Workshops Classroomnotes 15/Dec/2022

Lab Setup


  • We will be creating 3 groups
    • Admin:
      • Permission for everything
    • tester:
      • Permission for reading specific services
    • dev:
      • Permission for read and create but not delete on specific services.
  • We will configure admin as default profile in AWS CLI
  • We will create two profiles test and dev
  • Lets use paris region.
  • Any stuff to copy paste throughout this class Refer Here
  • Configure the aws cli
  • Way to check if it working

Activity: Figure out the zones and local zones in paris region

  • Aws cli:
aws ec2 describe-availability-zones
  • Output options: Refer Here
    • json
    • table
    • text
    • yaml
  • Redirect the output of the availability zones to some json file
  • Upload this file to Refer Here
aws ec2 describe-availability-zones --query "AvailabilityZones[0].ZoneId"
  • Get multiple values


  • Your organization is running a database in different account which is present is zone with id eu-w3-az1. You are also asked to create an ec2 instance in the same AZ. We need to figure out matching zone name
  • Input => zone id
  • Output => zone name
AvailabilityZones[?ZoneId=='euw3-az1'].ZoneName | [0]

aws ec2 describe-availability-zones --query "AvailabilityZones[?ZoneId=='euw3-az1'].ZoneName | [0]"
  • Try Find the zone id for the zone name eu-west-3b

Activity 2: Find all the iam policies not created by Amazon

  • First lets figure out a way to pull all the customer managed policies
  • To filter output, try to follow the below approaches
    • see if any argument supports your filter
    • see if there is filter argument which can help
    • use jmes path to filter out based on output.
  • In this case we have scope Refer Here
aws iam list-policies --scope Local
  • Now we are asked to delete all the policies which are customer managed Refer Here
  • We need policy arns
  • Consider the following script
policy_arn=$(aws iam list-policies --scope Local --query 'Policies[].Arn|[0]' --output text)
echo "found ${policy_arn}"
while [[ ! -z "$policy_arn" ]]
    # lets get first arn

    echo "The policy arn to be deleted is ${policy_arn}"
    aws iam delete-policy --policy-arn ${policy_arn} --output text
    echo "The policy arn is successfully deleted"
    policy_arn=$(aws iam list-policies --scope Local --query 'Policies[].Arn|[0]'  --output text)
  • The problem with above approach is it might never end.
  • other approach: Get all the policy arns into an array and write a while or foreach loop over array. This will never be infinite loop.

Activity 3 – Tagging and filtering the resources based on tags

  • Resource Tags

    • helps in filtering the resources
    • filter the bills based on tags.
  • Lets create an ec2 instance and then add the following tags

    • Project = qtworkshop
    • Env = test
    • team = qtaws
    • release = v1.0
  • From cli
  • Now try using aws ec2 create-tag for tagging your ec2 instance with the above tags.
  • Refer Here for the script to tag ec2 resources.

Activity 4: Manage lifecycle of ec2 instance based on tag

  • Try to stop all the ec2 instances where there is a tag called as Env with value test
  • Refer Here

Actvitiy 5: Try stopping all the ec2 instances with some tag in all regions

  • Refer Here for the script to stop all ec2 instances with a tag in all regions

Activity 6: Delete all rds instances which are in stopped state

Activity 7: Delete all the security groups in all regions

  • Delete all the security groups in all regions in all vpcs except default
* Get vpc ids of the current region
* for each vpc id get all security group ids
* delete the security group if the name is not default or it is not default 
* Then do this activity for all the active regions in your account.

Activity 8: Create a security group which opens all traffic

  • Try to find a cli command to do this
  • Then we will figure out to parametrize this.
  • Refer Here for the security group rule

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner