Module 3: Set Up the AWS CLI
TUTORIAL
Set Up the AWS CLI
In this module, you will configure the AWS Command Line Interface (CLI)
What you will accomplish
- Install the AWS Command Line Interface (AWS CLI) for your operating system
- Configure the credentials to access your AWS account
- Configure multiple profiles to access different AWS accounts
Implementation
The AWS CLI is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
To interact with AWS using the CLI, we need to configure credentials for it to use when making API calls. We will also show how you can set up multiple profiles to access more than one AWS account, either with additional credentials, or through IAM role switching.
Time to complete
10 minutes
Module requirements
- An internet browser
- An AWS account
Install the AWS CLI
There are different ways to install the AWS CLI, depending on your operating system or preference to use containers. To install the AWS CLI v2, see lnstalling or updating the latest version of the AWS CLI.
Once the AWS CLI is installed, you can run aws --version in your command line and see the following output (version may be different):
aws --version
aws-cli/2.7.20 Python/3.9.11 Darwin/21.6.0 exe/x86_64 prompt/offThe AWS CLI is now installed and we need to configure the credentials.
Configure AWS CLI credentials
To configure the credentials, use the command aws configure and include the credentials of the user created in the previous module of this tutorial. Add the user we included in the user group with administrator-level permissions.
When you use the aws configure command, you will be asked for:
- AWS Access Key ID
- AWS Secret Access Key
- Default Region: Provide the Region in the following format us-east-1. For a list of Region names and codes, see this table.
- Default Output Format: This is how the output should be displayed by default, and includes, but is not limited to: json, yaml, text. Review the documentation for all options.
Once completed, you should see the following in the terminal (if you chose us-east-1 as your default Region):
aws configure
AWS Access Key ID [None]: ANOTREALACCESSKEYID
AWS Secret Access Key [None]: ANOTREALSECRETACCESSKEY
Default region name [None]: us-east-1
Default output format [None]: jsonNow, run the aws ec2 describe-vpcs command to check if the configuration is correct. Each new AWS account has default VPCs configured.
aws ec2 describe-vpcs
# Output
{
"Vpcs": [
{
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-d12345",
"State": "available",
"VpcId": "vpc-0123456789abcdef",
"OwnerId": "123456789012",
....This confirms that your AWS CLI has now been set up correctly.
when you successfully run the aws configure command, the AWS CLI creates two new files in either ~/.aws (Linux / MacOS), or %UserProfile%\.aws (Windows):
- config: This file contains your region and output format
- credentials: This file contains your access key ID and secret access key
The next section covers how to configure multiple profiles. Feel free to skip it if you are planning to use a single AWS account.
Configure multiple profiles (optional)
If you are using more than one AWS account, you can set up profiles. This would be useful if you have different accounts for development and production environments, for example.
You can configure additional profiles by using the AWS CLI aws configure command with the --profile option, or by manually adding entries to the config and credentials files.
To use the aws configure command, enter the following in your terminal. In this case, user1 is the name of the profile we're creating.
aws configure --profile user1You will be asked for that profile's:
- AWS Access Key ID
- AWS Secret Access Key
- Default Region
- Default Output Format
See Using named profiles for more information on how to use the profiles with the AWS CLI commands.
As an alternative, you can directly set your profiles by editing the config and credentials files created by the AWS CLI when you initially set it up.
Where you find your home directory location varies based on the operating system, but is referred to using the environment variables %UserProfile% in Windows and $HOME or ~ in Unix-based systems.
- credentials file location: ~/.aws/credentials (Linux & Mac) or %USERPROFILE%\.aws\credentials (Windows)
- config file location: ~/.aws/config (Linux & Mac) or %USERPROFILE%\.aws\config (Windows)
Once you find the files, open them and add the new profile information. Initially, your files will look something like this:
//config file
[default]
region=us-west-2
output=json
//credentials file
[default]
aws_access_key_id=<access_key_id>
aws_secret_access_key=<secret_access_key>After adding a new profile, they will look something like this:
//config file
[default]
region=us-west-2
output=json
[profile user1]
region=us-west-2
output=json
//credentials file
[user1]
aws_access_key_id=<access_key_id>
aws_secret_access_key=<secret_access_key>
[myprofile1]
aws_access_key_id=<profile1_access_key_1>
aws_secret_access_key=<profile1_secret_access_key>Note that a profile is prefixed with profile only in the config file, not in the credentials file.
This method requires you to have an IAM user in each account, with a credential set as well. Another method to access multiple accounts is by setting up IAM roles and policies to allow you to use role switching. To set this up, refer to the IAM documentation.
See Using named profiles for more information on how to use the profiles with the AWS CLI commands.
Conclusion
Congratulations! You have learned how to set up the AWS CLI. In the next module, you will learn how to set up AWS Cloud9, a cloud-based IDE.