AWS CLI
Table of contents
- Installation
- Configuration
- Working with multiple AWS profiles
- Getting information about the AWS account associated with a specific profile
- AWS CLI Commands for IAM
- Create a New IAM User
- List IAM Users
- Update IAM User Information
- Delete IAM User
- Create an IAM Role
- List IAM Roles
- Update an IAM Role
- Delete an IAM Role
- Create an IAM Policy
- List IAM Policies
- Attach an IAM Policy to a User, Group, or Role
- Detach an IAM Policy from a User, Group, or Role
- Delete an IAM Policy
- Create an IAM Group
- List IAM Groups
- Add a User to an IAM Group
- Remove a User from an IAM Group
- Delete an IAM Group
- AWS CLI Commands for Amazon S3
- AWS CLI Commands for Amazon VPC
Installation
You can install the AWS CLI on various platforms such as Windows, macOS, and Linux. Refer to the official AWS CLI documentation for detailed instructions on how to install the CLI on your platform.
On macOS
By following these steps, you can install the AWS CLI on macOS using Homebrew. This is a simple and convenient way to install the AWS CLI, and it ensures that you have the latest version of the CLI and its dependencies.
Step 1: Install Homebrew
If you don’t have Homebrew installed, you can install it by running the following command in your terminal:
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
This command will download and run the Homebrew installation script.
Step 2: Install the AWS CLI
Once Homebrew is installed, you can install the AWS CLI by running the following command:
$ brew install awscli
This command will download and install the AWS CLI and its dependencies.
Step 3: Verify the installation
After the installation is complete, you can verify that the AWS CLI is installed by running the following command:
$ aws --version
This command should output the version number of the AWS CLI that you just installed.
Configuration
After installing the AWS CLI, you need to configure it to access your AWS resources. The configuration process involves creating an IAM user, generating an access key and secret access key, and configuring the CLI with the access keys.
You can configure the AWS CLI by using the aws configure command. The command prompts you to enter your AWS access key ID, secret access key, default region, and default output format.
You can configure additional profiles by using aws configure with the –profile option, or by manually adding entries to the config and credentials files. For more information on the config and credentials files, see Configuration and credential file settings
Examples:
$ aws configure
$ aws configure --profile profile1
For example, the files generated by the AWS CLI for a default profile configured with aws configure looks similar to the following.
~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
~/.aws/config
[default]
region=us-west-2
output=json
Working with multiple AWS profiles
Working with multiple AWS profiles is a common scenario for many AWS users, especially those who have multiple AWS accounts or IAM roles to access different resources. The AWS CLI allows you to easily switch between different profiles without having to reconfigure the CLI every time.
Here are the steps to work with several and different AWS profiles:
Step 1: Create multiple profiles
You can create multiple profiles in your AWS credentials file. The default location of this file is ~/.aws/credentials on Linux, macOS, or Unix, and %USERPROFILE%.aws\credentials on Windows.
You can create a new profile by adding a new section to the credentials file with the profile name in square brackets ([]), followed by the AWS access key ID and secret access key:
[profile1]
aws_access_key_id = <access-key-id>
aws_secret_access_key = <secret-access-key>
[profile2]
aws_access_key_id = <access-key-id>
aws_secret_access_key = <secret-access-key>
also you can add or create a new profile executing the following command line:
$ aws configure --profile profile1
You can also include other options such as the default region and output format for each profile.
Step 2: Configure the AWS CLI to use profiles
Once you have created multiple profiles, you can configure the AWS CLI to use them. You can set the AWS_PROFILE environment variable to specify which profile to use. For example:
$ export AWS_PROFILE=profile1
This sets the AWS_PROFILE environment variable to profile1, which tells the AWS CLI to use the credentials for that profile.
Alternatively, you can specify the profile name in the CLI command itself by using the –profile option:
$ aws ec2 describe-instances --profile profile1
This tells the aws command to use the profile1 profile for the ec2 describe-instances command.
Step 3: Switch between profiles
You can switch between profiles by changing the AWS_PROFILE environment variable or by specifying a different profile name in the –profile option.
For example, to switch from profile1 to profile2, you can use the following command:
$ export AWS_PROFILE=profile2
Or, you can use the –profile option with the aws command:
$ aws ec2 describe-instances --profile profile2
Getting information about the AWS account associated with a specific profile
To get information about the AWS account associated with a specific profile, you can use the AWS CLI command aws sts get-caller-identity with the –profile option.
Here are the steps to get information about the AWS account associated with a specific profile:
Step 1: Set the profile
First, set the AWS_PROFILE environment variable to the name of the profile you want to use. For example, to use a profile named “myprofile”, you can run:
$ export AWS_PROFILE=myprofile
Step 2: Run the aws sts get-caller-identity command
Next, run the aws sts get-caller-identity command with the –profile option. This command retrieves information about the AWS account associated with the specified profile.
$ aws sts get-caller-identity --profile myprofile
The output of this command includes the AWS account ID, the IAM user or role name, and the Amazon Resource Name (ARN) of the user or role.
For example:
{
"Account": "123456789012",
"UserId": "ABCDEFGHIJKLMNOPQRSTU:myuser",
"Arn": "arn:aws:iam::123456789012:user/myuser"
}
AWS CLI Commands for IAM
Create a New IAM User
aws iam create-user --user-name <username>
List IAM Users
aws iam list-users
Update IAM User Information
aws iam update-user --user-name <username> --new-path <new-path> --new-user-name <new-username>
Delete IAM User
aws iam delete-user --user-name <username>
IAM Role Management
Create an IAM Role
aws iam create-role --role-name <role-name> --assume-role-policy-document <policy-document>
List IAM Roles
aws iam list-roles
Update an IAM Role
aws iam update-role --role-name <role-name> --new-role-name <new-role-name> --new-path <new-path>
Delete an IAM Role
aws iam delete-role --role-name <role-name>
IAM Policy Management
Create an IAM Policy
aws iam create-policy --policy-name <policy-name> --policy-document <policy-document>
List IAM Policies
aws iam list-policies
Attach an IAM Policy to a User, Group, or Role
aws iam attach-policy --policy-arn <policy-arn> --user-name <username>
Detach an IAM Policy from a User, Group, or Role
aws iam detach-policy --policy-arn <policy-arn> --user-name <username>
Delete an IAM Policy
aws iam delete-policy --policy-arn <policy-arn>
IAM Group Management
Create an IAM Group
aws iam create-group --group-name <group-name>
List IAM Groups
aws iam list-groups
Add a User to an IAM Group
aws iam add-user-to-group --user-name <username> --group-name <group-name>
Remove a User from an IAM Group
aws iam remove-user-from-group --user-name <username> --group-name <group-name>
Delete an IAM Group
aws iam delete-group --group-name <group-name>
These AWS CLI commands should help you manage IAM resources effectively. Make sure to replace placeholders like <username>, <role-name>, <policy-name>, <group-name>, and <policy-arn> with your specific resource names and policy documents.
AWS CLI Commands for Amazon S3
1. Creating a Bucket
To create an S3 bucket, use the aws s3api create-bucket command:
aws s3api create-bucket --bucket your-bucket-name --region your-preferred-region
2. Uploading Files to a Bucket
To upload a file to an S3 bucket, use the aws s3 cp command:
aws s3 cp /path/to/local/file s3://your-bucket-name/destination/filename
3. Downloading Files from a Bucket
To download a file from an S3 bucket, use the aws s3 cp command:
aws s3 cp s3://your-bucket-name/source/filename /path/to/local/destination
4. Listing Buckets
To list all the S3 buckets in your AWS account, use the aws s3api list-buckets command:
aws s3api list-buckets
5. Listing Objects in a Bucket
To list all the objects within an S3 bucket, use the aws s3 ls command:
aws s3 ls s3://your-bucket-name
6. Copying Objects
To copy an object from one bucket to another, use the aws s3 cp command with the appropriate source and destination parameters:
aws s3 cp s3://source-bucket-name/source-file s3://destination-bucket-name/destination-file
7. Deleting Objects
To delete an object from an S3 bucket, use the aws s3 rm command:
aws s3 rm s3://your-bucket-name/object-key
8. Deleting a Bucket
To delete an empty S3 bucket, use the aws s3api delete-bucket command:
aws s3api delete-bucket --bucket your-bucket-name
9. Enabling Bucket Versioning
To enable versioning for an S3 bucket, use the aws s3api put-bucket-versioning command:
aws s3api put-bucket-versioning --bucket your-bucket-name --versioning-configuration Status=Enabled
10. Setting Bucket ACL (Access Control List)
To set the ACL for an S3 bucket, use the aws s3api put-bucket-acl command:
aws s3api put-bucket-acl --bucket your-bucket-name --acl public-read
Note: Replace your-bucket-name and other placeholders with the appropriate values according to your setup.
These are some of the commonly used AWS CLI commands for Amazon S3. You can explore more commands and their options in the AWS CLI Command Reference for S3 documentation.
Remember to configure the AWS CLI with your AWS credentials before running these commands using the aws configure command.
Hope this helps! Let me know if you have any further questions.
AWS CLI Commands for Amazon VPC
Create a VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16
Create a Subnet
aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24
Create an Internet Gateway
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --internet-gateway-id igw-12345678 --vpc-id vpc-12345678
Create a Route Table
aws ec2 create-route-table --vpc-id vpc-12345678
Associate Subnet with Route Table
aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678
Create a Security Group
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" --vpc-id vpc-12345678
Authorize Inbound Traffic (Security Group)
aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 22 --source 0.0.0.0/0
Create a Network ACL
aws ec2 create-network-acl --vpc-id vpc-12345678
Create a NAT Gateway
aws ec2 create-nat-gateway --subnet-id subnet-12345678 --allocation-id eipalloc-12345678
Create VPC Peering Connection
aws ec2 create-vpc-peering-connection --vpc-id vpc-1 --peer-vpc-id vpc-2
Enable VPC Flow Logs
aws ec2 create-flow-logs --resource-type VPC --resource-id vpc-12345678 --traffic-type ALL --log-group-name my-flow-logs
Remember to replace placeholder values (e.g., vpc-12345678) with actual resource IDs.
This cheat sheet provides basic commands for common VPC tasks. Refer to the official AWS documentation for more detailed information and advanced configurations.