Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Ubuntu - Getting Started With The AWS CLI

AWS

Related Posts

Steps

Ubuntu 20.04 Installation

Install the tools with the following commands:

sudo apt update \
  && sudo apt install python3-pip -y \
  && sudo pip3 install awscli

Pre Ubuntu 20.04 Installation

Install the tools with the following commands:

sudo apt-get update && sudo apt-get install python-pip -y
sudo pip install awscli

Setting Credentials

In order for the AWS CLI commands to work, it needs to know what credentials to use.

Running AWS Configure

The easiest way to configure your credentials is to run the following command:

aws configure

Then just answer the questions, and this will automatically create the credentials file for you.

When it asks for the default output format, your choices are json, table, or text. Personally, I use json.

Programmatically Configuring Credentials

If you need to set the credentials programmatically, you can do this like so:

aws configure set aws_access_key_id $MY_AWS_KEY_ID
aws configure set aws_secret_access_key $MY_AWS_KEY_SECRET

Alternatively, one can use environment variables like so:

export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=eu-west-2

Manual Credentials File Creation

If you don't want to run aws configure, or you just like to know how to do things manually, then you can just manually create the credentials file like so:

mkdir $HOME/.aws
vim $HOME/.aws/config

Then just fill it with your credentials, and the default region to operate in, like so:

[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2

Do not use quotation marks around the values.

Make sure to prevent file access from other users on the same machine.

chmod 600 $HOME/.aws/config

Alternative Location

If you don't like having the credentials file at the default location of $HOME/.aws/config, then you can set a different file location by setting the AWS_CONFIG_FILE environment variable.

E.g.

export AWS_CONFIG_FILE="/my/new/path/to/.aws/config"

Different Profiles

If you manage multiple accounts, or just need to use multiple IAM credentials for whatever reason, then you will benefit from setting multiple "profiles". This can be done by simply setting the credentials underneath the profile name in [] brackets. E.g.

[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2
output=json

[profile2]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-1
output=json

[myOtherProfile]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region = eu-west-2
output=json

Then all one needs to do is manually specify the profile in their commands using the --profile flag like so:

aws s3 \
  --profile=profile2 \
  cp --recursive \
  s3://my-bucket \
  s3://my-second-bucket

Testing

You can test it's working with a simple command t fetch the regions from AWS:

aws ec2 describe-regions

You can send an email like so:

aws ses send-email \
  --text="this is a test" \
  --reply-to-addresses="admin@my.domain.com" \
  --from="admin@my.domain.com" \
  --to="to@gmail.com" \
  --subject="test"

Get Canonical ID

If you ever need your canonical ID, just run the following:

aws s3api list-buckets | grep ID

You can use this to grant another account access to your bucket, so you can sync two buckets between different accounts, without one of the buckets needing to be public.

References

Last updated: 31st March 2022
First published: 4th May 2020