In this post I want to summarize some basic information you need to know to start using the AWS CLI to manage your resources in AWS.

To access AWS services with the AWS CLI, you need an AWS account, IAM credentials, and an IAM access key pair. When running AWS CLI commands, the AWS CLI needs to have access to those AWS credentials.

To increase the security of your AWS account, we recommend that you do not use your root account credentials. You should create an IAM user to provide access credentials to the tasks you’ll be running in AWS.

Source: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-prereqs.html


So assuming you already created an IAM user, you also need to create a corresponding IAM access key pair for that user to use the AWS CLI.


Create an IAM access key pair

To create the access keys for that user I will need to open the IAM console at

https://console.aws.amazon.com/iam/

In the navigation pane click on Users. There choose the user you want to create the access key for.

In the summary of that user, click on Create access key as follows.


This is the only time that the secret access keys can be viewed or downloaded. You cannot recover them later. However, you can create new access keys at any time.

To download the key pair, choose Download .csv file. Store the keys in a secure location. You will not have access to the secret access key again after this dialog box closes.

Source: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-prereqs.html



Quick Configuration AWS CLI

In order to use the AWS CLI and that it will connect to our AWS account, we first need to configure it.

For general use, the aws configure command is the fastest way to set up your AWS CLI installation. When you enter this command, the AWS CLI prompts you for four pieces of information:


The AWS CLI stores this information in a profile (a collection of settings) named default in the credentials file. By default, the information in this profile is used when you run an AWS CLI command that doesn’t explicitly specify a profile to use. For more information on the credentials file, see Configuration and credential file settings


Now to start the Quick Configuration enter the following command.

$ aws configure


Here you have to enter the AWS Access Key ID, AWS Secret Access Key, Default region name and the default output format.

The Access Key and Secret we created previously above.

For the AWS Region I will use here

eu-central-1 (Europe Frankfurt)

and for the Output format

text


Instead of using aws configure to enter in a key pair, you can import the .csv file you downloaded after you created your key pair.

The .csv file must contain the following headers.

  • User Name
  • Access key ID
  • Secret access key


To import the .csv file, use the aws configure import command with the –csv option as follows.

$ aws configure import --csv file://credentials.csv


The configuration settings including the credentials (aws_access_key_id, aws_secret_access_key) will be stored under Windows at the following path.

C:Users<username>.aws

and the files config and credentials.

So you don’t need to enter them each time you want to connect to AWS and the AWS CLI will use it from these files.

Source: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-region



Using the AWS CLI

When using the AWS CLI you don’t need to care about how to log in as mentioned above, you just can enter your command you want to manage your AWS resource. The previously above steps from the Quick Configuration of the AWS CLI already created a default user profile including the credentials to use when executing AWS CLI commands.

If you want to configure multiple accounts on a single machine, where you can choose later which account you want to use with the AWS CLI, you can create several profiles therefore as follows.

$ aws configure --profile account-2

You remember the location from the configuration files for the Quick Configuration from the AWS CLI previously?

After adding a further profile there where still these two files with the configuration settings and credentials. But when you open them you will see that there is now in both files a second section named with the further profile name including the second profiles data.


To use later a specific profile (IAM user) for your AWS CLI command, use the following –profile switch. Below e.g. I will list all IAM users in my AWS account by using the profile from the IAM user with the username account-2.

$ aws iam list-users --profile <username>

$ aws iam list-users --profile account-2



Links

What is the AWS Command Line Interface?
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

Prerequisites to use the AWS CLI version 2
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-prereqs.html