Skip to content

How to Install and Configure AWS Command Line Interface (CLI)

Avatar photo

https://www.linkedin.com/in/gineesh/ https://twitter.com/GiniGangadharan

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

The AWS CLI introduces a new set of simple file commands for efficient file transfers to and from Amazon S3.

Ref : https://aws.amazon.com/cli/

Also refer for available options : https://docs.aws.amazon.com/cli/latest/reference/

How to Install and Configure AWS CLI

You have to install the aws cli package

Requirements

  • Python 2 version 2.6.5+ or Python 3 version 3.3+
  • Windows, Linux, macOS, or Unix

Make sure you have installed python and python-pip (python2-pip)

[root@client1 ginigangadharan]# pip install awscli --upgrade --user
Collecting awscli
 Downloading awscli-1.14.43-py2.py3-none-any.whl (1.2MB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 1.2MB 911kB/s 
Collecting docutils>=0.10 (from awscli)
 Downloading docutils-0.14-py2-none-any.whl (543kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 552kB 1.9MB/s 
Collecting colorama<=0.3.7,>=0.2.5 (from awscli)
 Downloading colorama-0.3.7-py2.py3-none-any.whl
Collecting PyYAML<=3.12,>=3.10 (from awscli)
 Downloading PyYAML-3.12.tar.gz (253kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 256kB 3.5MB/s 
Collecting botocore==1.8.47 (from awscli)
 Downloading botocore-1.8.47-py2.py3-none-any.whl (4.1MB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 4.1MB 287kB/s 
Collecting s3transfer<0.2.0,>=0.1.12 (from awscli)
 Downloading s3transfer-0.1.13-py2.py3-none-any.whl (59kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 61kB 8.4MB/s 
Collecting rsa<=3.5.0,>=3.1.2 (from awscli)
 Downloading rsa-3.4.2-py2.py3-none-any.whl (46kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 51kB 7.9MB/s 
Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.8.47->awscli)
 Downloading jmespath-0.9.3-py2.py3-none-any.whl
Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.8.47->awscli)
 Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 194kB 4.8MB/s 
Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" (from s3transfer<0.2.0,>=0.1.12->awscli)
 Downloading futures-3.2.0-py2-none-any.whl
Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli)
 Downloading pyasn1-0.4.2-py2.py3-none-any.whl (71kB)
 100% |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 71kB 9.0MB/s 
Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->botocore==1.8.47->awscli)
 Downloading six-1.11.0-py2.py3-none-any.whl
Installing collected packages: docutils, colorama, PyYAML, jmespath, six, python-dateutil, botocore, futures, s3transfer, pyasn1, rsa, awscli
 Running setup.py install for PyYAML ... done
Successfully installed PyYAML awscli botocore colorama docutils futures jmespath pyasn1-0.1.9 python-dateutil rsa-3.4.1 s3transfer six-1.9.0

Configure PATH

aws cli is located in ~/.local/bin. Add below line in your ~/.bash_profile (depends on your operating system)

export PATH=~/.local/bin:$PATH

Load the profile into your current session

$ source ~/.bash_profile

Verify

[root@client1 ginigangadharan]# aws --version
aws-cli/1.14.43 Python/2.7.5 Linux/3.10.0-693.17.1.el7.x86_64 botocore/1.8.47

Get your AWS access key ID and secret access key for an IAM user

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don’t have access keys, you can create them from the AWS Management Console. Recommend that you use IAM access keys instead of AWS account root user access keys. IAM lets you securely control access to AWS services and resources in your AWS account.

The only time that you can view or download the secret access keys is when you create the keys. You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions.

  • Open the IAM console.
  • In the navigation pane of the console, choose Users.
  • Choose your IAM user name (not the check box).
  • Choose the Security credentials tab and then choose Create access key.
  • To see the new access key, choose Show. Your credentials will look something like this:
    • Access key ID: AKIAIOSFODNN7EXAMPLE
    • Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  • To download the key pair, choose Download .csv file. Store the keys in a secure location.

Keep the keys confidential in order to protect your AWS account, and never email them. Do not share them outside your organization, even if an inquiry appears to come from AWS or Amazon.com. No one who legitimately represents Amazon will ever ask you for your secret key.

Default region is the name of the region you want to make calls against by default. This is usually the region closest to you, but it can be any region. For example, type us-west-2 to use US West (Oregon).

See AWS Region Code Table below for region name and codes.

Note :

You must specify an AWS region when using the AWS CLI. For a list of services and available regions, see Regions and Endpoints. The region designators used by the AWS CLI are the same names that you see in AWS Management Console URLs and service endpoints.

Default output format can be either json, text, or table. If you don’t specify an output format, json is used.

To update any of your settings, simply run aws configure again and enter new values as appropriate.

$ aws configure 
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Manage Multiple or Named Profiles in AWS CLI

The AWS CLI supports named profiles stored in the config and credentials files. If you have multiple profiles, you can configure additional, named profiles by using the –profile option or by adding entries to the config and credentials files.

$ aws configure --profile user2 
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text

The following example shows a credentials file with two profiles:

$ cat ~/.aws/credentials 
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[user2]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Each profile uses different credentialsโ€”perhaps from two different IAM usersโ€”and can also use different regions and output formats.

$ cat ~/.aws/config  
[default]
region=us-west-2 output=json

[profile user2]
region=us-east-1 output=text

Using Profiles with the AWS CLI

To use a named profile, add the –profile option to your command. The following example lists running instances using the user2 profile from the previous section.

$ aws ec2 describe-instances --profile user2

Sample CLI Usages

Describe EC2 in current region

$ aws ec2 describe-instances --query 'Reservations[*].Instances[*].{Id:InstanceId,Pub:PublicIpAddress,Pri:PrivateIpAddress,State:State.Name}' --output table

List ec2 instances in all regions.

for region in `aws ec2 describe-regions --output text | cut -f3`
do
 echo -e "\nListing Instances in region:'$region'..."
 aws ec2 describe-instances --region $region --query 'Reservations[*].Instances[*].{Id:InstanceId,Pub:PublicIpAddress,Pri:PrivateIpAddress,State:State.Name}' --output table
done
Sample output
Listing Instances in region:'ap-south-1'...

Listing Instances in region:'eu-west-3'...

Listing Instances in region:'eu-west-2'...

Listing Instances in region:'eu-west-1'...

Listing Instances in region:'ap-northeast-2'...

Listing Instances in region:'ap-northeast-1'...

Listing Instances in region:'sa-east-1'...

Listing Instances in region:'ca-central-1'...

Listing Instances in region:'ap-southeast-1'...

Listing Instances in region:'ap-southeast-2'...

Listing Instances in region:'eu-central-1'...

Listing Instances in region:'us-east-1'...
--------------------------------------------------------------------------
| DescribeInstances |
+----------------------+----------------+------------------+-------------+
| Id | Pri | Pub | State |
+----------------------+----------------+------------------+-------------+
| i-0ab9ae7ffed244481 | None | None | terminated |
| i-06c3ef37434100acb | 172.31.84.222 | 54.175.182.222 | running |
| i-0bcdc79f70efa41e2 | 172.31.92.33 | 54.147.8.29 | running |
+----------------------+----------------+------------------+-------------+

Listing Instances in region:'us-east-2'...

Listing Instances in region:'us-west-1'...

Listing Instances in region:'us-west-2'...

Install AWS CLI on Windows

Installing AWS CLI on windows is straight forward, you may refer the AWS Doc for the same.

https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-windows.html

AWS Region Code Table

Code - Name
 us-east-1 - US East (N. Virginia)
 us-east-2 - US East (Ohio)
 us-west-1 - US West (N. California)
 us-west-2 - US West (Oregon)
 ca-central-1 - Canada (Central)
 eu-central-1 - EU (Frankfurt)
 eu-west-1 - EU (Ireland)
 eu-west-2 - EU (London)
 eu-west-3 - EU (Paris)
 ap-northeast-1 - Asia Pacific (Tokyo)
 ap-northeast-2 - Asia Pacific (Seoul)
 ap-northeast-3 - Asia Pacific (Osaka-Local)
 ap-southeast-1 - Asia Pacific (Singapore)
 ap-southeast-2 - Asia Pacific (Sydney)
 ap-south-1 - Asia Pacific (Mumbai)
 sa-east-1 - South America (Sรฃo Paulo)

Disclaimer:

The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.

Avatar photo


https://www.linkedin.com/in/gineesh/ https://twitter.com/GiniGangadharan
Gineesh Madapparambath is the founder of techbeatly and he is the author of the book - ๐—”๐—ป๐˜€๐—ถ๐—ฏ๐—น๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐—ฅ๐—ฒ๐—ฎ๐—น-๐—Ÿ๐—ถ๐—ณ๐—ฒ ๐—”๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป. He has worked as a Systems Engineer, Automation Specialist, and content author. His primary focus is on Ansible Automation, Containerisation (OpenShift & Kubernetes), and Infrastructure as Code (Terraform). (aka Gini Gangadharan - iamgini.com)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.