User Guide - Quick Start#
If you are a first-time user, this document will guide you through the basic usage of this app.
πΎ Installation#
aws_resource_search
requires Python3.8+
. To install, just run:
pip install aws-resource-search
To show the help message, run:
ars -h
To verify the installation, run:
ars -v
If you just want to quickly explore the feature, you can use AWS Cloud Shell, an AWS managed shell environment without need setting the AWS CLI credentials. You can enter the cloud shell by clicking the icon on the top right corner of the AWS Console.
Then you can just do:
# this install aws-resource-search in to global python
pip3 install aws-resource-search
ars -h
# or you can install aws-resource-search in virtualenv
pip3 install virtualenv
virtualenv .venv
source .venv/bin/activate
pip install aws-resource-search
ars -h
Congrats, you are all set! You can jump to π Search AWS Resource section to continue.
π Setup Your AWS CLI#
aws_resource_search
utilizes the default
AWS CLI credential on your local machine to authenticate with AWS. You can refer the Official Configure the AWS CLI document to set up your AWS CLI.
If you want to search across multiple AWS accounts and regions, you can create multiple AWS CLI profiles and switch between them. For detailed instructions on setting up multiple AWS profiles, please refer the Official Configuration and credential file settings document.
In summary, the configuration and credential file should looks like below.
Content of ${HOME}/.aws/config
:
[default]
region = us-east-1
output = json
# setup for IAM user based authentication
[profile account_name_1_region_1_iam_user_1]
region = us-east-1 # <--- don't forget region
output = json
[profile account_name_1_region_2_iam_user_1]
region = us-west-1
output = json
[profile account_name_2_region_1_iam_user_2]
region = us-east-1
output = json
[profile account_name_2_region_2_iam_user_2]
region = us-west-1
output = json
# setup for IAM assumed role based authentication
[profile account_name_3_region_1_role_1]
region = us-east-1 # <--- don't forget region
output = json
role_arn = arn:aws:iam::111122223333:role/my-role-name
source_profile = account_name_1_region_1_iam_user_1
# setup for Single Sign On (SSO) based authentication
[profile account_name_4_region_1_role_1]
sso_start_url = https://mycompany.awsapps.com/start#/
sso_region = us-east-1 # <--- don't forget region
sso_account_id = 123456789012
sso_role_name = MySSORole
region = us-east-1
output = json
Content of ${HOME}/.aws/credentials
:
[default]
aws_access_key_id = A1B2C3D4ACCESSKEYEXAMPLE
aws_secret_access_key = A1B2C3D4SECRETKEYEXAMPLE
[account_name_1_region_1_iam_user_1]
aws_access_key_id = A1B2C3D4ACCESSKEYEXAMPLE
aws_secret_access_key = A1B2C3D4SECRETKEYEXAMPLE
[account_name_1_region_2_iam_user_1]
aws_access_key_id = A1B2C3D4ACCESSKEYEXAMPLE
aws_secret_access_key = A1B2C3D4SECRETKEYEXAMPLE
[account_name_2_region_1_iam_user_1]
aws_access_key_id = A1B2C3D4ACCESSKEYEXAMPLE
aws_secret_access_key = A1B2C3D4SECRETKEYEXAMPLE
[account_name_2_region_2_iam_user_1]
aws_access_key_id = A1B2C3D4ACCESSKEYEXAMPLE
aws_secret_access_key = A1B2C3D4SECRETKEYEXAMPLE
# it uses assume role, so no need to put any credential here
# but you should still put an empty section here to match the .aws/config file
[account_name_3_region_1_role_1]
# it uses SSO, so no need to put any credential here
# but you should still put an empty section here to match the .aws/config file
[account_name_4_region_1_role_1]
Golden Rules to manage your .aws files
all named profile should be declared in
.aws/config
file.the profile in
.aws/config
and.aws/credentials
should match, even a profile doesnβt need credential, you should still create an empty section in.aws/credentials
file.donβt forget to explicitly set AWS region in
.aws/config
usingregion = ${your_region}
.follow the above example to setup assumed role profile and single-sign-on profile.
if thereβs an boto3 error, read this golden rules again.
π Switch Between AWS Profile#
You can use the ars set-profile
command to enter an interactive session to set the default profile.
ars set-profile
Then you will see four options. Mostly you only need the first one Set an named profile as default
.
(Query):
[x] π Set an named profile as default
Hit 'Tab' to search profile
[ ] π Do CLI MFA Authentication
Hit 'Tab' to select a base profile
[ ] π Sign in to AWS Console
Hit 'Tab' to select a profile to sign in
[ ] π Switch Role in to AWS Console
Hit 'Tab' to select a profile to switch to
Then you can type query to select the profile you want to set as default, then hit βEnterβ.
(Query): set_profile_as_default
[x] π my_company_dev | us-east-1
Hit 'Enter' to set 'my_company_dev' as the default profile.
[ ] π my_company_test | eu-west-1
Hit 'Enter' to set 'my_company_test' as the default profile.
[ ] π my_company_prod | eu-west-1
Hit 'Enter' to set 'my_company_prod' as the default profile.
Note
You can use the ars which
command to check the current AWS account you are searching to
$ ars which
AWS Account ID = 123456789012
AWS Account Alias = my_company_aws_account
AWS Region = us-east-1
This feature is based on my another project awscli_mate
. Please refer the Use awscli_mate as a Interactive CLI to learn more.
π Search AWS Resource#
You can use the ars
(AWS Resource Search) command to enter the main interactive session to search AWS Resources.
Select Resource Type
The landing page shows a list of implemented AWS resource types. You can use your keyboard to select or filter the resource type and then tap Tab
or Enter
to start searching. Please refer the User Guide - Keyboard Shortcut for full list of keyboard shortcuts.
(Query):
[x] cloudformation-stack
hit Tab and enter your query to search cloudformation-stack.
[ ] codecommit-repository
hit Tab and enter your query to search codecommit-repository.
[ ] dynamodb-table
hit Tab and enter your query to search dynamodb-table.
[ ] ec2-instance
hit Tab and enter your query to search ec2-instance.
[ ] ec2-securitygroup
hit Tab and enter your query to search ec2-securitygroup.
Refresh Implemented Resource Type
If you have recently installed a new version of aws_resource_search
, you need to refresh it in order to obtain the most up-to-date list of implemented resource types. You can simply type !~
to refresh the list.
(Query): !~
Select AWS Resources
After you have selected the resource type, you will see a list of AWS resources. For the first time use, it may takes a few seconds to pull the data and create the index.
(Query): s3-bucket:
[x] Pulling data for 's3-bucket', it may takes 1-60 seconds ...
please wait, don't press any key
Then you can enter your query to search the AWS resources.
(Query): s3-bucket: infra
[x] bucket_name = i-1-sbx-a1b2c3-infrastructure-s3-bucket
create_at = 2023-11-01T17:25:40+00:00, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
[ ] bucket_name = i-6-sbx-a1b2c3-infrastructure-s3-bucket
create_at = 2023-11-01T17:25:40+00:00, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
[ ] bucket_name = i-15-tst-a1b2c3-infrastructure-s3-bucket
create_at = 2023-11-01T17:25:40+00:00, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
[ ] bucket_name = i-16-sbx-a1b2c3-infrastructure-s3-bucket
create_at = 2023-11-01T17:25:40+00:00, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
[ ] bucket_name = i-22-prd-a1b2c3-infrastructure-s3-bucket
create_at = 2023-11-01T17:25:40+00:00, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
You may notice π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
. These are user action that you can interact with the selected AWS resources. aws_resource_search
has the following built-in user actions:
π: tap
Enter
to open AWS console url of this resource in web browser.π: tap
Ctrl + A
to copy ARN (AWS Resource Name) to clipboard.π: tap
Ctrl + U
to copy AWS console url to clipboard (So you can paste it later).π: tap
Ctrl + P
to view more details about this resource, including details, tags, policies, etc β¦β€΄οΈ: tap
F1
to quit the the βviewing detailsβ sub session.βοΈ: tap
Ctrl + B
to clear the query of the current AWS resource type, so you can enter another query.β©οΈ: tap
Ctrl + X
to clear the query input to start over.
Please refer the User Guide - Keyboard Shortcut for full list of keyboard shortcuts.
π View AWS Resource Details
You can tap Ctrl + P
to view detailed information about the selected bucket. You can also tap Ctrl + A
to copy the value of the detail. This is particularly useful when you need to copy a JSON object.
(Query): Detail of bucket_name = i-1-sbx-a1b2c3-infrastructure-s3-bucket, press F1 to go back.
[x] s3 uri = s3://i-1-sbx-a1b2c3-infrastructure-s3-bucket
π Enter to open url, π Ctrl A to copy.
[ ] s3 arn = arn:aws:s3:::i-1-sbx-a1b2c3-infrastructure-s3-bucket
π Enter to open url, π Ctrl A to copy.
[ ] location = us-east-1
π Ctrl A to copy.
[ ] bucket_policy = {"Version": "2012-10-17", "Id": "PutObjPolicy", "Statement": [{"Sid": "DenyO...XAMPLE-BUCKET/*", "Condition": {"Null": {"s3:x-amz-server-side-encryption-aws-kms-key-id": "true"}}}]}
π Ctrl A to copy.
[ ] π· tag: Environment = sbx
π Ctrl A to copy key and value.
At the end, you can press F1
to return to the previous view and select another S3 bucket.
π Refresh Data
aws_resource_search
uses cache to speed up the search. The dataset will be automatcially refreshed every 24 hours. If your query doesnβt return any result, you can type !~
to refresh the data.
(Query): s3-bucket: my-fresh-bucket!~
[x] Pulling data for 's3-bucket', it may takes 1-60 seconds ...
please wait, don't press any key
Note
The AWS resource data cache is partitioned by AWS account, region, and resource type. The !~
command will only refresh the given partition. If you want to refresh all the data in all aws accounts, you can run the following command in your teminal:
$ ars clear
clear index in /Users/username/.aws_resource_search/.index
clear cache in /Users/username/.aws_resource_search/.cache
done, you can verify at file:///Users/username/.aws_resource_search
π Search Child Resource#
Sometimes, you may need to specify a parent AWS resource to search for its child resources. For instance, when searching for a AWS glue table, you must specify the AWS Glue database, or when searching for StepFuction executions, you need to specify an AWS StepFunction state machine.
In this example, you can select the sfn-execution
resource type, which will display a list of state machines. From there, you can choose or filter the desired state machine and press the Tab
key to initiate the execution search.
(Query): sfn-execution:
[ ] sfn-statemachine: name = i-1-prd-a1b2c3-infrastructure-sfn-state-machine
Tap Tab to search sfn-execution in this sfn-statemachine, Tap Enter to open sfn-statemachine url.
[ ] sfn-statemachine: name = i-2-sbx-a1b2c3-infrastructure-sfn-state-machine
Tap Tab to search sfn-execution in this sfn-statemachine, Tap Enter to open sfn-statemachine url.
[x] sfn-statemachine: name = i-3-tst-a1b2c3-infrastructure-sfn-state-machine
Tap Tab to search sfn-execution in this sfn-statemachine, Tap Enter to open sfn-statemachine url.
[ ] sfn-statemachine: name = i-4-sbx-a1b2c3-businessreport-sfn-state-machine
Tap Tab to search sfn-execution in this sfn-statemachine, Tap Enter to open sfn-statemachine url.
[ ] sfn-statemachine: name = i-5-prd-a1b2c3-infrastructure-sfn-state-machine
Tap Tab to search sfn-execution in this sfn-statemachine, Tap Enter to open sfn-statemachine url.
When querying child resources, the query syntax is ${resource_type}: ${parent_resource_identifier}@${child_resource_query}
. After pressing Tab
, you will see a list of child resources that you can select or further refine.β
(Query): sfn-execution: i-3-tst-a1b2c3-infrastructure-sfn-state-machine@
[x] sfn-execution: execution_name = a86232aa-87da-4929-954f-4f61ba7adaba
π΅ RUNNING, start = 2023-11-01 16:59:57, end = NA, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
[ ] sfn-execution: execution_name = 419c4442-c959-49f8-a4eb-3c5060ca5a59
π΅ RUNNING, start = 2023-11-01 16:59:57, end = NA, π Enter, π Ctrl A, π Ctrl U, π Ctrl P.
π Switch Between AWS Profile - The Fast Way#
You can type !@
anytime when searching, it bring you to the AWS profile selection menu. And you can hit enter to instantly switch to another AWS profile and continue searching. You never need to leave the interactive search session.
(Query): s3-bucket: your query here but you want to switch!@another profile
[x] π profile = my_company_dev | region = us-east-1
Hit 'Enter' to set 'my_company_dev' as the default profile.
[ ] π profile = my_company_test | region = eu-west-1
Hit 'Enter' to set 'my_company_test' as the default profile.
[ ] π profile = my_company_prod | region = eu-west-1
Hit 'Enter' to set 'my_company_prod' as the default profile.
π Show AWS Info of Current AWS Profile#
If you are not sure which AWS account and region you are currently using, you can type !?
anytime when searching. It will show you the current AWS account info. Then you can tap Tab
or Enter
to go back searching, or tap Ctrl W
to enter the AWS profile switching menu.
(Query): s3-bucket: !?
[x] π See AWS Account Info of current boto session below
Hit Tab or Enter to go back, Hit Ctrl W to pick another AWS profile
[ ] Current aws_account_alias = your-aws-account-alias
Hit Tab or Enter to go back, Hit Ctrl W to pick another AWS profile
[ ] Current aws_account_id = 123456789010
Hit Tab or Enter to go back, Hit Ctrl W to pick another AWS profile
[ ] Current aws_region = us-east-1
Hit Tab or Enter to go back, Hit Ctrl W to pick another AWS profile