failed.\n$response" return 1 fi iecho "delete-access-key response:$response" iecho return 0 } ``` + Para obter detalhes da API, consulte [DeleteAccessKey](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteAccessKey)em *Referência de AWS CLI Comandos*. ### `DeletePolicy` O código de exemplo a seguir mostra como usar `DeletePolicy`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_delete_policy # # This function deletes an IAM policy. # # Parameters: # -n policy_arn -- The name of the IAM policy arn. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_policy() { local policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_policy" echo "Deletes an AWS Identity and Access Management (IAM) policy" echo " -n policy_arn -- The name of the IAM policy arn." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy arn with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " Policy arn: $policy_arn" iecho "" response=$(aws iam delete-policy \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-policy operation failed.\n$response" return 1 fi iecho "delete-policy response:$response" iecho return 0 } ``` + Para obter detalhes da API, consulte [DeletePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeletePolicy)em *Referência de AWS CLI Comandos*. ### `DeleteRole` O código de exemplo a seguir mostra como usar `DeleteRole`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_delete_role # # This function deletes an IAM role. # # Parameters: # -n role_name -- The name of the IAM role. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_role() { local role_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_role" echo "Deletes an AWS Identity and Access Management (IAM) role" echo " -n role_name -- The name of the IAM role." echo "" } # Retrieve the calling parameters. while getopts "n:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 echo "role_name:$role_name" if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi iecho "Parameters:\n" iecho " Role name: $role_name" iecho "" response=$(aws iam delete-role \ --role-name "$role_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-role operation failed.\n$response" return 1 fi iecho "delete-role response:$response" iecho return 0 } ``` + Para obter detalhes da API, consulte [DeleteRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteRole)em *Referência de AWS CLI Comandos*. ### `DeleteUser` O código de exemplo a seguir mostra como usar `DeleteUser`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_delete_user # # This function deletes the specified IAM user. # # Parameters: # -u user_name -- The name of the user to create. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_delete_user() { local user_name response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_delete_user" echo "Deletes an AWS Identity and Access Management (IAM) user. You must supply a username:" echo " -u user_name The name of the user." echo "" } # Retrieve the calling parameters. while getopts "u:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi iecho "Parameters:\n" iecho " User name: $user_name" iecho "" # If the user does not exist, we don't want to try to delete it. if (! iam_user_exists "$user_name"); then errecho "ERROR: A user with that name does not exist in the account." return 1 fi response=$(aws iam delete-user \ --user-name "$user_name") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports delete-user operation failed.$response" return 1 fi iecho "delete-user response:$response" iecho return 0 } ``` + Para obter detalhes da API, consulte [DeleteUser](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DeleteUser)em *Referência de AWS CLI Comandos*. ### `DetachRolePolicy` O código de exemplo a seguir mostra como usar `DetachRolePolicy`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_detach_role_policy # # This function detaches an IAM policy to a tole. # # Parameters: # -n role_name -- The name of the IAM role. # -p policy_ARN -- The IAM policy document ARN.. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_detach_role_policy() { local role_name policy_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function iam_detach_role_policy" echo "Detaches an AWS Identity and Access Management (IAM) policy to an IAM role." echo " -n role_name The name of the IAM role." echo " -p policy_ARN -- The IAM policy document ARN." echo "" } # Retrieve the calling parameters. while getopts "n:p:h" option; do case "${option}" in n) role_name="${OPTARG}" ;; p) policy_arn="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$role_name" ]]; then errecho "ERROR: You must provide a role name with the -n parameter." usage return 1 fi if [[ -z "$policy_arn" ]]; then errecho "ERROR: You must provide a policy ARN with the -p parameter." usage return 1 fi response=$(aws iam detach-role-policy \ --role-name "$role_name" \ --policy-arn "$policy_arn") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports detach-role-policy operation failed.\n$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [DetachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/DetachRolePolicy)em *Referência de AWS CLI Comandos*. ### `GetUser` O código de exemplo a seguir mostra como usar `GetUser`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_user_exists # # This function checks to see if the specified AWS Identity and Access Management (IAM) user already exists. # # Parameters: # $1 - The name of the IAM user to check. # # Returns: # 0 - If the user already exists. # 1 - If the user doesn't exist. ############################################################################### function iam_user_exists() { local user_name user_name=$1 # Check whether the IAM user already exists. # We suppress all output - we're interested only in the return code. local errors errors=$(aws iam get-user \ --user-name "$user_name" 2>&1 >/dev/null) local error_code=${?} if [[ $error_code -eq 0 ]]; then return 0 # 0 in Bash script means true. else if [[ $errors != *"error"*"(NoSuchEntity)"* ]]; then aws_cli_error_log $error_code errecho "Error calling iam get-user $errors" fi return 1 # 1 in Bash script means false. fi } ``` + Para obter detalhes da API, consulte [GetUser](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/GetUser)em *Referência de AWS CLI Comandos*. ### `ListAccessKeys` O código de exemplo a seguir mostra como usar `ListAccessKeys`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_list_access_keys # # This function lists the access keys for the specified user. # # Parameters: # -u user_name -- The name of the IAM user. # # Returns: # access_key_ids # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_list_access_keys() { # bashsupport disable=BP5008 function usage() { echo "function iam_list_access_keys" echo "Lists the AWS Identity and Access Management (IAM) access key IDs for the specified user." echo " -u user_name The name of the IAM user." echo "" } local user_name response local option OPTARG # Required to use getopts command in a function. # Retrieve the calling parameters. while getopts "u:h" option; do case "${option}" in u) user_name="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi response=$(aws iam list-access-keys \ --user-name "$user_name" \ --output text \ --query 'AccessKeyMetadata[].AccessKeyId') local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports list-access-keys operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [ListAccessKeys](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/ListAccessKeys)em *Referência de AWS CLI Comandos*. ### `ListUsers` O código de exemplo a seguir mostra como usar `ListUsers`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function iam_list_users # # List the IAM users in the account. # # Returns: # The list of users names # And: # 0 - If the user already exists. # 1 - If the user doesn't exist. ############################################################################### function iam_list_users() { local option OPTARG # Required to use getopts command in a function. local error_code # bashsupport disable=BP5008 function usage() { echo "function iam_list_users" echo "Lists the AWS Identity and Access Management (IAM) user in the account." echo "" } # Retrieve the calling parameters. while getopts "h" option; do case "${option}" in h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 local response response=$(aws iam list-users \ --output text \ --query "Users[].UserName") error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports list-users operation failed.$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [ListUsers](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/ListUsers)em *Referência de AWS CLI Comandos*. ### `UpdateAccessKey` O código de exemplo a seguir mostra como usar `UpdateAccessKey`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iam_update_access_key # # This function can activate or deactivate an IAM access key for the specified IAM user. # # Parameters: # -u user_name -- The name of the user. # -k access_key -- The access key to update. # -a -- Activate the selected access key. # -d -- Deactivate the selected access key. # # Example: # # To deactivate the selected access key for IAM user Bob # iam_update_access_key -u Bob -k AKIAIOSFODNN7EXAMPLE -d # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function iam_update_access_key() { local user_name access_key status response local option OPTARG # Required to use getopts command in a function. local activate_flag=false deactivate_flag=false # bashsupport disable=BP5008 function usage() { echo "function iam_update_access_key" echo "Updates the status of an AWS Identity and Access Management (IAM) access key for the specified IAM user" echo " -u user_name The name of the user." echo " -k access_key The access key to update." echo " -a Activate the access key." echo " -d Deactivate the access key." echo "" } # Retrieve the calling parameters. while getopts "u:k:adh" option; do case "${option}" in u) user_name="${OPTARG}" ;; k) access_key="${OPTARG}" ;; a) activate_flag=true ;; d) deactivate_flag=true ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate input parameters if [[ -z "$user_name" ]]; then errecho "ERROR: You must provide a username with the -u parameter." usage return 1 fi if [[ -z "$access_key" ]]; then errecho "ERROR: You must provide an access key with the -k parameter." usage return 1 fi # Ensure that only -a or -d is specified if [[ "$activate_flag" == true && "$deactivate_flag" == true ]]; then errecho "ERROR: You cannot specify both -a (activate) and -d (deactivate) at the same time." usage return 1 fi # If neither -a nor -d is provided, return an error if [[ "$activate_flag" == false && "$deactivate_flag" == false ]]; then errecho "ERROR: You must specify either -a (activate) or -d (deactivate)." usage return 1 fi # Determine the status based on the flag if [[ "$activate_flag" == true ]]; then status="Active" elif [[ "$deactivate_flag" == true ]]; then status="Inactive" fi iecho "Parameters:\n" iecho " Username: $user_name" iecho " Access key: $access_key" iecho " New status: $status" iecho "" # Update the access key status response=$(aws iam update-access-key \ --user-name "$user_name" \ --access-key-id "$access_key" \ --status "$status" 2>&1) local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports update-access-key operation failed.\n$response" return 1 fi iecho "update-access-key response: $response" iecho return 0 } ``` + Para obter detalhes da API, consulte [UpdateAccessKey](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/UpdateAccessKey)em *Referência de AWS CLI Comandos*. ## Cenários ### Configuração do controle de acesso por atributo O exemplo de código apresentado a seguir demonstra como implementar o controle de acesso por atributo (ABAC) no DynamoDB. + Crie uma política do IAM para o ABAC. + Crie tabelas com etiquetas que representem diferentes departamentos. + Liste e filtre tabelas com base nas etiquetas. **AWS CLI com script Bash** Crie uma política do IAM para o ABAC. ``` # Step 1: Create a policy document for ABAC cat > abac-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:*:*:table/*", "Condition": { "StringEquals": { "aws:ResourceTag/Department": "${aws:PrincipalTag/Department}" } } }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem" ], "Resource": "arn:aws:dynamodb:*:*:table/*", "Condition": { "StringEquals": { "aws:ResourceTag/Department": "${aws:PrincipalTag/Department}", "aws:ResourceTag/Environment": "Development" } } } ] } EOF # Step 2: Create the IAM policy aws iam create-policy \ --policy-name DynamoDBDepartmentBasedAccess \ --policy-document file://abac-policy.json ``` Crie tabelas com etiquetas que representem diferentes departamentos. ``` # Create a DynamoDB table with tags for ABAC aws dynamodb create-table \ --table-name FinanceData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Department,Value=Finance \ Key=Environment,Value=Development # Create another table with different tags aws dynamodb create-table \ --table-name MarketingData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --tags \ Key=Department,Value=Marketing \ Key=Environment,Value=Production ``` Liste e filtre tabelas com base nas etiquetas. ``` # List all DynamoDB tables echo "Listing all tables:" aws dynamodb list-tables # Get ARNs for all tables echo -e "\nGetting ARNs for all tables:" TABLE_ARNS=$(aws dynamodb list-tables --query "TableNames[*]" --output text | xargs -I {} aws dynamodb describe-table --table-name {} --query "Table.TableArn" --output text) # For each table ARN, list its tags echo -e "\nListing tags for each table:" for ARN in $TABLE_ARNS; do TABLE_NAME=$(echo $ARN | awk -F/ '{print $2}') echo -e "\nTags for table: $TABLE_NAME" aws dynamodb list-tags-of-resource --resource-arn $ARN done # Example: Find tables with a specific tag echo -e "\nFinding tables with Environment=Production tag:" for ARN in $TABLE_ARNS; do TABLE_NAME=$(echo $ARN | awk -F/ '{print $2}') TAGS=$(aws dynamodb list-tags-of-resource --resource-arn $ARN --query "Tags[?Key=='Environment' && Value=='Production']" --output text) if [ ! -z "$TAGS" ]; then echo "Table with Production tag: $TABLE_NAME" fi done ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreatePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreatePolicy) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [ListTables](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/ListTables) ### Trabalhe com Streams e Time-to-Live O exemplo de código a seguir mostra como gerenciar os recursos e os streams do DynamoDB. Time-to-Live + Crie uma tabela com a opção de fluxos habilitada. + Descreva os fluxos. + Crie uma função do Lambda para processar os fluxos. + Habilite a vida útil (TTL) em uma tabela. + Adicione itens com atributos de TTL. + Descreva as configurações de TTL. **AWS CLI com script Bash** Crie uma tabela com a opção de fluxos habilitada. ``` # Create a table with DynamoDB Streams enabled aws dynamodb create-table \ --table-name StreamsDemo \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES ``` Descreva os fluxos. ``` # Get information about the stream aws dynamodb describe-table \ --table-name StreamsDemo \ --query "Table.StreamSpecification" # Get the stream ARN STREAM_ARN=$(aws dynamodb describe-table \ --table-name StreamsDemo \ --query "Table.LatestStreamArn" \ --output text) echo "Stream ARN: $STREAM_ARN" # Describe the stream aws dynamodbstreams describe-stream \ --stream-arn $STREAM_ARN ``` Crie uma função do Lambda para os fluxos. ``` # Step 1: Create an IAM role for the Lambda function cat > trust-policy.json << 'EOF' { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF aws iam create-role \ --role-name DynamoDBStreamsLambdaRole \ --assume-role-policy-document file://trust-policy.json # Step 2: Attach permissions to the role aws iam attach-role-policy \ --role-name DynamoDBStreamsLambdaRole \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole # Step 3: Create a Lambda function (code would be in a separate file) echo "Lambda function creation would be done separately with appropriate code" # Step 4: Create an event source mapping echo "Example command to create event source mapping:" echo "aws lambda create-event-source-mapping \\" echo " --function-name ProcessDynamoDBRecords \\" echo " --event-source $STREAM_ARN \\" echo " --batch-size 100 \\" echo " --starting-position LATEST" ``` Habilite a vida útil (TTL) em uma tabela. ``` # Create a table for TTL demonstration aws dynamodb create-table \ --table-name TTLDemo \ --attribute-definitions \ AttributeName=ID,AttributeType=S \ --key-schema \ AttributeName=ID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST # Wait for table to become active aws dynamodb wait table-exists --table-name TTLDemo # Enable TTL on the table aws dynamodb update-time-to-live \ --table-name TTLDemo \ --time-to-live-specification "Enabled=true, AttributeName=ExpirationTime" ``` Adicione itens com atributos de TTL. ``` # Calculate expiration time (current time + 1 day in seconds) EXPIRATION_TIME=$(date -d "+1 day" +%s) # Add an item with TTL attribute aws dynamodb put-item \ --table-name TTLDemo \ --item '{ "ID": {"S": "item1"}, "Data": {"S": "This item will expire in 1 day"}, "ExpirationTime": {"N": "'$EXPIRATION_TIME'"} }' # Add an item that expires in 1 hour EXPIRATION_TIME_HOUR=$(date -d "+1 hour" +%s) aws dynamodb put-item \ --table-name TTLDemo \ --item '{ "ID": {"S": "item2"}, "Data": {"S": "This item will expire in 1 hour"}, "ExpirationTime": {"N": "'$EXPIRATION_TIME_HOUR'"} }' ``` Descreva as configurações de TTL. ``` # Describe TTL settings for a table aws dynamodb describe-time-to-live \ --table-name TTLDemo ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AttachRolePolicy](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/AttachRolePolicy) + [CreateRole](https://docs.aws.amazon.com/goto/aws-cli/iam-2010-05-08/CreateRole) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [DescribeTimeToLive](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTimeToLive) + [PutItem](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem) + [UpdateTimeToLive](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTimeToLive) # AWS KMS exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with AWS KMS. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Cenários](#scenarios) ## Cenários ### Trabalhar com a criptografia de tabelas O exemplo de código a seguir mostra como gerenciar opções de criptografia para tabelas do DynamoDB. + Crie uma tabela com a criptografia padrão. + Crie uma tabela com uma chave gerenciada pelo cliente (CMK). + Atualize as configurações de criptografia da tabela. + Descreva a criptografia da tabela. **AWS CLI com script Bash** Crie uma tabela com a criptografia padrão. ``` # Create a table with default encryption (AWS owned key) aws dynamodb create-table \ --table-name CustomerData \ --attribute-definitions \ AttributeName=CustomerID,AttributeType=S \ --key-schema \ AttributeName=CustomerID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --sse-specification Enabled=true,SSEType=KMS ``` Crie uma tabela com uma chave gerenciada pelo cliente (CMK). ``` # Step 1: Create a customer managed key in KMS aws kms create-key \ --description "Key for DynamoDB table encryption" \ --key-usage ENCRYPT_DECRYPT \ --customer-master-key-spec SYMMETRIC_DEFAULT # Store the key ID for later use KEY_ID=$(aws kms list-keys --query "Keys[?contains(KeyArn, 'Key for DynamoDB')].KeyId" --output text) # Step 2: Create a table with the customer managed key aws dynamodb create-table \ --table-name SensitiveData \ --attribute-definitions \ AttributeName=RecordID,AttributeType=S \ --key-schema \ AttributeName=RecordID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=$KEY_ID ``` Atualize a criptografia da tabela. ``` # Update a table to use a different KMS key aws dynamodb update-table \ --table-name CustomerData \ --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=$KEY_ID ``` Descreva a criptografia da tabela. ``` # Describe the table to see encryption settings aws dynamodb describe-table \ --table-name CustomerData \ --query "Table.SSEDescription" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CreateKey](https://docs.aws.amazon.com/goto/aws-cli/kms-2014-11-01/CreateKey) + [CreateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/CreateTable) + [DescribeTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/DescribeTable) + [UpdateTable](https://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/UpdateTable) # Exemplos AWS CLI do Lightsail usando o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with Lightsail. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Cenários](#scenarios) ## Cenários ### Comece a usar o Lightsail O exemplo de código a seguir mostra como: + Explorar os esquemas e pacotes disponíveis para criação de instâncias. + Crie uma instância do Lightsail com o Amazon Linux 2023 + Monitorar o status da instância até que esteja em execução. + Baixar o par de chaves padrão para acesso SSH. + Criar e conectar um disco adicional de armazenamento em bloco. + Criar um snapshot da instância para backup. + Limpar os recursos para evitar cobranças contínuas. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/001-lightsail-gs). ``` #!/bin/bash # Amazon Lightsail Getting Started CLI Script # This script demonstrates how to create and manage Lightsail resources using the AWS CLI # FIXES APPLIED: # 1. Added polling mechanism to check disk state before attaching # 2. Added polling mechanism to check snapshot state before proceeding with cleanup # 3. Set AWS_REGION variable to us-west-2 for consistent region usage # Set AWS region export AWS_REGION="us-west-2" echo "Using AWS region: $AWS_REGION" # Set up logging LOG_FILE="lightsail-script.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Lightsail Getting Started script at $(date)" # Error handling function handle_error() { echo "ERROR: $1" echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to check if a command succeeded check_status() { if [ $? -ne 0 ]; then handle_error "$1" fi } # Generate a random identifier for resource names RANDOM_ID=$(openssl rand -hex 4) INSTANCE_NAME="LightsailInstance-${RANDOM_ID}" DISK_NAME="LightsailDisk-${RANDOM_ID}" SNAPSHOT_NAME="LightsailSnapshot-${RANDOM_ID}" # Array to track created resources declare -a CREATED_RESOURCES # Function to add a resource to the tracking array track_resource() { CREATED_RESOURCES+=("$1:$2") echo "Created $1: $2" } # Function to clean up resources cleanup_resources() { echo "Resources created by this script:" for resource in "${CREATED_RESOURCES[@]}"; do echo " $resource" done # Reverse the array to delete resources in reverse order for (( idx=${#CREATED_RESOURCES[@]}-1 ; idx>=0 ; idx-- )); do IFS=':' read -r type name <<< "${CREATED_RESOURCES[idx]}" case "$type" in "instance_snapshot") echo "Deleting instance snapshot: $name" aws lightsail delete-instance-snapshot --instance-snapshot-name "$name" --region $AWS_REGION ;; "disk_snapshot") echo "Deleting disk snapshot: $name" aws lightsail delete-disk-snapshot --disk-snapshot-name "$name" --region $AWS_REGION ;; "disk") echo "Detaching disk: $name" aws lightsail detach-disk --disk-name "$name" --region $AWS_REGION sleep 10 # Wait for detach to complete echo "Deleting disk: $name" aws lightsail delete-disk --disk-name "$name" --region $AWS_REGION ;; "instance") echo "Deleting instance: $name" # Check instance state before attempting to delete INSTANCE_STATE=$(aws lightsail get-instance-state --instance-name "$name" --region $AWS_REGION --query 'state.name' --output text 2>/dev/null) if [ "$INSTANCE_STATE" == "pending" ]; then echo "Instance is in pending state. Waiting for it to be ready before deleting..." MAX_WAIT=30 WAITED=0 while [ "$INSTANCE_STATE" == "pending" ] && [ $WAITED -lt $MAX_WAIT ]; do sleep 10 WAITED=$((WAITED+1)) INSTANCE_STATE=$(aws lightsail get-instance-state --instance-name "$name" --region $AWS_REGION --query 'state.name' --output text 2>/dev/null) echo "Instance state: $INSTANCE_STATE" done fi aws lightsail delete-instance --instance-name "$name" --region $AWS_REGION ;; esac done echo "Cleanup completed" } # Step 1: Verify AWS CLI configuration echo "Step 1: Verifying AWS CLI configuration" aws configure list check_status "Failed to verify AWS CLI configuration" # Step 2: Get available blueprints and bundles echo "Step 2: Getting available blueprints and bundles" echo "Available blueprints (showing first 5):" aws lightsail get-blueprints --region $AWS_REGION --query 'blueprints[0:5].[blueprintId,name]' --output table check_status "Failed to get blueprints" echo "Available bundles (showing first 5):" aws lightsail get-bundles --region $AWS_REGION --query 'bundles[0:5].[bundleId,name,price]' --output table check_status "Failed to get bundles" # Get available regions and availability zones echo "Getting available regions and availability zones" # Use a specific availability zone in us-west-2 region AVAILABILITY_ZONE="us-west-2a" echo "Using availability zone: $AVAILABILITY_ZONE" # Step 3: Create a Lightsail instance echo "Step 3: Creating Lightsail instance: $INSTANCE_NAME" aws lightsail create-instances \ --instance-names "$INSTANCE_NAME" \ --availability-zone "$AVAILABILITY_ZONE" \ --blueprint-id amazon_linux_2023 \ --bundle-id nano_3_0 \ --region $AWS_REGION check_status "Failed to create Lightsail instance" track_resource "instance" "$INSTANCE_NAME" # Wait for the instance to be in a running state echo "Waiting for instance to be in running state..." # Wait for the instance to be ready (polling approach) MAX_ATTEMPTS=30 ATTEMPTS=0 while [ $ATTEMPTS -lt $MAX_ATTEMPTS ]; do STATUS=$(aws lightsail get-instance-state --instance-name "$INSTANCE_NAME" --region $AWS_REGION --query 'state.name' --output text) if [ "$STATUS" == "running" ]; then echo "Instance is now running" break fi echo "Instance status: $STATUS. Waiting..." ATTEMPTS=$((ATTEMPTS+1)) sleep 10 done if [ $ATTEMPTS -eq $MAX_ATTEMPTS ]; then handle_error "Instance failed to reach running state after 5 minutes" fi # Get instance details echo "Getting instance details" INSTANCE_IP=$(aws lightsail get-instance --instance-name "$INSTANCE_NAME" --region $AWS_REGION --query 'instance.publicIpAddress' --output text) check_status "Failed to get instance IP address" echo "Instance IP address: $INSTANCE_IP" # Step 4: Download the default key pair echo "Step 4: Downloading default key pair" KEY_FILE="lightsail_key_${RANDOM_ID}.pem" aws lightsail download-default-key-pair --region $AWS_REGION --output text > "$KEY_FILE" check_status "Failed to download key pair" chmod 400 "$KEY_FILE" check_status "Failed to set permissions on key pair" echo "Key pair downloaded to $KEY_FILE" echo "To connect to your instance, use:" echo "ssh -i $KEY_FILE ec2-user@$INSTANCE_IP" # Step 5: Create a block storage disk echo "Step 5: Creating block storage disk: $DISK_NAME" aws lightsail create-disk \ --disk-name "$DISK_NAME" \ --availability-zone "$AVAILABILITY_ZONE" \ --size-in-gb 8 \ --region $AWS_REGION check_status "Failed to create disk" track_resource "disk" "$DISK_NAME" # FIX: Wait for the disk to be available using polling instead of fixed sleep echo "Waiting for disk to be available..." MAX_ATTEMPTS=30 ATTEMPTS=0 while [ $ATTEMPTS -lt $MAX_ATTEMPTS ]; do DISK_STATE=$(aws lightsail get-disk --disk-name "$DISK_NAME" --region $AWS_REGION --query 'disk.state' --output text 2>/dev/null) if [ "$DISK_STATE" == "available" ]; then echo "Disk is now available" break fi echo "Disk status: $DISK_STATE. Waiting..." ATTEMPTS=$((ATTEMPTS+1)) sleep 10 done if [ $ATTEMPTS -eq $MAX_ATTEMPTS ]; then handle_error "Disk failed to become available after 5 minutes" fi # Attach the disk to the instance echo "Attaching disk to instance" aws lightsail attach-disk \ --disk-name "$DISK_NAME" \ --instance-name "$INSTANCE_NAME" \ --disk-path /dev/xvdf \ --region $AWS_REGION check_status "Failed to attach disk to instance" echo "Disk attached. To format and mount the disk, connect to your instance and run:" echo "sudo mkfs -t ext4 /dev/xvdf" echo "sudo mkdir -p /mnt/my-data" echo "sudo mount /dev/xvdf /mnt/my-data" echo "sudo chown ec2-user:ec2-user /mnt/my-data" # Step 6: Create a snapshot of the instance echo "Step 6: Creating snapshot of the instance: $SNAPSHOT_NAME" aws lightsail create-instance-snapshot \ --instance-name "$INSTANCE_NAME" \ --instance-snapshot-name "$SNAPSHOT_NAME" \ --region $AWS_REGION check_status "Failed to create instance snapshot" track_resource "instance_snapshot" "$SNAPSHOT_NAME" # FIX: Wait for the snapshot to complete using polling instead of fixed sleep echo "Waiting for snapshot to complete... (this may take several minutes)" MAX_ATTEMPTS=60 # Increased timeout for snapshot creation ATTEMPTS=0 while [ $ATTEMPTS -lt $MAX_ATTEMPTS ]; do SNAPSHOT_STATE=$(aws lightsail get-instance-snapshot --instance-snapshot-name "$SNAPSHOT_NAME" --region $AWS_REGION --query 'instanceSnapshot.state' --output text 2>/dev/null) if [ "$SNAPSHOT_STATE" == "completed" ]; then echo "Snapshot creation completed" break fi echo "Snapshot status: $SNAPSHOT_STATE. Waiting... ($ATTEMPTS/$MAX_ATTEMPTS)" ATTEMPTS=$((ATTEMPTS+1)) sleep 10 done if [ $ATTEMPTS -eq $MAX_ATTEMPTS ]; then echo "Warning: Snapshot creation is taking longer than expected but will continue in the background." echo "You can check its status later with: aws lightsail get-instance-snapshot --instance-snapshot-name $SNAPSHOT_NAME --region $AWS_REGION" fi # Step 7: Clean up resources echo "Step 7: Clean up resources" echo "The script has created the following resources:" for resource in "${CREATED_RESOURCES[@]}"; do echo " $resource" done read -p "Do you want to clean up these resources? (y/n): " CLEANUP_CONFIRM if [[ "$CLEANUP_CONFIRM" == "y" || "$CLEANUP_CONFIRM" == "Y" ]]; then cleanup_resources else echo "Resources will not be cleaned up. You can manually delete them later." echo "To clean up manually, use the following commands:" echo "aws lightsail delete-instance-snapshot --instance-snapshot-name $SNAPSHOT_NAME --region $AWS_REGION" echo "aws lightsail detach-disk --disk-name $DISK_NAME --region $AWS_REGION" echo "aws lightsail delete-disk --disk-name $DISK_NAME --region $AWS_REGION" echo "aws lightsail delete-instance --instance-name $INSTANCE_NAME --region $AWS_REGION" fi echo "Script completed at $(date)" ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [AttachDisk](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/AttachDisk) + [CreateDisk](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/CreateDisk) + [CreateInstanceSnapshot](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/CreateInstanceSnapshot) + [CreateInstances](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/CreateInstances) + [DeleteDisk](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/DeleteDisk) + [DeleteInstance](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/DeleteInstance) + [DeleteInstanceSnapshot](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/DeleteInstanceSnapshot) + [DetachDisk](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/DetachDisk) + [DownloadDefaultKeyPair](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/DownloadDefaultKeyPair) + [GetBlueprints](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetBlueprints) + [GetBundles](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetBundles) + [GetDisk](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetDisk) + [GetInstance](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetInstance) + [GetInstanceSnapshot](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetInstanceSnapshot) + [GetInstanceState](https://docs.aws.amazon.com/goto/aws-cli/lightsail-2016-11-28/GetInstanceState) # Exemplos do Amazon S3 usando o script AWS CLI Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash com o Amazon S3. As *noções básicas* são exemplos de código que mostram como realizar as operações essenciais em um serviço. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. *Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Conceitos básicos](#basics) + [Ações](#actions) + [Cenários](#scenarios) ## Conceitos básicos ### Conheça os conceitos básicos O exemplo de código a seguir mostra como: + Criar um bucket e fazer upload de um arquivo para ele. + Baixar um objeto de um bucket. + Copiar um objeto em uma subpasta em um bucket. + Listar os objetos em um bucket. + Exclua os objetos do bucket e o bucket. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function s3_getting_started # # This function creates, copies, and deletes S3 buckets and objects. # # Returns: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function s3_getting_started() { { if [ "$BUCKET_OPERATIONS_SOURCED" != "True" ]; then cd bucket-lifecycle-operations || exit source ./bucket_operations.sh cd .. fi } echo_repeat "*" 88 echo "Welcome to the Amazon S3 getting started demo." echo_repeat "*" 88 echo "A unique bucket will be created by appending a Universally Unique Identifier to a bucket name prefix." echo -n "Enter a prefix for the S3 bucket that will be used in this demo: " get_input bucket_name_prefix=$get_input_result local bucket_name bucket_name=$(generate_random_name "$bucket_name_prefix") local region_code region_code=$(aws configure get region) if create_bucket -b "$bucket_name" -r "$region_code"; then echo "Created demo bucket named $bucket_name" else errecho "The bucket failed to create. This demo will exit." return 1 fi local file_name while [ -z "$file_name" ]; do echo -n "Enter a file you want to upload to your bucket: " get_input file_name=$get_input_result if [ ! -f "$file_name" ]; then echo "Could not find file $file_name. Are you sure it exists?" file_name="" fi done local key key="$(basename "$file_name")" local result=0 if copy_file_to_bucket "$bucket_name" "$file_name" "$key"; then echo "Uploaded file $file_name into bucket $bucket_name with key $key." else result=1 fi local destination_file destination_file="$file_name.download" if yes_no_input "Would you like to download $key to the file $destination_file? (y/n) "; then if download_object_from_bucket "$bucket_name" "$destination_file" "$key"; then echo "Downloaded $key in the bucket $bucket_name to the file $destination_file." else result=1 fi fi if yes_no_input "Would you like to copy $key a new object key in your bucket? (y/n) "; then local to_key to_key="demo/$key" if copy_item_in_bucket "$bucket_name" "$key" "$to_key"; then echo "Copied $key in the bucket $bucket_name to the $to_key." else result=1 fi fi local bucket_items bucket_items=$(list_items_in_bucket "$bucket_name") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then result=1 fi echo "Your bucket contains the following items." echo -e "Name\t\tSize" echo "$bucket_items" if yes_no_input "Delete the bucket, $bucket_name, as well as the objects in it? (y/n) "; then bucket_items=$(echo "$bucket_items" | cut -f 1) if delete_items_in_bucket "$bucket_name" "$bucket_items"; then echo "The following items were deleted from the bucket $bucket_name" echo "$bucket_items" else result=1 fi if delete_bucket "$bucket_name"; then echo "Deleted the bucket $bucket_name" else result=1 fi fi return $result } ``` As funções do Amazon S3 usadas nesse cenário. ``` ############################################################################### # function create-bucket # # This function creates the specified bucket in the specified AWS Region, unless # it already exists. # # Parameters: # -b bucket_name -- The name of the bucket to create. # -r region_code -- The code for an AWS Region in which to # create the bucket. # # Returns: # The URL of the bucket that was created. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function create_bucket() { local bucket_name region_code response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function create_bucket" echo "Creates an Amazon S3 bucket. You must supply a bucket name:" echo " -b bucket_name The name of the bucket. It must be globally unique." echo " [-r region_code] The code for an AWS Region in which the bucket is created." echo "" } # Retrieve the calling parameters. while getopts "b:r:h" option; do case "${option}" in b) bucket_name="${OPTARG}" ;; r) region_code="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done if [[ -z "$bucket_name" ]]; then errecho "ERROR: You must provide a bucket name with the -b parameter." usage return 1 fi local bucket_config_arg # A location constraint for "us-east-1" returns an error. if [[ -n "$region_code" ]] && [[ "$region_code" != "us-east-1" ]]; then bucket_config_arg="--create-bucket-configuration LocationConstraint=$region_code" fi iecho "Parameters:\n" iecho " Bucket name: $bucket_name" iecho " Region code: $region_code" iecho "" # If the bucket already exists, we don't want to try to create it. if (bucket_exists "$bucket_name"); then errecho "ERROR: A bucket with that name already exists. Try again." return 1 fi # shellcheck disable=SC2086 response=$(aws s3api create-bucket \ --bucket "$bucket_name" \ $bucket_config_arg) # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports create-bucket operation failed.\n$response" return 1 fi } ############################################################################### # function copy_file_to_bucket # # This function creates a file in the specified bucket. # # Parameters: # $1 - The name of the bucket to copy the file to. # $2 - The path and file name of the local file to copy to the bucket. # $3 - The key (name) to call the copy of the file in the bucket. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function copy_file_to_bucket() { local response bucket_name source_file destination_file_name bucket_name=$1 source_file=$2 destination_file_name=$3 response=$(aws s3api put-object \ --bucket "$bucket_name" \ --body "$source_file" \ --key "$destination_file_name") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports put-object operation failed.\n$response" return 1 fi } ############################################################################### # function download_object_from_bucket # # This function downloads an object in a bucket to a file. # # Parameters: # $1 - The name of the bucket to download the object from. # $2 - The path and file name to store the downloaded bucket. # $3 - The key (name) of the object in the bucket. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function download_object_from_bucket() { local bucket_name=$1 local destination_file_name=$2 local object_name=$3 local response response=$(aws s3api get-object \ --bucket "$bucket_name" \ --key "$object_name" \ "$destination_file_name") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports put-object operation failed.\n$response" return 1 fi } ############################################################################### # function copy_item_in_bucket # # This function creates a copy of the specified file in the same bucket. # # Parameters: # $1 - The name of the bucket to copy the file from and to. # $2 - The key of the source file to copy. # $3 - The key of the destination file. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function copy_item_in_bucket() { local bucket_name=$1 local source_key=$2 local destination_key=$3 local response response=$(aws s3api copy-object \ --bucket "$bucket_name" \ --copy-source "$bucket_name/$source_key" \ --key "$destination_key") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api copy-object operation failed.\n$response" return 1 fi } ############################################################################### # function list_items_in_bucket # # This function displays a list of the files in the bucket with each file's # size. The function uses the --query parameter to retrieve only the key and # size fields from the Contents collection. # # Parameters: # $1 - The name of the bucket. # # Returns: # The list of files in text format. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function list_items_in_bucket() { local bucket_name=$1 local response response=$(aws s3api list-objects \ --bucket "$bucket_name" \ --output text \ --query 'Contents[].{Key: Key, Size: Size}') # shellcheck disable=SC2181 if [[ ${?} -eq 0 ]]; then echo "$response" else errecho "ERROR: AWS reports s3api list-objects operation failed.\n$response" return 1 fi } ############################################################################### # function delete_items_in_bucket # # This function deletes the specified list of keys from the specified bucket. # # Parameters: # $1 - The name of the bucket. # $2 - A list of keys in the bucket to delete. # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function delete_items_in_bucket() { local bucket_name=$1 local keys=$2 local response # Create the JSON for the items to delete. local delete_items delete_items="{\"Objects\":[" for key in $keys; do delete_items="$delete_items{\"Key\": \"$key\"}," done delete_items=${delete_items%?} # Remove the final comma. delete_items="$delete_items]}" response=$(aws s3api delete-objects \ --bucket "$bucket_name" \ --delete "$delete_items") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api delete-object operation failed.\n$response" return 1 fi } ############################################################################### # function delete_bucket # # This function deletes the specified bucket. # # Parameters: # $1 - The name of the bucket. # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function delete_bucket() { local bucket_name=$1 local response response=$(aws s3api delete-bucket \ --bucket "$bucket_name") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api delete-bucket failed.\n$response" return 1 fi } ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CopyObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CopyObject) + [CreateBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CreateBucket) + [DeleteBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteBucket) + [DeleteObjects](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteObjects) + [GetObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/GetObject) + [ListObjectsV2](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/ListObjectsV2) + [PutObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutObject) ## Ações ### `CopyObject` O código de exemplo a seguir mostra como usar `CopyObject`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function copy_item_in_bucket # # This function creates a copy of the specified file in the same bucket. # # Parameters: # $1 - The name of the bucket to copy the file from and to. # $2 - The key of the source file to copy. # $3 - The key of the destination file. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function copy_item_in_bucket() { local bucket_name=$1 local source_key=$2 local destination_key=$3 local response response=$(aws s3api copy-object \ --bucket "$bucket_name" \ --copy-source "$bucket_name/$source_key" \ --key "$destination_key") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api copy-object operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [CopyObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CopyObject)em *Referência de AWS CLI Comandos*. ### `CreateBucket` O código de exemplo a seguir mostra como usar `CreateBucket`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function create-bucket # # This function creates the specified bucket in the specified AWS Region, unless # it already exists. # # Parameters: # -b bucket_name -- The name of the bucket to create. # -r region_code -- The code for an AWS Region in which to # create the bucket. # # Returns: # The URL of the bucket that was created. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function create_bucket() { local bucket_name region_code response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function create_bucket" echo "Creates an Amazon S3 bucket. You must supply a bucket name:" echo " -b bucket_name The name of the bucket. It must be globally unique." echo " [-r region_code] The code for an AWS Region in which the bucket is created." echo "" } # Retrieve the calling parameters. while getopts "b:r:h" option; do case "${option}" in b) bucket_name="${OPTARG}" ;; r) region_code="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done if [[ -z "$bucket_name" ]]; then errecho "ERROR: You must provide a bucket name with the -b parameter." usage return 1 fi local bucket_config_arg # A location constraint for "us-east-1" returns an error. if [[ -n "$region_code" ]] && [[ "$region_code" != "us-east-1" ]]; then bucket_config_arg="--create-bucket-configuration LocationConstraint=$region_code" fi iecho "Parameters:\n" iecho " Bucket name: $bucket_name" iecho " Region code: $region_code" iecho "" # If the bucket already exists, we don't want to try to create it. if (bucket_exists "$bucket_name"); then errecho "ERROR: A bucket with that name already exists. Try again." return 1 fi # shellcheck disable=SC2086 response=$(aws s3api create-bucket \ --bucket "$bucket_name" \ $bucket_config_arg) # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports create-bucket operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [CreateBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CreateBucket)em *Referência de AWS CLI Comandos*. ### `DeleteBucket` O código de exemplo a seguir mostra como usar `DeleteBucket`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function delete_bucket # # This function deletes the specified bucket. # # Parameters: # $1 - The name of the bucket. # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function delete_bucket() { local bucket_name=$1 local response response=$(aws s3api delete-bucket \ --bucket "$bucket_name") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api delete-bucket failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [DeleteBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteBucket)em *Referência de AWS CLI Comandos*. ### `DeleteObject` O código de exemplo a seguir mostra como usar `DeleteObject`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function delete_item_in_bucket # # This function deletes the specified file from the specified bucket. # # Parameters: # $1 - The name of the bucket. # $2 - The key (file name) in the bucket to delete. # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function delete_item_in_bucket() { local bucket_name=$1 local key=$2 local response response=$(aws s3api delete-object \ --bucket "$bucket_name" \ --key "$key") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api delete-object operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [DeleteObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteObject)em *Referência de AWS CLI Comandos*. ### `DeleteObjects` O código de exemplo a seguir mostra como usar `DeleteObjects`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function delete_items_in_bucket # # This function deletes the specified list of keys from the specified bucket. # # Parameters: # $1 - The name of the bucket. # $2 - A list of keys in the bucket to delete. # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function delete_items_in_bucket() { local bucket_name=$1 local keys=$2 local response # Create the JSON for the items to delete. local delete_items delete_items="{\"Objects\":[" for key in $keys; do delete_items="$delete_items{\"Key\": \"$key\"}," done delete_items=${delete_items%?} # Remove the final comma. delete_items="$delete_items]}" response=$(aws s3api delete-objects \ --bucket "$bucket_name" \ --delete "$delete_items") # shellcheck disable=SC2181 if [[ $? -ne 0 ]]; then errecho "ERROR: AWS reports s3api delete-object operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [DeleteObjects](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteObjects)em *Referência de AWS CLI Comandos*. ### `GetObject` O código de exemplo a seguir mostra como usar `GetObject`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function download_object_from_bucket # # This function downloads an object in a bucket to a file. # # Parameters: # $1 - The name of the bucket to download the object from. # $2 - The path and file name to store the downloaded bucket. # $3 - The key (name) of the object in the bucket. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function download_object_from_bucket() { local bucket_name=$1 local destination_file_name=$2 local object_name=$3 local response response=$(aws s3api get-object \ --bucket "$bucket_name" \ --key "$object_name" \ "$destination_file_name") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports put-object operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [GetObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/GetObject)em *Referência de AWS CLI Comandos*. ### `HeadBucket` O código de exemplo a seguir mostra como usar `HeadBucket`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function bucket_exists # # This function checks to see if the specified bucket already exists. # # Parameters: # $1 - The name of the bucket to check. # # Returns: # 0 - If the bucket already exists. # 1 - If the bucket doesn't exist. ############################################################################### function bucket_exists() { local bucket_name bucket_name=$1 # Check whether the bucket already exists. # We suppress all output - we're interested only in the return code. if aws s3api head-bucket \ --bucket "$bucket_name" \ >/dev/null 2>&1; then return 0 # 0 in Bash script means true. else return 1 # 1 in Bash script means false. fi } ``` + Para obter detalhes da API, consulte [HeadBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/HeadBucket)em *Referência de AWS CLI Comandos*. ### `ListObjectsV2` O código de exemplo a seguir mostra como usar `ListObjectsV2`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function list_items_in_bucket # # This function displays a list of the files in the bucket with each file's # size. The function uses the --query parameter to retrieve only the key and # size fields from the Contents collection. # # Parameters: # $1 - The name of the bucket. # # Returns: # The list of files in text format. # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function list_items_in_bucket() { local bucket_name=$1 local response response=$(aws s3api list-objects \ --bucket "$bucket_name" \ --output text \ --query 'Contents[].{Key: Key, Size: Size}') # shellcheck disable=SC2181 if [[ ${?} -eq 0 ]]; then echo "$response" else errecho "ERROR: AWS reports s3api list-objects operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [ListObjectsV2](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/ListObjectsV2) na *Referência de AWS CLI Comandos*. ### `PutObject` O código de exemplo a seguir mostra como usar `PutObject`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/s3#code-examples). ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function copy_file_to_bucket # # This function creates a file in the specified bucket. # # Parameters: # $1 - The name of the bucket to copy the file to. # $2 - The path and file name of the local file to copy to the bucket. # $3 - The key (name) to call the copy of the file in the bucket. # # Returns: # 0 - If successful. # 1 - If it fails. ############################################################################### function copy_file_to_bucket() { local response bucket_name source_file destination_file_name bucket_name=$1 source_file=$2 destination_file_name=$3 response=$(aws s3api put-object \ --bucket "$bucket_name" \ --body "$source_file" \ --key "$destination_file_name") # shellcheck disable=SC2181 if [[ ${?} -ne 0 ]]; then errecho "ERROR: AWS reports put-object operation failed.\n$response" return 1 fi } ``` + Para obter detalhes da API, consulte [PutObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutObject)em *Referência de AWS CLI Comandos*. ## Cenários ### Conceitos básicos do S3 O exemplo de código a seguir mostra como: + Criar um bucket do S3 com nomenclatura exclusiva e configuração regional. + Definir as configurações de segurança do bucket, incluindo o bloqueio de acesso público. + Habilitar o versionamento e a criptografia padrão para proteção de dados. + Fazer upload de objetos com e sem metadados personalizados. + Baixar objetos do bucket no armazenamento local. + Copiar objetos dentro do bucket para organizar os dados em pastas. + Listar conteúdos e objetos do bucket com prefixos específicos. + Adicionar tags aos buckets para gerenciamento de recursos. + Limpar todos os recursos, incluindo objetos versionados. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/003-s3-gettingstarted). ``` #!/bin/bash # Amazon S3 Getting Started Tutorial Script # This script demonstrates basic S3 operations including: # - Creating a bucket # - Configuring bucket settings # - Uploading, downloading, and copying objects # - Deleting objects and buckets # Latest fixes: # 1. Fixed folder creation using temporary file # 2. Corrected versioned object deletion in cleanup # 3. Improved error handling for cleanup operations # Set up error handling set -e trap 'cleanup_handler $?' EXIT # Log file setup LOG_FILE="s3-tutorial-$(date +%Y%m%d-%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 # Function to log messages log() { echo "[$(date +"%Y-%m-%d %H:%M:%S")] $1" } # Function to handle errors handle_error() { log "ERROR: $1" exit 1 } # Function to check if a bucket exists bucket_exists() { if aws s3api head-bucket --bucket "$1" 2>/dev/null; then return 0 else return 1 fi } # Function to delete all versions of objects in a bucket delete_all_versions() { local bucket=$1 log "Deleting all object versions from bucket $bucket..." # Get and delete all versions versions=$(aws s3api list-object-versions --bucket "$bucket" --query 'Versions[].{Key:Key,VersionId:VersionId}' --output json 2>/dev/null) if [ -n "$versions" ] && [ "$versions" != "null" ]; then echo "{\"Objects\": $versions}" | aws s3api delete-objects --bucket "$bucket" --delete file:///dev/stdin >/dev/null 2>&1 || log "Warning: Some versions could not be deleted" fi # Get and delete all delete markers markers=$(aws s3api list-object-versions --bucket "$bucket" --query 'DeleteMarkers[].{Key:Key,VersionId:VersionId}' --output json 2>/dev/null) if [ -n "$markers" ] && [ "$markers" != "null" ]; then echo "{\"Objects\": $markers}" | aws s3api delete-objects --bucket "$bucket" --delete file:///dev/stdin >/dev/null 2>&1 || log "Warning: Some delete markers could not be deleted" fi } # Function to handle cleanup on exit cleanup_handler() { local exit_code=$1 # Only run cleanup if it hasn't been run already if [ -z "$CLEANUP_DONE" ]; then cleanup fi exit $exit_code } # Function to clean up resources cleanup() { log "Starting cleanup process..." CLEANUP_DONE=1 # List all resources created for confirmation log "Resources created:" if [ -n "$BUCKET_NAME" ]; then log "- S3 Bucket: $BUCKET_NAME" # Only try to list objects if the bucket exists if bucket_exists "$BUCKET_NAME"; then # Check if any objects were created OBJECTS=$(aws s3api list-objects-v2 --bucket "$BUCKET_NAME" --query 'Contents[].Key' --output text 2>/dev/null || echo "") if [ -n "$OBJECTS" ]; then log "- Objects in bucket:" echo "$OBJECTS" | tr '\t' '\n' | while read -r obj; do log " - $obj" done fi # Ask for confirmation before cleanup read -p "Do you want to proceed with cleanup and delete all resources? (y/n): " confirm if [[ $confirm != [yY] && $confirm != [yY][eE][sS] ]]; then log "Cleanup aborted by user." return fi # Delete all versions of objects delete_all_versions "$BUCKET_NAME" # Delete the bucket log "Deleting bucket $BUCKET_NAME..." aws s3api delete-bucket --bucket "$BUCKET_NAME" || log "Warning: Failed to delete bucket" else log "Bucket $BUCKET_NAME does not exist, skipping cleanup" fi fi # Clean up local files log "Removing local files..." rm -f sample-file.txt sample-document.txt downloaded-sample-file.txt empty-file.tmp log "Cleanup completed." } # Generate a random bucket name generate_bucket_name() { local hex_id hex_id=$(openssl rand -hex 6) echo "demo-s3-bucket-$hex_id" } # Main script execution main() { log "Starting Amazon S3 Getting Started Tutorial" # Generate a unique bucket name BUCKET_NAME=$(generate_bucket_name) log "Generated bucket name: $BUCKET_NAME" # Step 1: Create a bucket log "Step 1: Creating S3 bucket..." # Get the current region or default to us-east-1 REGION=$(aws configure get region) REGION=${REGION:-us-east-1} log "Using region: $REGION" if [ "$REGION" = "us-east-1" ]; then aws s3api create-bucket --bucket "$BUCKET_NAME" || handle_error "Failed to create bucket" else aws s3api create-bucket \ --bucket "$BUCKET_NAME" \ --region "$REGION" \ --create-bucket-configuration LocationConstraint="$REGION" || handle_error "Failed to create bucket" fi log "Bucket created successfully" # Configure bucket settings log "Configuring bucket settings..." # Block public access (security best practice) log "Blocking public access..." aws s3api put-public-access-block \ --bucket "$BUCKET_NAME" \ --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" || handle_error "Failed to configure public access block" # Enable versioning log "Enabling versioning..." aws s3api put-bucket-versioning \ --bucket "$BUCKET_NAME" \ --versioning-configuration Status=Enabled || handle_error "Failed to enable versioning" # Set default encryption log "Setting default encryption..." aws s3api put-bucket-encryption \ --bucket "$BUCKET_NAME" \ --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' || handle_error "Failed to set encryption" # Step 2: Upload an object log "Step 2: Uploading objects to bucket..." # Create a sample file echo "This is a sample file for the S3 tutorial." > sample-file.txt # Upload the file aws s3api put-object \ --bucket "$BUCKET_NAME" \ --key "sample-file.txt" \ --body "sample-file.txt" || handle_error "Failed to upload object" log "Object uploaded successfully" # Upload with metadata echo "This is a document with metadata." > sample-document.txt aws s3api put-object \ --bucket "$BUCKET_NAME" \ --key "documents/sample-document.txt" \ --body "sample-document.txt" \ --content-type "text/plain" \ --metadata "author=AWSDocumentation,purpose=tutorial" || handle_error "Failed to upload object with metadata" log "Object with metadata uploaded successfully" # Step 3: Download an object log "Step 3: Downloading object from bucket..." aws s3api get-object \ --bucket "$BUCKET_NAME" \ --key "sample-file.txt" \ "downloaded-sample-file.txt" || handle_error "Failed to download object" log "Object downloaded successfully" # Check if an object exists log "Checking if object exists..." aws s3api head-object \ --bucket "$BUCKET_NAME" \ --key "sample-file.txt" || handle_error "Object does not exist" log "Object exists" # Step 4: Copy object to a folder log "Step 4: Copying object to a folder..." # Create a folder structure using a temporary empty file log "Creating folder structure..." touch empty-file.tmp aws s3api put-object \ --bucket "$BUCKET_NAME" \ --key "favorite-files/" \ --body empty-file.tmp || handle_error "Failed to create folder" # Copy the object log "Copying object..." aws s3api copy-object \ --bucket "$BUCKET_NAME" \ --copy-source "$BUCKET_NAME/sample-file.txt" \ --key "favorite-files/sample-file.txt" || handle_error "Failed to copy object" log "Object copied successfully" # List objects in the bucket log "Listing all objects in the bucket..." aws s3api list-objects-v2 \ --bucket "$BUCKET_NAME" \ --query 'Contents[].Key' \ --output table || handle_error "Failed to list objects" # List objects with a specific prefix log "Listing objects in the favorite-files folder..." aws s3api list-objects-v2 \ --bucket "$BUCKET_NAME" \ --prefix "favorite-files/" \ --query 'Contents[].Key' \ --output table || handle_error "Failed to list objects with prefix" # Add tags to the bucket log "Adding tags to the bucket..." aws s3api put-bucket-tagging \ --bucket "$BUCKET_NAME" \ --tagging 'TagSet=[{Key=Project,Value=S3Tutorial},{Key=Environment,Value=Demo}]' || handle_error "Failed to add tags" log "Tags added successfully" log "Tutorial completed successfully!" } # Execute the main function main ``` + Consulte detalhes da API nos tópicos a seguir na *Referência de comandos da AWS CLI *. + [CopyObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CopyObject) + [CreateBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/CreateBucket) + [DeleteBucket](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteBucket) + [DeleteObjects](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/DeleteObjects) + [GetObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/GetObject) + [HeadObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/HeadObject) + [ListObjectVersions](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/ListObjectVersions) + [ListObjectsV2](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/ListObjectsV2) + [PutBucketEncryption](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutBucketEncryption) + [PutBucketTagging](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutBucketTagging) + [PutBucketVersioning](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutBucketVersioning) + [PutObject](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutObject) + [PutPublicAccessBlock](https://docs.aws.amazon.com/goto/aws-cli/s3-2006-03-01/PutPublicAccessBlock) # AWS STS exemplos de uso AWS CLI com o script Bash Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o script AWS Command Line Interface with Bash with AWS STS. *Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados. Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código. **Topics** + [Ações](#actions) ## Ações ### `AssumeRole` O código de exemplo a seguir mostra como usar `AssumeRole`. **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/iam#code-examples). ``` ############################################################################### # function iecho # # This function enables the script to display the specified text only if # the global variable $VERBOSE is set to true. ############################################################################### function iecho() { if [[ $VERBOSE == true ]]; then echo "$@" fi } ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################### # function sts_assume_role # # This function assumes a role in the AWS account and returns the temporary # credentials. # # Parameters: # -n role_session_name -- The name of the session. # -r role_arn -- The ARN of the role to assume. # # Returns: # [access_key_id, secret_access_key, session_token] # And: # 0 - If successful. # 1 - If an error occurred. ############################################################################### function sts_assume_role() { local role_session_name role_arn response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function sts_assume_role" echo "Assumes a role in the AWS account and returns the temporary credentials:" echo " -n role_session_name -- The name of the session." echo " -r role_arn -- The ARN of the role to assume." echo "" } while getopts n:r:h option; do case "${option}" in n) role_session_name=${OPTARG} ;; r) role_arn=${OPTARG} ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done response=$(aws sts assume-role \ --role-session-name "$role_session_name" \ --role-arn "$role_arn" \ --output text \ --query "Credentials.[AccessKeyId, SecretAccessKey, SessionToken]") local error_code=${?} if [[ $error_code -ne 0 ]]; then aws_cli_error_log $error_code errecho "ERROR: AWS reports create-role operation failed.\n$response" return 1 fi echo "$response" return 0 } ``` + Para obter detalhes da API, consulte [AssumeRole](https://docs.aws.amazon.com/goto/aws-cli/sts-2011-06-15/AssumeRole)em *Referência de AWS CLI Comandos*.