1. Command Completion
On Unix-like systems, the AWS CLI includes a command-completion feature
that enables you to use the TAB key to complete a partially
typed command. This feature is not automatically installed so you need to
configure it manually.
Configuring command completion requires two pieces of information: the
name of the shell you are using and the location of the aws_completer script.
Completion on Amazon Linux
Command completion
is configured by default on instances running Amazon Linux.
Sections
Identify
Your Shell
If you are not sure which shell you are using, identify it with one of
the following commands:
echo $SHELL – show the shell's installation directory. This will usually match
the in-use shell, unless you launched a different shell after logging in.
$ echo
$SHELL
/bin/bash
ps – show the processes running for the current user. The shell will
be one of them.
$ ps
PID TTY TIME CMD
2148 pts/1 00:00:00 bash
8756 pts/1 00:00:00 ps
Locate
the AWS Completer
The location can vary depending on the installation method used.
Package Manager – programs such as pip, yum, brew and apt-get
typically install the AWS completer (or a symlink to it) to a standard path
location. In this case, which will locate the completer for
you.
$ which
aws_completer
/usr/local/bin/aws_completer
Bundled Installer – if you used the bundled installer per the
instructions in the previous section, the AWS completer will be located in the
bin subfolder of the installation directory.
$ ls /usr/local/aws/bin
activate
activate.csh
activate.fish
activate_this.py
aws
aws.cmd
aws_completer
...
If all else fails, you can use find to search
your entire file system for the AWS completer.
$ find / -name
aws_completer
/usr/local/aws/bin/aws_completer
Enable Command
Completion
Run a command to enable command completion. The command that you use to
enable completion depends on the shell that you are using. You can add the
command to your shell's RC file to run it each time you open a new shell.
- bash – use the built-in
command complete.
·
$ complete -C '/usr/local/bin/aws_completer'
aws
Add the command
to ~/.bashrc to run it each time you open a new shell. Your ~/.bash_profile should source~/.bashrc to ensure
that the command is run in login shells as well.
- tcsh – complete for tcsh
takes a word type and pattern to define the completion behavior.
·
> complete
aws 'p/*/`aws_completer`/'
Add the command
to ~/.tschrc to run it each time you open a new shell.
- zsh – source bin/aws_zsh_completer.sh
% source /usr/local/bin/aws_zsh_completer.sh
The AWS CLI uses
bash compatibility auto completion (bashcompinit) for zsh support.
For further details, refer to the top of aws_zsh_completer.sh.
Add the command to ~/.zshrc to run it
each time you open a new shell.
Test Command
Completion
After enabling command completion, type in a partial command and press
tab to see the available commands.
$ aws sTAB
s3 ses sqs sts swf
s3api sns storagegateway support
2. AWS Control Tower:
Control Tower automates the set-up of a well-architected, multi-account environment based on best practices, and guides you through a step-by-step process to customize Control Tower to your organization. It will automate the creation of an AWS Landing Zone with best practice blueprints including:
- Configuring AWS organizations to create a multi-account environment.
• Providing for identity management using AWS SSO users and groups.
• Federating access using AWS Single Sign-On.
• Centralizing logging using AWS CloudTrail and AWS Config.
• Enabling cross-account security audits using AWS IAM.
• Implementing network design using Amazon VPC.
• Defining workflows for provisioning accounts using AWS Service Catalog.
In addition, it will put in place mandatory, curated guardrails, such as blocking accounts from being able to create an Internet gateway or ensuring only encrypted S3 objects can be created. This will incredibly shorten the amount of time it takes to get going with all the curated best practice from millions of customers who use AWS every day.
With AWS Control Tower, you pay only for AWS services enabled by Control Tower, which include the set-up of your AWS Landing Zone, mandatory guardrails, or customized options. You will incur costs for AWS services configured in the set-up of your Landing Zone, mandatory guardrails, and strongly recommended guardrails. No costs are incurred for strongly recommended guardrails that are preventative. The cost of each service will vary based on the number of regions, accounts, hours used, and guardrails enabled. AWS Control Tower is now available in limited preview, and you can sign up here.
This then leads to one of the most perennial problems that has existed in enterprise IT for a long time—that of having a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. This is where Security Hub comes in.
3. AWS Security HUB:
The typical enterprise security landscape has a number of powerful security tools deployed. From firewalls and endpoint protection to vulnerability and compliance scanners. But oftentimes this leaves your team switching back and forth between these tools to deal with hundreds, and sometimes thousands, of security alerts every day. With Security Hub you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner Solutions. Your findings are visually summarized on integrated dashboards with actionable graphs and tables. You can also continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows. This allows you to save time with aggerated findings, improve compliance with automated checks, and quickly take action on findings. AWS Security Hub is offered at no cost during the preview period and is available as a region service in 15 of the current AWS regions. Pricing will be finalized when the service becomes generally available.
These two new powerful offerings will enable enterprises to move even faster to build new innovations for their customers and migrate their IT systems even faster. I look forward to seeing and hearing how customers use this to keep their momentum moving forward for their journey to AWS Cloud.
