AWS CLI: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(50 intermediate revisions by the same user not shown)
Line 14: Line 14:


AWS CLI is a package that provides commands for interacting with the AWS services. All functionality available on the web Amazon Management Console is made available from command line.
AWS CLI is a package that provides commands for interacting with the AWS services. All functionality available on the web Amazon Management Console is made available from command line.
=Version=
<syntaxhighlight lang='bash'>
aws --version
</syntaxhighlight>


=Installation=
=Installation=
Line 20: Line 24:
{{External|https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html}}
{{External|https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html}}


This article documents installation of AWS CLI v2.
==Mac==
 
{{External|https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html}}
This section documents installation of AWS CLI v2.
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
Line 28: Line 33:


Even it looks odd, "-target /" will install AWS CLI in /usr/local/aws-cli.
Even it looks odd, "-target /" will install AWS CLI in /usr/local/aws-cli.
===Upgrade===
Download the latest package as shown in the AWS documentation, then:
<syntaxhighlight lang='bash'>
sudo installer -pkg AWSCLIV2.pkg -target /
</syntaxhighlight>
==Linux==
{{External|https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html}}
<syntaxhighlight lang='bash'>
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
rm -f awscliv2.zip
</syntaxhighlight>


Verification:
==Test Installation==


Verify the installation executing:
<syntaxhighlight lang='bash'>
aws --version
aws --version
aws-cli/2.0.35 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0dev39
aws-cli/2.0.35 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0dev39
aws ec2 describe-regions
aws ec2 describe-hosts
</syntaxhighlight>


==Uninstall AWS CLI Version 1==
==Uninstall AWS CLI Version 1==
Line 41: Line 66:


=Configuration=
=Configuration=
{{External|https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-multiple-profiles}}
==Configuration Profile==
==Configuration Profile==
A collection of settings related to a certain account (access key, secret key, the default region and the default output format) are called a profile. The initial configuration procedure creates a profile named "default", and this is what AWS CLI uses by default. Additional named profiles can be created and stored, and then referred from command line with <code>--profile</code>, or configured in the environment to be used instead "default". The configuration information associated with profiles is stores in a series of local files. More details in the [[#Configuration_Files|Configuration Files]] section.


A collection of settings related to a certain account (access key, secret key, the default region and the default output format) are called a profile. By default, AWS CLI uses the "default" profile. Additional profiles can be created, named and stored, then later used for AWS CLI operations.
Individual AWS CLI commands can be executed within the context of a specific profile using the --profile option:
 
Also, individual AWS CLI commands can be executed within the context of a specific profile using the --profile option:
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
aws s3 ls --profile blue
aws s3 ls --profile blue
</syntaxhighlight>
</syntaxhighlight>
===Named Profile===
A '''[[Amazon_AWS_Concepts#Profile|named profile]]''' is a collection of settings and credentials that apply to an AWS CLI command. The named profile elements are specified in both <code>[[#.7E.2F.aws.2Fconfig|.aws/config]]</code> and <code>[[#.7E.2F.aws.2Fcredentials|.aws/credentials]]</code>:
<code>.aws/config</code>:
<font size=-1>
[profile green]
region = us-west-2
</font>
<code>.aws/credentials</code>:
<font size=-1>
[profile green]
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key = Bsomething+something+something+something
</font>
AWS CLI commands accept a named profiles as a command line parameter. When no named profile is explicitly specified, the [[#Default_Profile|default profile]] settings and credentials are used.
===Relationship between Account ID and Profile===
<font color=darkkhaki>What is the relationship between the account ID and a profile?
The profile includes credentials that establish identity, and the identity implies the profile?
</font>
===Default Profile===
The default profile is specified in [[#Configuration_Files|AWS CLI configuration files]] under the <code>[default]</code> label:
<code>.aws/config</code>:
<font size=-1>
[default]
region = us-west-2
</font>
<code>.aws/credentials</code>:
<font size=-1>
[default]
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key = Bsomething+something+something+something
</font>
To configure the default profile name with CLI, execute the procedure to [[#Add_a_New_Profile|add a new profile]] without specifying <code>--profile <profile-name></code> when executing <code>aws configure </code>.
If the <tt>[[#AWS_PROFILE|AWS_PROFILE]]</tt> environment variable is present, its value overrides the default profile.
===<span id='AWS_PROFILE'></span><tt>AWS_PROFILE</tt> Environment Variable===
The <tt>[[#AWS_PROFILE|AWS_PROFILE]]</tt> environment variable value overrides the [[#Default_Profile|default profile]] specified in the configuration files.
===Configuration Profile Operations===
===Configuration Profile Operations===


Line 65: Line 137:
</syntaxhighlight>
</syntaxhighlight>


==<span id='Selecting_a_Profile'></span>Permanently Selecting a Profile==
====<span id='Selecting_a_Profile'></span>Permanently Select a Profile====
A previously-configured profile can be selected by setting the "AWS_PROFILE" environment variable:
A previously-configured profile can be selected by setting the <tt>[[#AWS_PROFILE|AWS_PROFILE]]</tt> environment variable:


<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
Line 72: Line 144:
</syntaxhighlight>
</syntaxhighlight>


====Add a New Profile====
<syntaxhighlight lang='bash'>
aws configure --profile green
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXXXXX
AWS Secret Access Key [None]: yxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Default region name [None]: us-west-2
Default output format [None]:
</syntaxhighlight>


If <code>--profile <profile-name></code> is omitted, the [[#Default_Profile|default profile]] will be configured.


====Change a Specific Configuration Element for a Profile====
<syntaxhighlight lang='bash'>
aws configure set region us-west-2 --profile <some-profile>
</syntaxhighlight>
Alternative syntax:
<syntaxhighlight lang='bash'>
aws configure set <some-profile>.region us-west-2
</syntaxhighlight>


* Select a specific profile
====Change the Name of an Existing Profile====
* Add a new profile
Manually change the name of the profile in <code>[[#.7E.2F.aws.2Fconfig|.aws/config]]</code> and <code>[[#.7E.2F.aws.2Fcredentials|.aws/credentials]]</code>.
* Remove a profile
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
{{External|https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-multiple-profiles}}
 
The initial configuration procedure creates a profile named "default". Additional named profiles can be created, and then referred from command line with <code>--profile</code>.
 
Profiles can be created with:
aws configure set
 
==Configuration Procedure==
 
Once installed, AWS CLI can be configured by running:
 
aws configure
 
It will interactively inquire for AWS Access Key ID, etc.


==Configuration Files==
==Configuration Files==
Line 114: Line 173:
===~/.aws/config===
===~/.aws/config===


AWS CLI configuration file is maintained by default in ~/.aws/config:
AWS CLI configuration file is maintained by default in <code>~/.aws/config</code>:


<syntaxhighlight lang='text'>
<syntaxhighlight lang='text'>
Line 122: Line 181:
output=json
output=json


[profile testing]
[profile green]
region = us-west-1
region = us-west-1


Line 138: Line 197:
<syntaxhighlight lang='text'>
<syntaxhighlight lang='text'>
[default]
[default]
aws_access_key_id=...
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key=...
aws_secret_access_key = Bsomething+something+something+something
[green]
aws_access_key_id = AKIA8888888888888888
aws_secret_access_key = Bsomethin9+somethin9+somethin9+somethin9
 
</syntaxhighlight>
</syntaxhighlight>
=Test Installation=
aws ec2 describe-regions
aws ec2 describe-hosts


=Credential Providers=
=Credential Providers=
{{Internal|Amazon_AWS_Security_Concepts#Credential_Providers|Credential Providers}}
{{Internal|Amazon_AWS_Security_Concepts#Credential_Providers|Credential Providers}}
=TODO=
<font color=darkgray>Define the relationship between the AWS CLI and [[Amazon EC2 CLI|EC2 CLI]]</font>

Latest revision as of 23:41, 19 April 2023

External

Internal

Overview

AWS CLI is a package that provides commands for interacting with the AWS services. All functionality available on the web Amazon Management Console is made available from command line.

Version

aws --version

Installation

https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-bundle.html
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Mac

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html

This section documents installation of AWS CLI v2.

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Even it looks odd, "-target /" will install AWS CLI in /usr/local/aws-cli.

Upgrade

Download the latest package as shown in the AWS documentation, then:

sudo installer -pkg AWSCLIV2.pkg -target /

Linux

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
rm -f awscliv2.zip

Test Installation

Verify the installation executing:

aws --version
aws-cli/2.0.35 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0dev39

aws ec2 describe-regions
aws ec2 describe-hosts

Uninstall AWS CLI Version 1

sudo rm -rf /usr/local/aws
sudo rm /usr/local/bin/aws

Configuration

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-multiple-profiles

Configuration Profile

A collection of settings related to a certain account (access key, secret key, the default region and the default output format) are called a profile. The initial configuration procedure creates a profile named "default", and this is what AWS CLI uses by default. Additional named profiles can be created and stored, and then referred from command line with --profile, or configured in the environment to be used instead "default". The configuration information associated with profiles is stores in a series of local files. More details in the Configuration Files section.

Individual AWS CLI commands can be executed within the context of a specific profile using the --profile option:

aws s3 ls --profile blue

Named Profile

A named profile is a collection of settings and credentials that apply to an AWS CLI command. The named profile elements are specified in both .aws/config and .aws/credentials:

.aws/config:

[profile green]
region = us-west-2

.aws/credentials:

[profile green]
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key = Bsomething+something+something+something

AWS CLI commands accept a named profiles as a command line parameter. When no named profile is explicitly specified, the default profile settings and credentials are used.

Relationship between Account ID and Profile

What is the relationship between the account ID and a profile?

The profile includes credentials that establish identity, and the identity implies the profile?

Default Profile

The default profile is specified in AWS CLI configuration files under the [default] label:

.aws/config:

[default]
region = us-west-2

.aws/credentials:

[default]
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key = Bsomething+something+something+something

To configure the default profile name with CLI, execute the procedure to add a new profile without specifying --profile <profile-name> when executing aws configure .

If the AWS_PROFILE environment variable is present, its value overrides the default profile.

AWS_PROFILE Environment Variable

The AWS_PROFILE environment variable value overrides the default profile specified in the configuration files.

Configuration Profile Operations

List Available Profiles

aws configure list-profiles

List the Configuration for a Specific Profiles

Default profile:

aws configure list

Specific named profile:

aws configure list --profile blue

Permanently Select a Profile

A previously-configured profile can be selected by setting the AWS_PROFILE environment variable:

export AWS_PROFILE=jenkins

Add a New Profile

aws configure --profile green
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXXXXX
AWS Secret Access Key [None]: yxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Default region name [None]: us-west-2
Default output format [None]:

If --profile <profile-name> is omitted, the default profile will be configured.

Change a Specific Configuration Element for a Profile

aws configure set region us-west-2 --profile <some-profile>

Alternative syntax:

aws configure set <some-profile>.region us-west-2

Change the Name of an Existing Profile

Manually change the name of the profile in .aws/config and .aws/credentials.

Configuration Files

AWS CLI organizes configuration and credentials in two separate files placed in $USER/.aws. They are separated to isolate credentials for less sensitive options of region and output.

~/.aws/config

AWS CLI configuration file is maintained by default in ~/.aws/config:

[default]
region = us-west-2
ca_bundle = /path/to/ca-bundle.pem
output=json

[profile green]
region = us-west-1

[profile testing2]
region = eu-west-1

[preview]
cloudsearch = true

~/.aws/credentials

AWS CLI credentials are maintained by default in ~/.aws/credentials:

[default]
aws_access_key_id = AKIA9999999999999999
aws_secret_access_key = Bsomething+something+something+something
[green]
aws_access_key_id = AKIA8888888888888888
aws_secret_access_key = Bsomethin9+somethin9+somethin9+somethin9

Credential Providers

Credential Providers