AWS tags on tagged instances

Probably a better way to handle this, but occasionally I want to run a script against a resources that have a tag NEWKEY=NEWVALUE and I want to update a different set of instances to have that tag.

Get the instance id:

aws --profile MYPROFILE ec2 describe-instances --filters Name="tag:OLD_KEY",Values="PARTIAL_VALUE*" --query 'Reservations[*].Instances[*].InstanceId[]' --output=text


and an update tag example:

aws --profile MYPROFILE ec2 create-tags --resources i-000resource1 i-000resource2 --tags Key=NEWKEY,Value=NEWVALUE


and putting it all together for the lazy:

aws --profile MYPROFILE ec2 create-tags --resources $(aws --profile MYPROFILE ec2 describe-instances --filters Name="tag:KEY1",Values="PARTIAL_VALUE*" --query 'Reservations[*].Instances[*].InstanceId[]' --output=text) --tags Key=NEWKEY,Value=NEWVALUE


of course don’t forget your appropriate region tag if applicable

ldapsearch queries

ldap searches, always fun and powerful, but I so often spend too much time figuring out the syntax. Without further ado:

dump all users, the -E handles the pagination of requests when limited to 1000 results

ldapsearch -E pr=1000/noprompt -x -D "CN=serviceuser,OU=exampleorg,DC=example,DC=ad" -w PASSWORD -H "ldaps://example.com:636" -b "OU=Users,OU=ExampleOrg,DC=example,DC=ad" | tee -a /tmp/LDAP-DUMP-USERS.txt

-W will prompt for password instead of entering it on command line

and just for fun this will return the users thumbnail photo into /tmp

ldapsearch -E pr=1000/noprompt -x -D "CN=serviceuser,OU=exampleorg,DC=example,DC=ad" -w PASSWORD -H "ldaps://example.com:636" -s sub -b "CN=MY USER,OU=Users,OU=ExampleOrg,DC=example,DC=ad" -t thumbnailPhoto=* thumbnailPhoto| while read line ; do echo $line | egrep -q "^dn:" && name=`echo $line | sed 's/.*CN=\([^,]\+\).*/\1/'`; echo $line | egrep file && file=`echo $line | sed 's/.*file:\/\///'` && mv $file /tmp/$name.jpg ; done