DEV Community

Raz
Raz

Posted on

How to get up and running with AWS CLI on macOS

This article was also published on razcodes.dev

While you can do all the things you need in AWS using the console, the AWS CLI offers a convenient way to control your environment from the terminal as well as to create simple or complex automations through scripts.

Get credentials

The first thing that you will need to be able to issue commands is a set of security credentials, that is an Access Key ID and a Secret Access Key. You can do that by using the AWS console.

  • login to your account
  • Services -> IAM
  • Users
  • Add user
  • Give it a username (this is more for you, it will not be used ex: service)
  • Select Programmatic access then click Next
  • Attach exiting policies
  • For this demo I selected AdministratorAccess
  • Next add tags if you want
  • Next Review your choices
  • Create user

Once you clicked on Create user, you will be given the option to download a .csv file with the credentials or you can copy them from this screen for later use and maybe keep them in a password manager. Please keep in mind that this will be the one and only time you will see the Secret access key in the console, so make sure you save it somewhere safe.

Install the CLI

The easiest way to install the CLI on a Mac is by using Homebrew. If you don't have it installed already you can do so by following the instructions on their website, which say that you need to paste this following command in your terminal.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

Once you have Homebrew installed, simply issue the following command in your terminal to install the AWS CLI.

brew install awscli

This will install awscli version 2 at the time of writing this article.

Configure the CLI with your credentials

Now you need to tell the CLI what credentials to use to it can access your AWS account.

aws configure
  • paste your AWS Access Key ID
  • paste your AWS Secret Access Key
  • fill in your default region (ex: us-east-1)
  • default output can be json, yaml, text, table (I chose json)

Issue commands and get help

Now you can issue commands. For example to see a list of all your s3 buckets you would type:

aws s3 ls

To get general help from the CLI:

aws help

To get help for a specific command, so you know how to use it, issue the command followed by help. For example, to get help on using the CLI with S3:

aws s3 help

Named Profiles (optional)

When you configured your credentials above, this created a folder in your home directory called .aws as well as 2 files in that folder, credentials and config. These files can be used to configure additional profiles, either for different users in the same account, with different permissions, or as I use them, for different AWS accounts.

Let's say you want to add another user profile. You would first edit the credentials file.

vim ~/.aws/credentials

Under your default account you add the following lines, replacing the username and the credentials with yours.

[username]
aws_access_key_id=<your_access_key_id>
aws_secret_access_key=<your_secret_access_key>

Next edit the config file.

vim ~/.aws/config

Add your new profile information under the existing one, making sure the username matches the one in your credentials file.

[profile username]
region=us-east-1
output=json

Finally, you can use your new profile by issuing the following command in the terminal.

export AWS_PROFILE=username

From this point, every aws command will use this profile's credentials.

To read more about the AWS CLI and all the options you can visit this link.

Discussion (0)