This article was also published on razcodes.dev
While you can do all the things you need in AWS using the console, the AWS CLI offers a convenient way to control your environment from the terminal as well as to create simple or complex automations through scripts.
The first thing that you will need to be able to issue commands is a set of security credentials, that is an Access Key ID and a Secret Access Key. You can do that by using the AWS console.
- login to your account
- Services -> IAM
- Add user
- Give it a username (this is more for you, it will not be used ex: service)
- Select Programmatic access then click Next
- Attach exiting policies
- For this demo I selected AdministratorAccess
- Next add tags if you want
- Next Review your choices
- Create user
Once you clicked on Create user, you will be given the option to download a .csv file with the credentials or you can copy them from this screen for later use and maybe keep them in a password manager. Please keep in mind that this will be the one and only time you will see the Secret access key in the console, so make sure you save it somewhere safe.
The easiest way to install the CLI on a Mac is by using Homebrew. If you don't have it installed already you can do so by following the instructions on their website, which say that you need to paste this following command in your terminal.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
Once you have Homebrew installed, simply issue the following command in your terminal to install the AWS CLI.
brew install awscli
This will install awscli version 2 at the time of writing this article.
Now you need to tell the CLI what credentials to use to it can access your AWS account.
- paste your AWS Access Key ID
- paste your AWS Secret Access Key
- fill in your default region (ex: us-east-1)
- default output can be json, yaml, text, table (I chose json)
Now you can issue commands. For example to see a list of all your s3 buckets you would type:
aws s3 ls
To get general help from the CLI:
To get help for a specific command, so you know how to use it, issue the command followed by help. For example, to get help on using the CLI with S3:
aws s3 help
When you configured your credentials above, this created a folder in your home directory called .aws as well as 2 files in that folder, credentials and config. These files can be used to configure additional profiles, either for different users in the same account, with different permissions, or as I use them, for different AWS accounts.
Let's say you want to add another user profile. You would first edit the credentials file.
Under your default account you add the following lines, replacing the username and the credentials with yours.
[username] aws_access_key_id=<your_access_key_id> aws_secret_access_key=<your_secret_access_key>
Next edit the config file.
Add your new profile information under the existing one, making sure the username matches the one in your credentials file.
[profile username] region=us-east-1 output=json
Finally, you can use your new profile by issuing the following command in the terminal.
From this point, every aws command will use this profile's credentials.
To read more about the AWS CLI and all the options you can visit this link.