diff --git a/aliases b/aliases index c3407bf4..9ff2e74d 100644 --- a/aliases +++ b/aliases @@ -90,6 +90,8 @@ alias instance-userdata='~/.bash-my-aws/bin/bma instance-userdata' alias instance-volumes='~/.bash-my-aws/bin/bma instance-volumes' alias instance-vpc='~/.bash-my-aws/bin/bma instance-vpc' alias instances='~/.bash-my-aws/bin/bma instances' +alias iot-cert='~/.bash-my-aws/bin/bma iot-cert' +alias iot-certs='~/.bash-my-aws/bin/bma iot-certs' alias keypair-create='~/.bash-my-aws/bin/bma keypair-create' alias keypair-delete='~/.bash-my-aws/bin/bma keypair-delete' alias keypairs='~/.bash-my-aws/bin/bma keypairs' @@ -111,6 +113,10 @@ alias launch-configuration-asgs='~/.bash-my-aws/bin/bma launch-configuration-asg alias launch-configurations='~/.bash-my-aws/bin/bma launch-configurations' alias log-groups='~/.bash-my-aws/bin/bma log-groups' alias pcxs='~/.bash-my-aws/bin/bma pcxs' +alias policies='~/.bash-my-aws/bin/bma policies' +alias policy='~/.bash-my-aws/bin/bma policy' +alias policy-document='~/.bash-my-aws/bin/bma policy-document' +alias principal-policies='~/.bash-my-aws/bin/bma principal-policies' alias rds-db-clusters='~/.bash-my-aws/bin/bma rds-db-clusters' alias rds-db-instances='~/.bash-my-aws/bin/bma rds-db-instances' alias region-each='~/.bash-my-aws/bin/bma region-each' @@ -143,6 +149,8 @@ alias stack-validate='~/.bash-my-aws/bin/bma stack-validate' alias stacks='~/.bash-my-aws/bin/bma stacks' alias sts-assume-role='~/.bash-my-aws/bin/bma sts-assume-role' alias subnets='~/.bash-my-aws/bin/bma subnets' +alias thing-principals='~/.bash-my-aws/bin/bma thing-principals' +alias things='~/.bash-my-aws/bin/bma things' alias vpc-az-count='~/.bash-my-aws/bin/bma vpc-az-count' alias vpc-azs='~/.bash-my-aws/bin/bma vpc-azs' alias vpc-default-delete='~/.bash-my-aws/bin/bma vpc-default-delete' diff --git a/bash_completion.sh b/bash_completion.sh index 8f256004..69e60213 100644 --- a/bash_completion.sh +++ b/bash_completion.sh @@ -80,6 +80,13 @@ _bma_stacks_completion() { fi return 0 } +_bma_things_completion() { + local command="$1" + local word="$2" + local options=$(bma things | awk '{ print $1 }') + COMPREPLY=( $(compgen -W "${options}" -- ${word}) ) + return 0 +} _bma_vpcs_completion() { local command="$1" local word="$2" @@ -201,6 +208,7 @@ complete -F _bma_stacks_completion stack-tail complete -F _bma_stacks_completion stack-template complete -F _bma_stacks_completion stack-update complete -F _bma_stacks_completion stacks +complete -F _bma_stacks_completion things complete -F _bma_vpcs_completion vpc-az-count complete -F _bma_vpcs_completion vpc-azs complete -F _bma_vpcs_completion vpc-endpoints diff --git a/docs/command-reference.md b/docs/command-reference.md index 150d3969..49538e2a 100644 --- a/docs/command-reference.md +++ b/docs/command-reference.md @@ -1041,6 +1041,92 @@ Deregister AMI(s) USAGE: image-deregister image_id [image_id] +## iot-commands + +### iot-cert + +List IoT Certificate details + + $ iot-cert + example-cert ACTIVE 1550174600.356 1550174600.402 1550174490.0 1593374490.0 + another-cert INACTIVE 1550174600.356 1550174600.402 1550174490.0 1593374490.0 + +### iot-certs + +List IoT Certificates + + $ iot-certs + example-cert ACTIVE + another-cert INACTIVE + +*Optionally provide a filter string for a `| grep` effect with tighter columisation:* + + $ iot-certs INACTIVE + another-cert INACTIVE + +### policies + +List IoT Policies + + $ policies + example-policy + another-policy + +### policy + +List IoT Policy + + $ policy + example-policy 1 1559925941.924 1559925941.924 + another-policy 3 1559925941.924 1559925941.924 + +### policy-document + +Displays an IoT Policy Document + + USAGE: policy-document policy-name [policy-name] + $ iot-certs | principal-policies | policy-document + example-policy + { + "Version": "2012-10-17", + "Statement": [ + ... + } + another-policy + { + "Version": "2012-10-17", + "Statement": [ + ... + } + +### principal-policies + +List IoT policies attached to principal + + USAGE: principal-policies target [target-arn] + + $ things | thing-principals | principal-policies + example-policy + another-policy + +*Note that the target may refer to an IoT Thing Group or certficate.* + + +### thing-principals + +List cetrificates for IoT Thing + + $ thing-principals + arn:aws:iot:::cert/certificateId + +### things + +List IoT Things + + $ things + example-thing type + another-thing type + ## keypair-commands diff --git a/functions b/functions index e7b1f57e..f23316d2 100644 --- a/functions +++ b/functions @@ -88,6 +88,8 @@ instance-userdata instance-volumes instance-vpc instances +iot-cert +iot-certs keypair-create keypair-delete keypairs @@ -109,6 +111,10 @@ launch-configuration-asgs launch-configurations log-groups pcxs +policies +policiy +policiy-document +principal-policies rds-db-clusters rds-db-instances region @@ -142,6 +148,8 @@ stack-validate stacks sts-assume-role subnets +thing-principals +things vpc-az-count vpc-azs vpc-default-delete diff --git a/lib/iot-functions b/lib/iot-functions new file mode 100644 index 00000000..0ef0dece --- /dev/null +++ b/lib/iot-functions @@ -0,0 +1,228 @@ +#!/bin/bash +# +# iot-functions +# +# List Amazon IoT Things, certificate and policy information + +iot-cert() { + + # List IoT Certificate details + # + # $ iot-cert + # example-cert ACTIVE 1550174600.356 1550174600.402 1550174490.0 1593374490.0 + # another-cert INACTIVE 1550174600.356 1550174600.402 1550174490.0 1593374490.0 + + local certs="$@ $(skim-stdin)" + [[ -z "$certs" ]] && __bma_usage "[certificate-id]" && return 1 + + local cert + for cert in $certs; do + aws iot describe-certificate \ + --certificate-id "$cert" \ + --output text \ + --query " + certificateDescription.[ + certificateId, + status, + validity.notBefore, + validity.notAfter + ]" + done | + grep -E -- "$filters" | + LC_ALL=C sort -b -k 5 | # sort by NotAfter + column -t +} + + +iot-certs() { + + # List IoT Certificates + # + # $ iot-certs + # example-cert ACTIVE + # another-cert INACTIVE + # + # *Optionally provide a filter string for a `| grep` effect with tighter columisation:* + # + # $ iot-certs INACTIVE + # another-cert INACTIVE + + local targets="$@ $(skim-stdin)" + local filters=$(__bma_read_filters $@) + + aws iot list-certificates \ + --output text \ + --query " + certificates[${certificates:+?contains(['${certificateId// /"','"}'], targets)}].[ + certificateId, + status + ]" | + grep -E -- "$filters" | + column -t +} + + +policies() { + + # List IoT Policies + # + # $ policies + # example-policy + # another-policy + + local targets=$(skim-stdin) + local filters=$(__bma_read_filters $@) + + aws iot list-policies \ + --output text \ + --query " + policies[${policies:+?contains(['${policy// /"','"}'], targets)}].[ + policyName + ]" | + grep -E -- "$filters" | + column -t +} + + +policy() { + + # List IoT Policy + # + # $ policy + # example-policy 1 1559925941.924 1559925941.924 + # another-policy 3 1559925941.924 1559925941.924 + + local policies="$@ $(skim-stdin)" + local filters=$(__bma_read_filters $@) + [[ -z "$policies" ]] && __bma_usage "[policy-name]" && return 1 + + local policy + local result + local document + for policy in $policies; do + aws iot get-policy \ + --policy-name "$policy" \ + --output text \ + --query "[ + policyName, + defaultVersionId, + creationDate, + lastModifiedDate + ]" + done | + grep -E -- "$filters" | + column -t +} + + +# +# Requires jq-1.4 or later # http://stedolan.github.io/jq/download/ +# +policy-document() { + + # Displays an IoT Policy Document + # + # USAGE: policy-document policy-name [policy-name] + # $ iot-certs | principal-policies | policy-document + # example-policy + # { + # "Version": "2012-10-17", + # "Statement": [ + # ... + # } + # another-policy + # { + # "Version": "2012-10-17", + # "Statement": [ + # ... + # } + + local policies="$@ $(skim-stdin)" + local filters=$(__bma_read_filters $@) + [[ -z "$policies" ]] && __bma_usage "[policy-name]" && return 1 + + local policy + for policy in $policies; do + echo $policy && + aws iot get-policy \ + --policy-name "$policy" \ + --query "[ + policyDocument + ]" | + jq -r ".[]" | + jq + done +} + + +principal-policies() { + + # List IoT policies attached to principal + # + # USAGE: principal-policies target [target-arn] + # + # $ things | thing-principals | principal-policies + # example-policy + # another-policy + + # *Note that the target may refer to an IoT Thing Group or certficate.* + + local targets="$@ $(skim-stdin)" + local filters=$(__bma_read_filters $@) + [[ -z "$targets" ]] && __bma_usage "[target-arn]" && return 1 + + local target + for target in $targets; do + aws iot list-attached-policies \ + --target "$target" \ + --output text \ + --query "policies[].[ + policyName + ]" + done +} + + +thing-principals() { + + # List cetrificates for IoT Thing + # + # $ thing-principals + # arn:aws:iot:::cert/certificateId + + local things="$@ $(skim-stdin)" + local filters=$(__bma_read_filters $@) + [[ -z "$things" ]] && __bma_usage "[thing-name]" && return 1 + + local thing + for thing in $things; do + aws iot list-thing-principals \ + --thing-name "$thing" \ + --output text \ + --query "principals" + done +} + + +things() { + + # List IoT Things + # + # $ things + # example-thing type + # another-thing type + + local things=$(skim-stdin) + local filters=$(__bma_read_filters $@) + + aws iot list-things \ + --output text \ + --query " + things[${things:+?contains(['${things// /"','"}'], thingName)}].[ + thingName, + thingTypeName, + version + ]" | + grep -E -- "$filters" | + column -t +}