-
Notifications
You must be signed in to change notification settings - Fork 1
aws sysops 01 install cli
Download and install the AWS CLI MSI installer for Windows
On MacOS install wget or use curl -O
$ brew install wget
# MacOS
$ wget https://www.python.org/ftp/python/3.6.1/python-3.6.1-macosx10.6.pkg
$ sudo installer -pkg /path/to/python.pkg -target /
# Ubuntu
# NOTE: Replace “python” with “python3” for Python 3.
$ sudo apt-get install python-pip# if required
$ wget https://bootstrap.pypa.io/get-pip.py
$ sudo python get-pip.py$ pip install --upgrade --user awscli
# NOTE uninstall with
$ pip uninstall awscliExample AWS CLI install location on macOS: ~/Library/Python/2.7/bin
~/.bash_profile
# Add an export command to profile script.
export PATH=~/Library/Python/2.7/bin$ source ~/.bash_profile
$ which aws
# ~/Library/Python/2.7/bin/aws
# Ubuntu: chmod +x to make the file executable.
$ chmod +x ~/Library/Python/2.7/bin/aws
$ aws --version
# aws-cli/1.11.84 Python/2.7.10 Darwin/16.1.0 botocore/1.5.47On Unix-like systems, the AWS CLI includes a command-completion feature that enables you to use the TAB key to complete a partially typed command. This feature is not automatically installed so you need to configure it manually.
$ which aws_completer
# ~/Library/Python/2.7/bin/aws_completer
$ complete -C '~/Library/Python/2.7/bin/aws_completer' aws~/.bash_profile
# add this line to .bash_profile to persist aws command completion
complete -C '/usr/local/aws/bin/aws_completer' aws$ aws configure
# example values
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: ENTERmultiple profiles
$ aws configure --profile userNamepath on Linux, macOS: ~/.aws
path on Windows: %UserProfile%\.aws
~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# aws_session_token – If using temporary security credentials.
[userName]
# ...~/.aws/config
[default]
region=us-west-2
output=json # (json, text, or table)
[userName]
# ...$ aws ec2 describe-instances --profile userNamedefault profile
# Linux / MacOS
$ export AWS_DEFAULT_PROFILE=userName
# Windows
> set AWS_DEFAULT_PROFILE=userNameAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKENAWS_DEFAULT_REGIONAWS_DEFAULT_PROFILEAWS_CONFIG_FILE
--profile--region--output--endpoint-url
To use the CLI from an EC2 instance:
- create a role that has access to the resources needed and assign that role to the instance when it is launched.
- Install the AWS CLI if necessary and configure a default region to avoid having to specify it in every command.
- The AWS CLI will read credentials from the instance metadata
$ aws configure
# enter twice to skip the first two prompts
AWS Access Key ID [None]: ENTER
AWS Secret Access Key [None]: ENTER
Default region name [None]: us-west-2
Default output format [None]: jsonThe benefit of using the AWS CLI with IAM Roles to authenticate commands is that it avoids attaching permissions directly on users, which quicly get difficult to manage.
~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY~/.aws/config
[profile sysops]
role_arn = arn:aws:iam::123456789012:role/sysops
source_profile = defaultNote:
- A trust relationship must be defined on IAM Role to allow the IAM User to assume it
- IAM user must be granted the permission to assume the IAM Role
- IAM Role Tutorial
- AWS CLI
- CLI tutorials