General Changes

The AWS SDK was updated to the most recently available one.

Sub-command Changes

This release introduces a new -cleanup flag to the rotate-keys sub-command, allowing the removal of all keys except the newly created one.

This was implemented in #20 , as a result of the suggestion in #19.

This release updates the instances and csv-instances sub-commands to make them more flexible, and customizable. The common-code to fetch all the running instances, available to the current role or set of roles, has been merged into a single internal-package to cut down on code duplication too.

By default the output for both sub-commands remains unchanged, however it is now possible to change the output. In the case of the instances sub-command you can specify a golang template-file as input, to control what is output:

$ aws-utils instances -dump-template > foo.tmpl
$ vi foo.tmpl
$ aws-utils instances -template=./foo.tmpl

The csv-instances sub-command has been updated such that you can specify the fields that you're interested in viewing, for example if you wish to see the (private) IPv4 address associated with each instance:

$ aws-utils csv-instances --format="id,name,ipv4address"

The list of fields you can use is available in the integrated help (aws-utils help csv-instances).

This release is a pretty minimal update to the previous one, with only a couple of minor changes.

Changes to existing sub-commands:

• Updated the stacks subcommand to allow filtering and policy updating.
  • It is now possible to only display stack-names which match a given regular-expression.
  • We've also updated to allow setting a stack-policy for all stacks.

New sub-commands:

• Added the subnets subcommand to report on subnets.

Internal cleanups:

• Updated our CI/CD process, to change linter.
  • We now lint via the golangci-lint utility, and have fixed the few issues it raised.
• Updated our dependencies, so we now build against the latest AWS SDK.

This release fixes an issue with the stacks sub-command, which might have not shown the names of all stacks which existed within the given account(s).

• Reported in #13, and resolved in #14.

As part of that fix the dependencies (i.e. the AWS SDK) were updated, but I don't anticipate any changes from that update.

This release adds some new sub-commands:

• orphaned-zones
  • List route53 zones which have their nameservers pointing to non-AWS nameservers.
• stacks
  • List all non-deleted, non-obsolete, cloudformation stacksets.
  • Getting these is possible via the AWS CLI, but it is annoying to have to filter out deleted ones, etc.

In addition to these new sub-commands some changes have been made:

• The instances sub-command allows JSON output.
• The instances sub-command shows the AMI ages.
• The rotate-keys sub-command only updates the first set of credentials in ~/.aws/credentials.
  • However taking a backup before using this for the first time is strongly recommended.
• The version sub-command shows VCS information, when built with go 1.18+

This release updates the sg-grep sub-command to allow it to be executed with a list of roles to assume, matching the flexible approach shared by other sub-commands.

Our implementation was simplified by abstracting the way the various commands operate upon role-files, removing repetition and increasing code-clarity.

Finally the whitelist-self command will now avoid making needless changes to security-group rules, if no change is necessary.

This release adds the rotate-keys sub-command, which allows rotating your AWS access-keys.

In addition to the new sub-command support has been added for logging all (HTTP) requests made against Amazon, via the use of the environmental variable DEBUG.

This release updates the whitelist-self sub-command to add more paranoia, and checking:

• If a rule has no Name field we ignore it.
• If there are multiple rules which contain the same description we avoid making any changes.

In addition to this it is now possible to process multiple JSON files specified upon the command-line.

This release updates the name of the whitelisting sub-command to be whitelist-self, which is more discoverable and descriptive. This sub-command was updated to allow expanding environmental variables in rule-names too.

Otherwise nothing much has changed, the README.md file has been updated to document the integrated help, and a sample-usage of each tool has been provided.

This release updates the help-text available for the remote-ip-change sub-command. There are no functional changes.