Skip to content

Instantly share code, notes, and snippets.

@espozbob

espozbob/User-Guide-AWS-CLI.md

Last active June 20, 2020 03:53
Show Gist options
  • Save espozbob/6e49ed3c767b09efb8f064ab25402194 to your computer and use it in GitHub Desktop.
Save espozbob/6e49ed3c767b09efb8f064ab25402194 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Command Line Interface - User Guide
Raw
User-Guide-AWS-CLI.md

AWS CLI

Install the CLI

$ pip install awscli

Update the CLI

$ pip install awscli --upgrade

Check version of the CLI

$ aws --version

Uninstall the CLI

$ pip unistall awscli

Setting up Credentials

$ aws configure

Configuration files

AWS Credentials

  • Supported by all AWS SDKs
  • Contains credentials
~/.aws/credentials

CLI configuration file

  • Some settings used only by CLI
  • Can contain credentials
~/.aws/config
  • Enable CLI History
$ aws configure set cli_history enabled
$ less ~/.aws/config
[default]
region = us-east-1
output = json
cli_history = enabled

CLI History

$ aws history list
850914be-58b5-488b-b9fb-b754ba833088  2017-12-28 07:07:42 AM  codecommit list-repositories                      0

$aws history show 850914be-58b5-488b-b9fb-b754ba833088

Syntax

  • aws + service (command) + operation (subcommand) + options
$ aws ec2 describe-instances
$ aws iam list-access-keys --profile team --debug

help

$ aws ec2 help
$ aws ec2 describe-instances help

Named Profiles

Switching IAM user

$ aws ec2 describe-instances --profile drneon

Environment Variables

Using with shell script

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN
  • AWS_DEFAULT_REGION
  • AWS_DEFAULT_OUTPUT
  • AWS_PROFILE
  • AWS_CA_BUNDLE
  • AWS_SHARED_CREDENTIALS_FILE
  • AWS_CONFIG_FILE
$ export AWS_ACCESS_KEY_ID=xxxxxxxx

Command Line Options

  • --profile
  • --region
  • --output
  • --endpoint-url

Roles

  • Set of permissions granted to a trusted entity
  • Assumed by IAM users, applications, AWS services
- IAM user in another account
- Application code running on an EC2 instance that needs to perform actions on AWS resources
- An AWS service that needs to act on resources in your account to provide its features
- Users from a corporate directory who use identity federation with SAML

[team2]
role_arn = arn:aws:iam::123448891234:role/test
source_profile = default

MFA

$ more ~/.aws/config
[default]
region = us-east-1
output = json

[profile team]
role_arn = arn:aws:iam::1234791234:role/admin
source_profile = default
mfa_serial = arn:aws:iam::1234798712:mfa/bob

$ aws s3 ls --profile team
Enter MFA code for arn:aws:iam::123448891234:mfa/bob: 
2017-12-21 06:15:56 cloud9-bob

Bastion Hosts with roles

  • Create a role with type of AWS service (EC2)
  • Add permissions polices
  • Create EC2 instance with a role above.
  • Connect instance and execute a command AWS CLI allowed permissions without credentials.

Output Types

  • json
  • text
  • table

Tab Completion Setup

$ which aws_completer
/usr/local/bin/aws_completer
$ complete -C '$(which aws_completer)' aws

AWS Shell

$ pip install aws-shell
$ aws-shell

JMESPath Terminal

$ pip install jmespath-terminal
$ jpterm

Generate CLI Skeleton

  • Makes scripting with the CLI easier
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment