态
任何人都可以提供CLI命令以获取创建特定IAM角色的堆栈名称和区域吗?
您将必须编写一个小的循环脚本,该脚本通过所有区域和所有堆栈(假设'create_complete'状态(,并使用Dorcident-stack-resources cli命令。
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-stack-resources.html
这是一个小例子:
#!/bin/bash
for region in us-east-2 us-east-1 us-west-1 us-west-2 ap-east-1 ap-south-1 ap-northeast-3 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 cn-north-1 cn-northwest-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 eu-north-1 me-south-1 sa-east-1
do
echo "Processing region $region ..."
for stack in $(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --output json --region $region | jq '.StackSummaries[] | .StackId' | sed -e 's/^"//' -e 's/"$//')
do
echo "Processing stack $stack ..."
aws cloudformation describe-stack-resources --stack-name $stack --output json --region $region | jq '.StackResources[] | select(.ResourceType=="AWS::IAM::Role") | select(.PhysicalResourceId=="PUT_YOUR_ROLE_NAME_HERE")'
done
done
不要忘记,如果您扮演角色,您可以轻松获取帐号和角色名称。格式为
arn:aws:iam :: account-id:角色/角色名称
我希望对Oneliner感到抱歉,它不太可读。