From 7d5056f2d450345f2ebbecfc6ce06458ac84e1ab Mon Sep 17 00:00:00 2001 From: Elysa Hall Date: Tue, 29 Oct 2024 22:14:26 +0000 Subject: [PATCH] CLI examples apigateway, ecr-public, iam, securityhub --- .../examples/apigateway/flush-stage-cache.rst | 10 ++++- .../ecr-public/describe-registries.rst | 26 +++++++++++ .../ecr-public/describe-repository.rst | 43 ++++++++++++++++++ .../ecr-public/get-login-password.rst | 27 +++++++++++ awscli/examples/iam/create-policy.rst | 45 ++++++++++--------- .../iam/get-account-authorization-details.rst | 6 +-- ...list-configuration-policy-associations.rst | 4 +- 7 files changed, 133 insertions(+), 28 deletions(-) create mode 100644 awscli/examples/ecr-public/describe-registries.rst create mode 100644 awscli/examples/ecr-public/describe-repository.rst create mode 100644 awscli/examples/ecr-public/get-login-password.rst diff --git a/awscli/examples/apigateway/flush-stage-cache.rst b/awscli/examples/apigateway/flush-stage-cache.rst index 3fdae72763f1..57bd049418c6 100644 --- a/awscli/examples/apigateway/flush-stage-cache.rst +++ b/awscli/examples/apigateway/flush-stage-cache.rst @@ -1,5 +1,11 @@ **To flush the cache for an API's stage** -Command:: +The following ``flush-stage-cache`` example flushes the cache of a stage. :: - aws apigateway flush-stage-cache --rest-api-id 1234123412 --stage-name dev + aws apigateway flush-stage-cache \ + --rest-api-id 1234123412 \ + --stage-name dev + +This command produces no output. + +For more information, see `Flush the API stage cache in API Gateway `_ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/ecr-public/describe-registries.rst b/awscli/examples/ecr-public/describe-registries.rst new file mode 100644 index 000000000000..8c563bf33cc1 --- /dev/null +++ b/awscli/examples/ecr-public/describe-registries.rst @@ -0,0 +1,26 @@ +**To describe all registries in a public registry** + +The following ``describe-registries`` example describes all registries in your account. :: + + aws ecr-public describe-registries + +Output:: + + { + "registries": [ + { + "registryId": "123456789012", + "registryArn": "arn:aws:ecr-public::123456789012:registry/123456789012", + "registryUri": "public.ecr.aws/publicregistrycustomalias", + "verified": false, + "aliases": [ + { + "name": "publicregistrycustomalias", + "status": "ACTIVE", + "primaryRegistryAlias": true, + "defaultRegistryAlias": true + } + ] + } + ] + } \ No newline at end of file diff --git a/awscli/examples/ecr-public/describe-repository.rst b/awscli/examples/ecr-public/describe-repository.rst new file mode 100644 index 000000000000..79761e292e05 --- /dev/null +++ b/awscli/examples/ecr-public/describe-repository.rst @@ -0,0 +1,43 @@ +**Example 1: To describe a repository in a public registry** + +The following ``describe-repositories`` example describes a repository named ``project-a/nginx-web-app`` in a public registry. :: + + aws ecr-public describe-repositories \ + --repository-name project-a/nginx-web-app + +Output:: + + { + "repositories": [ + { + "repositoryArn": "arn:aws:ecr-public::123456789012:repository/project-a/nginx-web-app", + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "repositoryUri": "public.ecr.aws/public-registry-custom-alias/project-a/nginx-web-app", + "createdAt": "2024-07-07T00:07:56.526000-05:00" + } + ] + } + +**Example 2: To describe all repositories in a public registry in a table** + +The following ``describe-repositories`` example describes all repositories in a public registry and then outputs the repository names into a table format. :: + + aws ecr-public describe-repositories \ + --region us-east-1 \ + --output table \ + --query "repositories[*].repositoryName" + +Output:: + + ----------------------------- + | DescribeRepositories | + +---------------------------+ + | project-a/nginx-web-app | + | nginx | + | myfirstrepo1 | + | helm-test-chart | + | test-ecr-public | + | nginx-web-app | + | sample-repo | + +---------------------------+ \ No newline at end of file diff --git a/awscli/examples/ecr-public/get-login-password.rst b/awscli/examples/ecr-public/get-login-password.rst new file mode 100644 index 000000000000..99879cc05f0b --- /dev/null +++ b/awscli/examples/ecr-public/get-login-password.rst @@ -0,0 +1,27 @@ +**Example 1: To authenticate docker to an Amazon ECR public registry** + +The following ``get-login-password`` example retrieves and displays an authentication token using the GetAuthorizationToken API that you can use to authenticate to an Amazon ECR public registry. :: + + aws ecr-public get-login-password \ + --region us-east-1 + | docker login \ + --username AWS \ + --password-stdin public.ecr.aws + +This command produces no output in the terminal but instead pipes the output to Docker. + +For more information, see `Authenticate to the public registry `__ in the *Amazon ECR Public*. + +**Example 2: To authenticate docker to your own custom AmazonECR public registry** + +The following ``get-login-password`` example retrieves and displays an authentication token using the GetAuthorizationToken API that you can use to authenticate to your own custom Amazon ECR public registry. :: + + aws ecr-public get-login-password \ + --region us-east-1 \ + | docker login \ + --username AWS \ + --password-stdin public.ecr.aws/ + +This command produces no output in the terminal but insteads pipes the output to Docker. + +For more information, see `Authenticate to your own Amazon ECR Public `__ in the *Amazon ECR Public*. diff --git a/awscli/examples/iam/create-policy.rst b/awscli/examples/iam/create-policy.rst index ba050d01a65d..8319d8e2662c 100644 --- a/awscli/examples/iam/create-policy.rst +++ b/awscli/examples/iam/create-policy.rst @@ -1,12 +1,12 @@ **Example 1: To create a customer managed policy** -The following command creates a customer managed policy named ``my-policy``. :: +The following command creates a customer managed policy named ``my-policy``. The file ``policy.json`` is a JSON document in the current folder that grants read only access to the ``shared`` folder in an Amazon S3 bucket named ``amzn-s3-demo-bucket``. :: aws iam create-policy \ --policy-name my-policy \ - --policy-document file://policy + --policy-document file://policy.json -The file ``policy`` is a JSON document in the current folder that grants read only access to the ``shared`` folder in an Amazon S3 bucket named ``my-bucket``. :: +Contents of policy.json:: { "Version": "2012-10-17", @@ -18,7 +18,7 @@ The file ``policy`` is a JSON document in the current folder that grants read on "s3:List*" ], "Resource": [ - "arn:aws:s3:::my-bucket/shared/*" + "arn:aws:s3:::amzn-s3-demo-bucket/shared/*" ] } ] @@ -44,16 +44,18 @@ For more information on using files as input for string parameters, see `Specify **Example 2: To create a customer managed policy with a description** -The following command creates a customer managed policy named ``my-policy`` with an immutable description:: +The following command creates a customer managed policy named ``my-policy`` with an immutable description. + +The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``amzn-s3-demo-bucket``. :: aws iam create-policy \ --policy-name my-policy \ --policy-document file://policy.json \ - --description "This policy grants access to all Put, Get, and List actions for my-bucket" + --description "This policy grants access to all Put, Get, and List actions for amzn-s3-demo-bucket" -The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``. :: +Contents of policy.json:: - { + { "Version": "2012-10-17", "Statement": [ { @@ -64,7 +66,7 @@ The file ``policy.json`` is a JSON document in the current folder that grants ac "s3:GetBucket*" ], "Resource": [ - "arn:aws:s3:::my-bucket" + "arn:aws:s3:::amzn-s3-demo-bucket" ] } ] @@ -89,36 +91,38 @@ Output:: For more information on Idenity-based Policies, see `Identity-based policies and resource-based policies `__ in the *AWS IAM User Guide*. -**Example 3: To Create a customer managed policy with tags** +**Example 3: To create a customer managed policy with tags** -The following command creates a customer managed policy named ``my-policy`` with tags. This example uses the ``--tags`` parameter flag with the following JSON-formatted tags: ``'{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'``. Alternatively, the ``--tags`` flag can be used with tags in the shorthand format: ``'Key=Department,Value=Accounting Key=Location,Value=Seattle'``. :: +The following command creates a customer managed policy named ``my-policy`` with tags. This example uses the ``--tags`` parameter with the following JSON-formatted tags: ``'{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'``. Alternatively, the ``--tags`` parameter can be used with tags in the shorthand format: ``'Key=Department,Value=Accounting Key=Location,Value=Seattle'``. + +The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``amzn-s3-demo-bucket``. :: aws iam create-policy \ --policy-name my-policy \ --policy-document file://policy.json \ --tags '{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}' -The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``. :: +Contents of policy.json:: - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ "s3:ListBucket*", "s3:PutBucket*", "s3:GetBucket*" ], "Resource": [ - "arn:aws:s3:::my-bucket" + "arn:aws:s3:::amzn-s3-demo-bucket" ] } ] } Output:: - + { "Policy": { "PolicyName": "my-policy", @@ -139,7 +143,6 @@ Output:: "Key": "Location", "Value": "Seattle" { - ] } } diff --git a/awscli/examples/iam/get-account-authorization-details.rst b/awscli/examples/iam/get-account-authorization-details.rst index 89906441761b..10400d7d3a80 100644 --- a/awscli/examples/iam/get-account-authorization-details.rst +++ b/awscli/examples/iam/get-account-authorization-details.rst @@ -1,4 +1,4 @@ -**To list an AWS accounts IAM users, groups, roles, and policies** +**To list an AWS account's IAM users, groups, roles, and policies** The following ``get-account-authorization-details`` command returns information about all IAM users, groups, roles, and policies in the AWS account. :: @@ -236,8 +236,8 @@ Output:: "s3:List*" ], "Resource": [ - "arn:aws:s3:::example-bucket", - "arn:aws:s3:::example-bucket/*" + "arn:aws:s3:::amzn-s3-demo-bucket", + "arn:aws:s3:::amzn-s3-demo-bucket/*" ] } ] diff --git a/awscli/examples/securityhub/list-configuration-policy-associations.rst b/awscli/examples/securityhub/list-configuration-policy-associations.rst index 3476e6b3a347..09f2f0bf21a8 100644 --- a/awscli/examples/securityhub/list-configuration-policy-associations.rst +++ b/awscli/examples/securityhub/list-configuration-policy-associations.rst @@ -3,7 +3,7 @@ The following ``list-configuration-policy-associations`` example lists a summary of configuration associations for the organization. The response include associations with configuration policies and self-managed behavior. :: aws securityhub list-configuration-policy-associations \ - --association-type "APPLIED" \ + --filters '{"AssociationType": "APPLIED"}' \ --max-items 4 Output:: @@ -47,4 +47,4 @@ Output:: } } -For more information, see `Viewing Security Hub configuration policies `__ in the *AWS Security Hub User Guide*. \ No newline at end of file +For more information, see `Viewing configuration policy status and details `__ in the *AWS Security Hub User Guide*. \ No newline at end of file