- https://aws.amazon.com/cli
- CLI community forum
$ pip install awscli
$ pip install awscli --upgrade
$ aws --version
$ pip unistall awscli
$ aws configure
- Supported by all AWS SDKs
- Contains credentials
~/.aws/credentials
- Some settings used only by CLI
- Can contain credentials
~/.aws/config
- Enable CLI History
$ aws configure set cli_history enabled
$ less ~/.aws/config
[default]
region = us-east-1
output = json
cli_history = enabled
$ aws history list
850914be-58b5-488b-b9fb-b754ba833088 2017-12-28 07:07:42 AM codecommit list-repositories 0
$aws history show 850914be-58b5-488b-b9fb-b754ba833088
- aws + service (command) + operation (subcommand) + options
$ aws ec2 describe-instances
$ aws iam list-access-keys --profile team --debug
$ aws ec2 help
$ aws ec2 describe-instances help
Switching IAM user
$ aws ec2 describe-instances --profile drneon
Using with shell script
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
- AWS_DEFAULT_REGION
- AWS_DEFAULT_OUTPUT
- AWS_PROFILE
- AWS_CA_BUNDLE
- AWS_SHARED_CREDENTIALS_FILE
- AWS_CONFIG_FILE
$ export AWS_ACCESS_KEY_ID=xxxxxxxx
- --profile
- --region
- --output
- --endpoint-url
- Set of permissions granted to a trusted entity
- Assumed by IAM users, applications, AWS services
- IAM user in another account
- Application code running on an EC2 instance that needs to perform actions on AWS resources
- An AWS service that needs to act on resources in your account to provide its features
- Users from a corporate directory who use identity federation with SAML
[team2]
role_arn = arn:aws:iam::123448891234:role/test
source_profile = default
$ more ~/.aws/config
[default]
region = us-east-1
output = json
[profile team]
role_arn = arn:aws:iam::1234791234:role/admin
source_profile = default
mfa_serial = arn:aws:iam::1234798712:mfa/bob
$ aws s3 ls --profile team
Enter MFA code for arn:aws:iam::123448891234:mfa/bob:
2017-12-21 06:15:56 cloud9-bob
- Create a role with type of AWS service (EC2)
- Add permissions polices
- Create EC2 instance with a role above.
- Connect instance and execute a command AWS CLI allowed permissions without credentials.
- json
- text
- table
$ which aws_completer
/usr/local/bin/aws_completer
$ complete -C '$(which aws_completer)' aws
- https://github.com/awslabs/aws-shell
- Exit to console : Ctrl + D
$ pip install aws-shell
$ aws-shell
$ pip install jmespath-terminal
$ jpterm
- Makes scripting with the CLI easier