# list distributions
aws cloudfront list-distributions --query '*.Items[*].[Comment,Id,Aliases.Items[0],DefaultCacheBehavior.TargetOriginId]' --output table

# create invalidation
aws cloudfront create-invalidation --distribution-id  EATDVGD171BHDS1  --paths "/*"

## check cloudfornt log enable or not
for i in $(aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --profile route53 | sed '1,3d;$d' | awk '{print $2}')
do
  result=$(aws cloudfront get-distribution --id ${i} --query 'Distribution.DistributionConfig.Logging' --profile route53 | jq .Enabled)
  if [[ "${result}" != "true" ]];then
    echo ${i}
  fi
done

# list
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Tags[0].Value,InstanceId]' --output table --page-size 100

# Get password and login to 12345.dkr.ecr.ap-northeast-1.amazonaws.com
aws ecr get-login-password | docker login --username AWS --password-stdin 12345.dkr.ecr.ap-northeast-1.amazonaws.com

# Copy local file to S3
aws s3 cp ./pic.png s3://bucket_name/dir/

# Sync local local_dir to S3
aws s3 sync local_dir s3://bucket_name --exclude 'gameConfig.json' --acl public-read --delete

# list
aws ec2 describe-snapshots \
        --owner-ids self \
        --query "Snapshots[?(Tags[0].Value=='backend')].[SnapshotId,VolumeId]" \
        --region ap-northeast-1

# create
aws ec2 create-snapshot --volume-id vol-02468851c2bc3bc4b --description "gitlab-$(date +%F)" --region ap-northeast-1

# delete
aws ec2 delete-snapshot --snapshot-id snap-1234567890abcdef0 --region ap-northeast-1

region='ap-east-1'
account_id='888886666321'
topic='sa'

# create topic
aws sns create-topic --name ${topic}

# subscribe
aws sns subscribe --topic-arn arn:aws:sns:${region}:${account_id}:${topic} --protocol email --notification-endpoint ricky@gmail.com

# list
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:${region}:${account_id}:${topic}

# create alarm
### metric-name
##CPUUtilization -->percent
##NetworkIn -->bytes
##NetworkOut -->bytes
for line in $(aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Tags[0].Value,InstanceId]' --output table --page-size 100)
do
    ID=$(echo ${line}|awk -F ',' '{print $1}')
    VALUE=$(echo ${line}|awk -F ',' '{print $2}')
    aws cloudwatch put-metric-alarm \
        --alarm-name ${ID}_netout \
        --metric-name NetworkOut \
        --namespace AWS/EC2 \
        --statistic Average \
        --period 300 \
        --threshold 2560000 \
        --comparison-operator GreaterThanOrEqualToThreshold \
        --dimensions  "Name=InstanceId,Value=${VALUE}" \
        --evaluation-periods 3 \
        --alarm-actions arn:aws:sns:${region}:${account_id}:${topic}
        ##--unit Bytes
    echo "$ID done"
done

aws wafv2 create-web-acl \
  --name acl_name \
  --scope CLOUDFRONT \
  --default-action Allow={} \
  --visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=metric_acl_name \
  --rule

# Installing s3fs-fuse
sudo apt-get update && sudo apt-get install s3fs

# Configuring AWS Credentials
echo ACCESS_KEY_ID:SECRET_ACCESS_KEY > ${HOME}/.passwd-s3fs
chmod 600 ${HOME}/.passwd-s3fs

# Mounting the S3 Bucket
s3fs mybucketname:/path/to/dir /path/to/local/mountpoint -o passwd_file=${HOME}/.passwd-s3fs

# Ensuring Persistent Mounting
echo 's3fs#mybucketname:/path/to/dir /path/to/local/mountpoint fuse _netdev,allow_other 0 0' | sudo tee -a /etc/fstab

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowPublicRead",
			"Effect": "Allow",
			"Principal": "*",
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::bucketName/*"
		}
	]
}

[
	{
		"AllowedHeaders": ["*"],
		"AllowedMethods": ["GET", "PUT", "POST", "DELETE"],
		"AllowedOrigins": ["*"],
		"ExposeHeaders": [
			"x-amz-server-side-encryption",
			"x-amz-request-id",
			"x-amz-id-2"
		],
		"MaxAgeSeconds": 3000
	}
]

{
	"rules": [
		{
			"rulePriority": 1,
			"description": "Keep only the last 100 images",
			"selection": {
				"tagStatus": "any",
				"countType": "imageCountMoreThan",
				"countNumber": 100
			},
			"action": {
				"type": "expire"
			}
		}
	]
}

{
	"rules": [
		{
			"rulePriority": 1,
			"description": "Remove images with certain tag",
			"selection": {
				"tagStatus": "tagged",
				"tagPrefixList": ["tag1", "tag2"],
				"countType": "imageCountMoreThan",
				"countNumber": 0
			},
			"action": {
				"type": "expire"
			}
		}
	]
}

{
	"rules": [
		{
			"rulePriority": 1,
			"description": "Remove untagged images older than 14 days",
			"selection": {
				"tagStatus": "untagged",
				"countType": "sinceImagePushed",
				"countUnit": "days",
				"countNumber": 14
			},
			"action": {
				"type": "expire"
			}
		}
	]
}