Getting Started with Amazon AWS CLI

Like any good service Amazon Web Services (AWS) has a command line tool that interfaces with it’s various services.

Being the geek that I am, I have always preferred the command line (CLI), be it Cisco IOS, Bash, or the earlier MS-DOS. So getting acquainted with this tool only seems natural, on my journey to learn and discover more about AWS. Command line tools, albeit usually a high learning curve, give way to the underpinnings of the services.

Learning how to use it has it’s advantages, for one it gives to script-ability, therefore complex idempotent tasks can be codified. Reducing technical debt, and really get return on investment, by doing work once, and having the entire company benefit from the scripts that come out of that work.

After all, it’s a lot easier explaining how to run a script, than it is to explain steps that needs to be done, some times in specific order, etc.

Getting Command Line Tools

If you’re not working from AMI Linux, lets get the tools installed. I am working from a CentOS machine, I found them in the repository as package awscli. There are other methods of installation for example pip, easy_install, and of course a clone of the git repository.

# yum install awscli
Loaded plugins: fastestmirror
...
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
 Installing : libjpeg-turbo-1.2.90-5.el7.x86_64 1/15 
 Installing : libwebp-0.3.0-3.el7.x86_64 2/15 
 Installing : python2-jmespath-0.9.0-1.el7.noarch 3/15 
 Installing : jbigkit-libs-2.0-11.el7.x86_64 4/15 
 Installing : libtiff-4.0.3-25.el7_2.x86_64 5/15 
 Installing : python-pillow-2.0.0-19.gitd1c6db8.el7.x86_64 6/15 
 Installing : python-docutils-0.11-0.2.20130715svn7687.el7.noarch 7/15 
 Installing : python-colorama-0.3.2-3.el7.noarch 8/15 
 Installing : python2-futures-3.0.5-1.el7.noarch 9/15 
 Installing : python2-pyasn1-0.1.9-7.el7.noarch 10/15 
 Installing : python2-rsa-3.4.1-1.el7.noarch 11/15 
 Installing : python-dateutil-1.5-7.el7.noarch 12/15 
 Installing : python2-botocore-1.4.85-1.el7.noarch 13/15 
 Installing : python2-s3transfer-0.1.9-1.el7.noarch 14/15 
 Installing : awscli-1.11.28-2.el7.noarch 15/15 
 Verifying : python-docutils-0.11-0.2.20130715svn7687.el7.noarch 1/15 
 Verifying : python2-botocore-1.4.85-1.el7.noarch 2/15 
 Verifying : python-dateutil-1.5-7.el7.noarch 3/15 
 Verifying : python2-pyasn1-0.1.9-7.el7.noarch 4/15 
 Verifying : libtiff-4.0.3-25.el7_2.x86_64 5/15 
 Verifying : python2-rsa-3.4.1-1.el7.noarch 6/15 
 Verifying : python-pillow-2.0.0-19.gitd1c6db8.el7.x86_64 7/15 
 Verifying : python2-futures-3.0.5-1.el7.noarch 8/15 
 Verifying : python-colorama-0.3.2-3.el7.noarch 9/15 
 Verifying : python2-s3transfer-0.1.9-1.el7.noarch 10/15 
 Verifying : libjpeg-turbo-1.2.90-5.el7.x86_64 11/15 
 Verifying : jbigkit-libs-2.0-11.el7.x86_64 12/15 
 Verifying : python2-jmespath-0.9.0-1.el7.noarch 13/15 
 Verifying : libwebp-0.3.0-3.el7.x86_64 14/15 
 Verifying : awscli-1.11.28-2.el7.noarch 15/15 

Installed:
 awscli.noarch 0:1.11.28-2.el7 
...
Complete!
#

As you can  see Python 2 was installed as a dependency of awscli. If you are running a different OS, refer to the user guide to learn how to install for the platform of your choosing.

Supported services

The list of supported services can be found in the documentation, under available services.

Your environment, it’s important.

The AWS CLI tool makes use of the following environment variables.

AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY hold the Access Key ID and Secret Access Key respectively. AWS_CONFIG_FILE holds the path to a AWS configuration file. Some of the tools make use of additional environment variables. EC2_CERT and EC2_PRIVATE_KEY are used to hold the paths to the public and private key files respectively.

I created the shell script awsenv to display this information and perform some permission validation on the credential files. The script is non-destructive, other than permission changes after prompting the user, running it will do no harm.

How you set the variables is up to you. I usually set them via shell script that isn’t part of a repository and source from .bashrc, or you can just set them temporarily in your shell. Example output from awsenv script.

Running my script awsenv gives an overview of what is configured.

$ awsenv 
[x] Amazon AWS CLI environment
[x] Checking for AWS CLI secrets and credential files...
Checking /root/.aws_secrets...found
Checking /root/.s3curl...not found
[!] AWS_S3_CURL contains path to file that doesn't exist.
Checking /root/.aws/credentials.json...found
Checking /root/.aws/aws_config_file...found

[x] AWS variables
AWS_ACCESS_KEY_ID: ABCDEFGH
AWS_SECRET_ACCESS_KEY: 12345678
AWS_CONFIG_FILE: /root/.aws/aws_config_file
AWS_CREDENTIAL_FILE: 
EC2_CERT: 
EC2_PRIVATE_KEY:

Ground Control to Major Tom!

Once the environment variables have been set and the credential files created with correct content and proper permissions. We can verify our setup with a single command.

# aws iam get-user
{
   "User": {
     "UserName": "jonathan", 
     "Path": "/", 
     "CreateDate": "2016-10-01T18:22:32Z", 
     "UserId": "Y", 
     "Arn": "arn:aws:iam::X:user/jonathan" } 
}

Executing the command aws iam get-user returns your user information out of AWS IAM. The user/jonathan is a member of a group that gives Administrator privileges, if you’re having troubles, verify your account has the correct authorization.

You should now be able to run any necessary AWS CLI-based scripts, given the Access Key ID you’re using with awscli has the correct authorization.

There is a aws-shell program that gives command completion, I have not tried this, one step at a time for me.

Install Command Completion

complete -C aws_completer aws
Jan 18th, 2017 • Posted in Amazon Web Service, CLI, EC2, IAM, S3
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>