As a AWS solution engineers, very frequently we will use AWS CLI or at least for bulk operations, audit/inventory operations. So here I am going to consolidate the most of AWS CLI details as:
- Installation
- Configuration
- Consumption (Examples)
AWS CLI Installation:
We can download AWS CLI for windows here for Mac and Linux we can install using pip.
For Windows based systems:
- We can download from above portal based your operating system architecture (64/32-bit).
- We have run the downloaded file using administrator privileges and install with default options.
For Linux based systems:
- As pre-req mentioned in the AWS CLI official page we should have python 2.6.5 or higher already in our systems if not install it before going to next step.
- We can install awscli using pip install awscli
After installation you can validate as below by running
aws --version
aws-cli/1.11.44 Python/2.7.10 Darwin/16.4.0 botocore/1.5.7
Now we can confirm our AWSCLI installation was successfully completed.
AWSCLI Configuration:
For our general use aws configure command will help us to quickly setup our AWS installation,
aws configure
AWS Access Key ID [****************UMIA]:
AWS Secret Access Key [****************gkYc]:
Default region name [us-west-2]:
Default output format [None]: text
Once we ran and give "AWS Access Key ID, AWS Secret Access Key, Default region & Default output format (Optional) Note: Default output format can be either json, text, or table. If you don't specify an output format, json will be used"
For the first time once we configure below files will be created on our user profile:
Windows Location:
C:\Users\Username\.aws\credentials
C:\Users\Username\.aws\config
Linux Location
/home/Users/username/.aws/credentials
/home/Users/username/.aws/config
Here I have documented available regions as of now which you can follow while passing region name parameter.
When we have multiple user profiles to use AWSCLI then we can --profile option :
aws configure --profile cloud
AWS Access Key ID [None]: ****************UMIA
AWS Secret Access Key [None]: ****************gkYc
Default region name [None]: us-west-2
Default output format [None]: table
or else we can directly edit/add credentials and config details to respective profile files as below:
cat .aws/credentials
[default]
aws_access_key_id = AKIijjhbbGK564123567888MIA
aws_secret_access_key = bZ6uNU6PahjfajfkaflalfllWR8PD0R5GjOVktgkYc
[cloud]
aws_access_key_id = ****************UMIA
aws_secret_access_key = ****************gkYc
cat .aws/config
[default]
region = us-west-2
output = text
[profile cloud]
output = table
region = us-west-2
Note: The AWS credentials file uses a different naming format than the CLI config file for named profiles. Do not include the 'profile ' prefix when configuring a named profile in the AWS credentials file.
Consumption (Examples)
Using Profiles with the AWS CLI
To use a named profile, add the
--profile
option to your command. The following example lists running instances using the cloud profile from the previous section.$ aws ec2 describe-instances --profile cloud
If you are going to use a named profile for multiple commands, you can avoid specifying the profile in every command by setting the AWS_DEFAULT_PROFILE environment variable at the command line:
Linux, macOS, or Unix
$ export AWS_DEFAULT_PROFILE=cloud
Windows
> set AWS_DEFAULT_PROFILE=cloud
Note:Setting the environment variable changes the default profile until the end of your shell session, or until you set the variable to a different value. More on variables in the next section.
The following environment variables are supported by the AWS CLI
AWS_ACCESS_KEY_ID – AWS access key.
AWS_SECRET_ACCESS_KEY – AWS secret key. Access and secret key variables override credentials stored in credential and config files.
AWS_SESSION_TOKEN – session token. A session token is only required if you are using temporary security credentials.
AWS_DEFAULT_REGION – AWS region. This variable overrides the default region of the in-use profile, if set.
AWS_DEFAULT_PROFILE – name of the CLI profile to use. This can be the name of a profile stored in a credential or config file, or
default
to use the default profile.
AWS_CONFIG_FILE – path to a CLI config file.
Command Line Options:
The AWS CLI uses GNU-style long command line options preceded by two hyphens. Command line options can be used to override default configuration settings for a single operation, but cannot be used to specify credentials.
The following settings can be specified at the command line.
--profile – name of a profile to use, or "default" to use the default profile.
--region – AWS region to call.
--output – output format.
--endpoint-url – The endpoint to make the call against. The endpoint can be the address of a proxy or an endpoint URL for the in-use AWS region. Specifying an endpoint is not required for normal use as the AWS CLI determines which endpoint to call based on the in-use region.
Note:The above options override the corresponding profile settings for a single operation. Each takes a string argument with a space or equals sign ("=") separating the argument from the option name. Quotes around the argument are not required unless the argument string contains a space.
Sample e.g.
aws ec2 describe-instances --output table --region us-east-1
-------------------
|DescribeInstances|
+-----------------+
aws s3 ls --output json
2016-10-15 13:31:49 adithya34
2016-11-29 12:08:09 aruprcciit
2016-11-29 12:07:52 blazee
2016-06-09 13:56:12 mockert
Miscellaneous Tip (Command Auto Completion):
On Unix-like systems, the AWS CLI includes a command-completion feature that enables you to use the TAB key to complete a partially typed command. This feature is not automatically installed so you need to configure it manually.
add the below line in your /etc/bashrc file :
complete -C aws_completer aws |
After enabling command completion, type in a partial command and press tab to see the available commands.
$ aws s
TAB
s3 ses sqs sts swf
s3api sns storagegateway support
Hope this topic helps you start learning and working on AWSCLI.
No comments:
Post a Comment