Ubuntu - Getting Started With The AWS CLI

Related Posts

• AWS CLI S3 Cheatsheet

Steps

Ubuntu 20.04 Installation

Install the tools with the following commands:

sudo apt update \
  && sudo apt install python3-pip -y \
  && sudo pip3 install awscli

Pre Ubuntu 20.04 Installation

Install the tools with the following commands:

sudo apt-get update && sudo apt-get install python-pip -y
sudo pip install awscli

Setting Credentials

In order for the AWS CLI commands to work, it needs to know what credentials to use.

Running AWS Configure

The easiest way to configure your credentials is to run the following command:

aws configure

Then just answer the questions, and this will automatically create the credentials file for you.

When it asks for the default output format, your choices are json, table, or text. Personally, I use json.

Manual Credentials File Creation

If you don't want to run aws configure, or you just like to know how to do things manually, then you can just manually create the credentials file like so:

mkdir $HOME/.aws
vim $HOME/.aws/config

Then just fill it with your credentials, and the default region to operate in, like so:

[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2

Do not use quotation marks around the values.

Make sure to prevent file access from other users on the same machine.

chmod 600 $HOME/.aws/config

Alternative Location

If you don't like having the credentials file at the default location of $HOME/.aws/config, then you can set a different file location by setting the AWS_CONFIG_FILE environment variable.

E.g.

export AWS_CONFIG_FILE="/my/new/path/to/.aws/config"

Different Profiles

If you manage multiple accounts, or just need to use multiple IAM credentials for whatever reason, then you will benefit from setting multiple "profiles". This can be done by simply setting the credentials underneath the profile name in [] brackets. E.g.

[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2
output=json

[profile2]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-1
output=json

[myOtherProfile]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2
output=json

Then all one needs to do is manually specify the profile in their commands using the --profile flag like so:

aws s3 \
  --profile=profile2 \
  cp --recursive \
  s3://my-bucket \
  s3://my-second-bucket

Testing

You can test it's working with a simple command t fetch the regions from AWS:

aws ec2 describe-regions

You can send an email like so:

aws ses send-email \
  --text="this is a test" \
  --reply-to-addresses="admin@my.domain.com" \
  --from="admin@my.domain.com" \
  --to="to@gmail.com" \
  --subject="test"

Get Canonical ID

If you ever need your canonical ID, just run the following:

aws s3api list-buckets | grep ID

You can use this to grant another account access to your bucket, so you can sync two buckets between different accounts, without one of the buckets needing to be public.

References

• GitHub - aws/aws-cli - Unable to locate credentials
• Installing aws-cli, the New AWS Command Line Tool
• Stack Overflow - Move files directly from one S3 account to another?
• Server Fault - How can I get the size of an Amazon S3 bucket?
• AWS Docs - Named profiles