Setting up your AWS Environment

GETTING STARTED GUIDE

Module 3: Setting Up the AWS CLI

In this module, you will configure the AWS Command Line Interface (CLI)

Introduction

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. To interact with AWS using the CLI, we need to configure credentials for it to use when making API calls. We will also show how you can set up multiple profiles to access more than one AWS account, either with additional credentials, or via IAM role switching.

What You Will Learn

  • Installing the AWS CLI for your operating system
  • Configuring the credentials to access your AWS account
  • How to configure multiple profiles to access different AWS accounts

 Time to Complete

5 minutes

 Module Requirements

  • An Internet Browser

Implementation

Installing the AWS CLI

There are different ways to install the AWS CLI, depending on your operating system, or preference to use containers. Please follow the latest guidance found here on how to install the AWS CLI v2. Once installed, you should be able to run aws --version and see the following output (version may be different):

aws --version
aws-cli/2.2.17 Python/3.9.6 Darwin/20.5.0 source/x86_64 prompt/off

The AWS CLI is now installed and we need to configure the credentials. You can try to run a command such as aws ec2 describe-vpcs to see if everything is working. You may see the following error message due to missing credentials:

aws ec2 describe-vpcs

# You may not see this error if you have already configured the CLI previously.
Unable to locate credentials. You can configure credentials by running aws configure.

Configuring AWS CLI credentials

To configure the credentials, use the command aws configure and use the credentials created in the pervious module of this guide. You will be asked for the AWS Access Key ID, AWS Secret Access Key, Default Region and Default Output Format

Pro Tip: You can always specify or override the default region using the region flag (--region us-east-1) on any command. You can find a list of region codes here

Lastly, the format type is how the output should be displayed by default, and includes, but is not limited to: json, yaml, text. Please review the documentation here for all available options. Once completed, you should see the following in the terminal (if you chose eu-west-1 as your default region):

aws configure 

AWS Access Key ID [None]: ANOTREALACCESSKEYID
AWS Secret Access Key [None]: ANOTREALSECRETACCESSKEY
Default region name [None]: eu-west-1
Default output format [None]: json

Now we are able to run the command from earlier and see a result, as each new AWS account has default VPCs configured:

aws ec2 describe-vpcs

# Output
{
    "Vpcs": [
        {
            "CidrBlock": "10.0.0.0/16",
            "DhcpOptionsId": "dopt-d12345",
            "State": "available",
            "VpcId": "vpc-0123456789abcdef",
            "OwnerId": "123456789012",
            ....

This confirms that your AWS CLI has now been set up correctly. It created two new files in either ~/.aws (Linux / MacOS), or %UserProfile%\.aws (Windows), config and credentials. The credentials file contains the credentials you specified:

[default]
aws_access_key_id = AKNOTREALACCESSKEYID
aws_secret_access_key = AyNOTREALSECRETACCESSKEY

Any additional configurations for a profile is stored in the config file. When using aws configure, it will have the following content (potentially with a different region):

[default]
region = eu-west-1
output = json

The next section will cover how to configure multiple profiles, feel free to skip it if you are planning to use a single AWS account.

(Optional) Configuring multiple profiles

If you are accessing more than one AWS account, you can set up profiles. This will allow you to use the --profile my-profile flag to run a specific command using a specified account. An example would be if you have different accounts for development and production environments. There are 2 ways of setting up additional profiles:

  • Using the AWS CLI: aws configure --profile my-profile
  • Editing the ~/.aws/credentials and ~/.aws/config files manually

When using aws configure --profile my-profile, the my-profile value will be the name of the profile you create and will result in the following changes in the config and credentials files:

Example config file:

[default]
region = eu-west-1
output = json

[profile my-profile]
region = us-west-1
output = yaml

Example credentials file:

[default]
aws_access_key_id = ANOTREALACCESSKEYID
aws_secret_access_key = ANOTREALSECRETACCESSKEY

[my-profile]
aws_access_key_id = ANOTREALACCESSKEYID2
aws_secret_access_key = ANOTREALSECRETACCESSKEY2

It is important to note that a profile is prefixed with profile only in the config file, not the credentials file.

This method requires you to have an IAM user in each account, with a credential set as well. Another method to access multiple accounts is by setting up IAM roles and policies to allow you to use role switching. To set this up, please refer to the documentation.

Now that we have our AWS CLI configured, you can optionally set up a development environment using AWS Cloud9 if you don't want to develop locally in the next module.

Conclusion

Congratulations! You have learned how to setup the AWS Command Line Interface (CLI). In the next module you will learn how to setup Cloud9, a cloud-based IDE.

Up Next: Setup Cloud9

Let us know how we did.

Thank you for your feedback
We're glad this page helped you. Would you like to share additional details to help us continue to improve?
Close
Thank you for your feedback
We're sorry this page didn't help you. Would you like to share additional details to help us continue to improve?
Close