Travis Robinson Table of Contents:
- Introduction
- Prerequisites
- Installing AWS CLI
- Configure AWS CLI
- Multiple Profiles
- Configure CLI Output
- Validate AWS CLI & Credentials
- Security Considerations
- Resources
Introduction
The AWS Command Line Interface (CLI) is a powerful tool that allows developers and system administrators to interact with various AWS services using a terminal or command prompt. It provides a unified way to manage AWS resources, automate tasks, and integrate AWS functionality into scripts and applications. Setting up and configuring the AWS CLI is a crucial step in efficiently working with AWS services and streamlining your workflows.
Prerequisites
Before you start setting up the AWS CLI, make sure you have the following prerequisites in place:
- An AWS account: If you don’t have an AWS account yet, sign up for one at https://aws.amazon.com.
- Access key and secret access key: You’ll need an access key and secret access key to authenticate and authorize your AWS CLI commands. You can create them in the AWS Identity and Access Management (IAM) console.
Installing the AWS CLI
AWS CLI can be installed on various operating systems, including Windows, macOS, and Linux.
Windows:
- Download the AWS CLI MSI installer from the official AWS website and run the installation wizard.
macOS:
- Install with Homebrew:
brew install awscli
- Alternatively, use pip (Python package manager):
pip3 install awscli
Linux:
- Use the package manager specific to your distribution, such as apt for Ubuntu/Debian or yum for CentOS/RHEL.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Configure AWS CLI
After installing the AWS CLI, you need to configure it with your AWS access key and secret access key. Run the following command in your terminal or command prompt:
aws configure
You’ll be prompted to enter the following information:
- AWS Access Key ID: Enter your access key ID.
- AWS Secret Access Key: Enter your secret access key.
- Default region name: Specify the default AWS region you want to use (e.g.,
us-east-1,us-west-2). - Default output format: Choose the default output format for the AWS CLI responses (e.g.,
json,text,table).
Multiple Profiles
If you work with multiple AWS accounts or roles, you can create named profiles to easily switch between different configurations. To configure a named profile, use the —profile option with the aws configure command:
aws configure --profile my-profile
You can use the profile by setting this option in the AWS CLI commands:
aws s3 ls --profile my-profile
Configure CLI output
AWS CLI supports different output formats, including JSON, YAML, text, and table. You can set the default output format during the configuration process or override it for specific commands using the —output option.
aws configure set output table
This setting can also be overrided by setting it in the AWS commands:
aws s3 ls --profile my-profile --output json
Validate AWS CLI & Credentials
You can validate the AWS CLI and Credentials that have been set are working properly:
aws sts get-caller-identity --profile my-profile
Output validates the cli command and credentials:
{
"UserId": "XXXXXXXXXXXXXXXXX:<user-name>",
"Account": "<account-number>",
"Arn": "arn:aws:iam::<account-number>:user/<user-name>"
}
Security Considerations
- Secure your AWS Access keys & Secret key. Avoid storing in plain-text files or uploading to public repositories.
- Follow the principle of least privilege when granting permissions. Only grant the necessary permissions required for specific tasks.
- Regularly rotate your Access keys.
- Use IAM Roles instead of long-term Access keys when possible. This greatly reduces the risk of compromised credentials.
NOTE: I will be creating another post the dives deeper into using IAM Roles.