Getting Started with AWS CLI + Configure Cli User role for Programmatic Access + Cli Profiles

GOAL: The aws-cli is a neat and handy command line tool from which management of AWS-services is way more faster. Therefore, this blog focuses on the usage of aws-cli. Within in this post, I’ll explain to you how to setup the aws-cli and create a Cli user for programmatic access.

Why Should we use AWS CLI / Benefits:

1) You can develop shell scripts to manage resources
2) You have direct access to the AWS services’ public APIs.
3) You can use all of the functionality provided by the AWS Management Console.
4) Provides low level commands for complete control and high level commands which simplify using a complex service.

AWS Free Tier Programme:

New customers of AWS have the possibility of testing some services for 12 months. Which consists of 750 hours per month of AWS EC2, 5 GB of S3 Storage and many more. You can find more in this link.

Create an AWS-account

Before we can begin setting up aws-cli, you need to have an AWS-account. If you already have an account you can skip the next three steps.

1. Go to the AWS start page and click on the Register button on the top right
2. Select “I am a new customer” and enter a valid email-address
3. On the following screens, just enter your personal data as requested. You also might get asked for your credit card details, so keep them at hand during the registration process.You will need a credit card for registration process.

Create a sub-account

1. Login to the AWS Management Console with your root-account, which you just created before. Then go to the AWS-service IAM from the service group “Administration & Security”
2. Select “Users” in the menu on the left side
3. Click on “Create New Users”
4. Enter a User Name and ensure that “Generate an access key for each user” is enabled
5. Download the created credentials. This is the only time you’ll be able to download the credentials. Store the credentials at a save place. If you loose that credentials, you can’t retrieve the password anymore. Only a reset is possible afterwards.

For Ubuntu / Debian-based OS

The aws-cli is installed via python-pip. Therefore, firstly we need to install pip, which is a plugin package-manager for the python runtime environment.

sudo apt-get install -y python-pip
sudo apt-get install -y python

For Windows

Download and install the MSI-installation file

• AWS CLI MSI (64-bit)
• AWS CLI MSI (32-bit)

After installing cli packages you will configure aws-cli for its usage with the AWS-services. Therefore, you need the credentials from the previously created sub-account. Open the downloaded credentials.csv and use the Access Key Id and Secret Access Key for the following configuration.

Concerning the default region, use the one, which suits you best. The list for the regions is available at link.

NOTE: Keep in mind that not every regions is offering all AWS-services. The region with the most offered services is probablly us-east-1. A complete list of available services per region can be found here. Furthermore, the prices and privacy agreements can differ from region to region.

> aws configure
AWS Access Key ID []: <Access Key Id>
AWS Secret Access Key []: <Secret Access Key>
Default region name []: <eu-central-1>
Default output format []: text 

By default, the CLI installs to C:\Program Files\Amazon\AWSCLI (64-bit version) or C:\Program Files (x86)\Amazon\AWSCLI (32-bit version). To confirm the installation, use the aws — version command at a command prompt (open the Start menu and search for cmd to start a command prompt).

Test the AWS CLI Installation:

Hope, you have installed AWS CLI on your computer. You may think that what next? To do.

aws --version
aws iam list-users --output table

Named Profiles

You can configure additional profiles by using aws configure with the --profile option, or by adding entries to the config and credentials files.

~/.aws/credentials (Linux & Mac) or %USERPROFILE%\.aws\credentials (Windows)

aws ec2 describe-instances --profile user1

To use a named profile for multiple commands, you can avoid specifying the profile in every command by setting the AWS_PROFILE environment variable at the command line.

export AWS_PROFILE=user1 # for Linux or Mac
setx AWS_PROFILE=user1 # for Windows User 

For windows systems close and restart the command shell to see the effects of the change.