AWS Command Line Interface Tutorial




With just one tool, you can monitor multiple AWS services from the CLI. In this article, I will explain to you how to install and configure the AWS CLI on Windows, Linux, Mac, or Unix OS.

aws command line interface

This article is divided into four main sections:

* What is AWS CLI?
How to install AWS CLI?
How to configure AWS CLI?
AWS CLI cheat sheet

What is AWS CLI?

The AWS CLI is an open source tool built on top of the AWS SDK for Python that provides commands for interacting with AWS services. Once set up, you can use the CLI to access all the functionality provided on the AWS Management Console to access AWS Services and configure resources.

You can use one of the following terminal programs to use the CLI:

* Linux shells: Use common shell programs such as Bash, Zsh, and Tsch to run commands in Linux, Mac OS, or Unix.
* Windows command line: On Microsoft Windows, run commands in either PowerShell or the Windows Command Processor.
* Remotely: Run commands on Amazon EC2 instances through a remote terminal such as PuTTY or SSH, or with Amazon EC2 systems manager.

With AWS CLI you can simplify many multi-step processes using one command, and also automate repetitive tasks. For example, you can accomplish the following very easily and quickly using the AWS CLI versus using the AWS Management Console.
* Sync all files from one s3 bucket to another s3 bucket, while also removing the ones that are deleted.
* Get the list of all IAM users in your AWS account who access a specific bucket prefix.
* Terminate all EC2 instances in your AWS account that are launched with a specific key pair.

Key Features of AWS CLI:
* Manage all AWS resources using a single tool.
* Simple Configuration.
* Easy to use, and can combine with other scripting languages.

How to install AWS CLI?

How to install AWS CLI on Windows:

To install on Windows, download one of the appropriate installers:

AWS CLI MSI Installer for Windows 64-bit
AWS CLI MSI Installer for Windows 32-bit

Follow the prompts on the installer to complete the installation.
As an alternative, run this installer batch script in an Administrator command prompt to download and run the installer.

How to install AWS CLI on Linux/Unix/MacOS:

It installs as a python package. So, you will need to install some pre-requisites, in the following order.

1.Install Python (skip this step, if python is already installed). Python Version 2.6.5 or later is required.

2. Install pip (skip this step, if pip is already installed)

  1. You can download and install pip using following commands:
curl -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py –user

3. Install AWS CLI using pip

With python and pip installed, you can install AWS CLI using following command:

pip install awscli --upgrade --user

How to configure AWS CLI?

Once the AWS CLI is installed, you need to configure the CLI to be able to access the AWS resources. The configuration enables the CLI to authenticate with AWS as a user with a fixed set of permissions.

If you are trying to use the CLI on your machine or AWS EC2 instance, then you can follow the below instructions below:

1. First, you will need a pair of Access Key ID and Secret Access Key. If you don't already have one, you will need to generate by going to

IAM->Users and select the user you want to create the pair for (see the screenshot below).

2. You will only be able to view the secret access key on the console here right now, and then you won't be able to view it again anytime in the future. So, make sure you write it down and save it somewhere.

Note: In case you lose your secret access key, or if someone steals it(for security concerns), you will have to generate a new one and then configure on all the machines that you use the AWS CLI on.

3. Once you have the keys, then run the command "aws configure" on the command line, and enter the keys as shown below. Region and Output format values are optional and can be left blank.

With this setup done, you can now access/query the AWS resources from your command line.
If you want to save multiple user profiles, then you can create user profiles using the command:

aws configure --user fakeuser

How to make it more secure? Use IAM Roles

You can use the same method to access the AWS CLI on EC2 instances that you have deployed in your AWS environment but it is not very secure.

Let's say, a hacker hacks and get access to your EC2 instance and reads the Access Key ID and Secret Access Key values. Then, that person can use these from any machine with public internet access to change or break your environment against your will. This could become a big security concern.

To avoid situations like these, a better alternative is to create an IAM role with all the necessary permissions and attach those permissions to your EC2 instance.

For example, you want your EC2 web server instance to access your RDS instances and the S3 bucket in your AWS account. You can use the following steps to enable AWS CLI to be able to access those resources:

1. Create IAM role 'CustomAccess_S3_RDS' with permissions: 'AmazonS3FullAccess', 'AmazonRDSFullAccess'.

2. When launching EC2 instance, assign IAM role 'CustomAccess_S3_RDS'.

Now, if you have AWS CLI installed, then you will not need to run the 'aws configure' command to access S3 and RDS. You can do so directly.
If you want to access more resources from your EC2, then you can still go and update the role's permissions to add/remove access rights or privileges as needed.

AWS CLI cheat sheet:

Basic AWS command structure:

>> aws [command] [subcommand] [options and parameters*]

Command Help:

>> aws [service] help

AWS S3 (Simple Storage Service):

Print list of all buckets in your AWS account:

aws s3 ls

Sync all the files from your s3 bucket to the local path:

aws s3 sync --delete s3://my-test-bucket C:\Users\amolk\my_test_folder

The -- delete tag will also remove a file/object from the local path if it has been deleted from the s3 bucket.

aws s3 sync --delete s3://my-test-bucket C:\Users\amolk\my_test_folder

Similarly, changing the location of the paths/URLs will change the direction of file transfer.
Sync all the files from your local path to s3 bucket:

aws s3 sync C:\Users\amolk\my_test_folder s3://my-test-bucket

The -- delete tag will also remove a file/object from the local path if it has been deleted from the s3 bucket.

aws s3 sync --delete C:\Users\amolk\my_test_folder s3://my-test-bucket

AWS EC2 (Elastic Cloud Compute):

Get the description of all EC2 instances:

aws ec2 describe-instances

Get the description of a specific EC2 instance:

aws ec2 describe-instances --instance-ids i-1234567890abcdef0

AWS IAM (Identity and Access Management):

List all the IAM users in the current AWS account:

aws iam list-users

Get information about am IAM user in the AWS account:

aws iam get-user fakeuser

Conclusion

I hope with this, the basics of AWS CLI are clear. You can play more with the examples provided here to learn more. If you have any questions, please feel free to reach out to me at my contact information below, or post a comment here, and I will get back to you.

In my next post, I will be taking this example further by elaborating the basics of AWS CloudFormation.

 on Email on Github on Linkedin
Amol Kokje, has several years of industry experience in hardware and software engineering domains. His current interests are in the areas of automation for virtualization and cloud computing. He currently works as a software developer with Mcafee, working on automation solutions for enterprise on-premise and cloud software deployment and testing.

About

Amol Kokje, has several years of industry experience in hardware and software engineering domains. His current interests are in the areas of automation for virtualization and cloud computing. He currently works as a software developer with Mcafee, working on automation solutions for enterprise on-premise and cloud software deployment and testing.

Leave a comment