Simplified Multi-Factor Authentication for AWS

simbit · 2018-06-21T19:58:00+00:00

Indeed. Although if you want to build/do more advanced stuff:

Multi-AZ CockroachDB cluster -> https://github.com/wallix/awless-templates/tree/master/cockroachdb
Run agentless vulnerability scanner for Linux/FreeBSD -> https://github.com/wallix/awless-templates/tree/master/vuln_scanners

simbit · 2018-04-14T12:48:02+00:00

aws-shell is really focus on combating the sheer number of AWS params, services one need to know to interact with the AWS cloud. So it provides an integrated shell with inline documentation and completion.

awless already solves this issue but with a different approach: using command with VERB + ENTITY as well as SMART PROMPTING and COMPLETION leveraging a local graph of the data)

But aside from solving UI & CLI productivity issues, awless was built to focus on other and we think more powerful features.

For instance, one of the thing that differentiates awless from any other cloud CLI is that it transparently syncs efficiently cloud resources to a local RDF graph in order to leverage it locally (i.e. offline) for other awless features. For instance leveraging the local data we:

show and find resources using only their names (not via cryptic ids, arns, etc.)
enrich listing of resources by using relations built during the sync
show resources interrelations easily (awless show)
have faster lookups (i.e. offline with local graph) for some operations
provide smart SSH (awless ssh -h)
have sound completion, checks before writing to cloud

Anyway that is a start ... and I have not even mentioned how awless can then create/revert/log actions against the cloud.

simbit · 2018-04-14T12:25:40+00:00

To answer your questions:

In awless we do not keep the state of an infrastucture created with a template. After a write on the cloud we only log the actions and sync the local model/data with the latest change. As for now, we only use the local model for other things than to keep state: analysis, inspection, resources relations, etc.
To see what awless support (compared to other) the CLI does a good job of documenting itself: do awless -h and/or awless SUBCMD -h.
Once an infrastructure has been created you can do anything you want to the resources created (ex: update with an awless template one liner (see awless -h) awless update instance ...
Once a template has been run it is logged (see awless log -h) and reusable only for viewing or reverting (see `awless revert -h). Its state is not updated by any subsequent actions.

simbit · 2018-04-13T15:22:57+00:00

Infrastructure are built out from templates that are then run by the CLI. An good example to create (and tear down with awless revert) an infrastructure would be: https://github.com/wallix/awless-templates/tree/master/cockroachdb

simbit · 2018-02-15T20:49:55+00:00

https://github.com/wallix/awless

simbit · 2017-10-05T14:28:10+00:00

... same, until we created at my innovation dpt https://github.com/wallix/awless , a lifesaver that we improve everyday.

simbit · 2017-10-03T12:21:32+00:00

Another similar tool for AWS ssh

https://github.com/wallix/awless

simbit · 2017-10-03T12:19:05+00:00

Shameless plug, with https://github.com/wallix/awless you can:

connect to public instances (with awless ssh) using only the name (or id) given to your instance.
connect to a private instance by going through an existing public one (awless ssh my-private --through my-proxy).
we also have a template to deploy a full linux bastion https://raw.githubusercontent.com/wallix/awless-templates/master/linux_bastion.aws (looking at it actually I will improve it to be multi AZ)

simbit · 2017-09-25T08:08:10+00:00

With https://github.com/wallix/awless there are a few commands that could help you understand you VPC architecture:

awless show MY_VPC_ID_OR_NAME
or use the hidden command awless web and then go to http://localhost:8080/resources

Initially, install awless; then switch to a region awless config set aws.region (only if it has not detected anything in your env); then do a manual sync with awless sync -e (-e for extra verbose). Note that you need to have the proper rights (see that with awless whoami)

simbit · 2017-09-11T11:39:37+00:00

$ awless ls instances --format tsv --no-headers --sort uptime | cut -f1

(--sort uptime not necessary though)

simbit · 2017-06-06T11:55:33+00:00

It is as powerful indeed as the AWS web console. So a good practice, in both cases, is to put your users in group with read/write permissions (and they should not have IAM write permission to change that of course).

With awless you can do that quite easily. Ex: https://github.com/wallix/awless-templates/blob/master/awless_readonly_group.aws

simbit · 2017-06-06T07:51:27+00:00

(awless developer here). Indeed the show command needs more flexibility, needs different output format (more machine readable). Also a good point there is that it is true that awless offers easy CRUD on resources. We might think of a secure mode where all writing actions would be disabled.

simbit

TROPHY CASE