kosli snapshot s3 #

Synopsis #

Report a snapshot of the content of an AWS S3 bucket to Kosli.

To authenticate to AWS, you can either:

provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID)
export the AWS env vars (e.g. AWS_ACCESS_KEY_ID).
Use a shared config/credentials file under the $HOME/.aws

Option 1 takes highest precedence, while option 3 is the lowest.
More details can be found here: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials

You can report the entire bucket content, or filter some of the content using --include and --exclude. In all cases, the content is reported as one artifact. If you wish to report separate files/dirs within the same bucket as separate artifacts, you need to run the command twice.

To specify paths in a directory artifact that should always be excluded from the SHA256 calculation, you can add a .kosli_ignore file to the root of the artifact. Each line should specify a relative path or path glob to be ignored. You can include comments in this file, using #. The .kosli_ignore will be treated as part of the artifact like any other file,unless it is explicitly ignored itself.

kosli snapshot s3 ENVIRONMENT-NAME [flags]

Flags #

Flag	Description
--aws-key-id string	The AWS access key ID.
--aws-region string	The AWS region.
--aws-secret-key string	The AWS secret access key.
--bucket string	The name of the S3 bucket.
-D, --dry-run	[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
-x, --exclude strings	[optional] The comma separated list of file and/or directory paths in the S3 bucket to exclude when fingerprinting. Cannot be used together with --include.
-h, --help	help for s3
-i, --include strings	[optional] The comma separated list of file and/or directory paths in the S3 bucket to include when fingerprinting. Cannot be used together with --exclude.

Flags inherited from parent commands #

Flag	Description
-a, --api-token string	The Kosli API token.
-c, --config-file string	[optional] The Kosli config file path. (default "kosli")
--debug	[optional] Print debug logs to stdout. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default false)
-H, --host string	[defaulted] The Kosli endpoint. (default "https://app.kosli.com")
--http-proxy string	[optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'
-r, --max-api-retries int	[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--org string	The Kosli organization.

Examples Use Cases #

report the contents of an entire AWS S3 bucket (AWS auth provided in env variables)

export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName \
	--bucket yourBucketName \
	--api-token yourAPIToken \
	--org yourOrgName

report what is running in an AWS S3 bucket (AWS auth provided in flags)

kosli snapshot s3 yourEnvironmentName \
	--bucket yourBucketName \
	--aws-key-id yourAWSAccessKeyID \
	--aws-secret-key yourAWSSecretAccessKey \
	--aws-region yourAWSRegion \
	--api-token yourAPIToken \
	--org yourOrgName

report a subset of contents of an AWS S3 bucket (AWS auth provided in env variables)

export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName \
	--bucket yourBucketName \
	--include file.txt,path/within/bucket \
	--api-token yourAPIToken \
	--org yourOrgName

report contents of an entire AWS S3 bucket, except for some paths (AWS auth provided in env variables)

export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName \
	--bucket yourBucketName \
	--exclude file.txt,path/within/bucket \
	--api-token yourAPIToken \
	--org yourOrgName