AWS CLI (Command Line Interface) is an open-source tool that enables interaction with AWS services using the command line (terminal in Linux or command prompt/power shell in Windows). Lets us see how we can install it on windows/ubuntu/mac and configure it for multiple users.
You can also check out AWS CLI official document here.
Installing AWS CLI
Installing AWS CLI is very easy. You need to have Python and Pip installed on your system. If not you can follow the link below and set up Python.
After that either on Windows or Linux you can run the following command.
# for windowns pip3 install --upgrade --user awscli # for mac and linux you can add sudo sudo pip3 install --upgrade awscli
Once you run these command it will install AWS CLI on your machine. You can check the status of installation using the command below.
aws --version # expected output. you may see diffrent version numbers depending on when you install it aws-cli/1.16.175 Python/3.6.8 Linux/4.15.0-55-generic botocore/1.12.165
If you see the above output we are ready to play with AWS CLI. If you face any issue please let me know in comments.
Configuring AWS CLI
Now we are ready to configure AWS CLI with AWS User. The first thing we need to do is create a user in the AWS Console. You can follow the article on IAM to create your first user.
The important point to remember while creating a user is giving him/her programmatic access. This will give us Access Key Id and Secret Acess Key which we can use it to configure in AWS CLI for that user.
Once you have a user created, the next step is to run the AWS configure command. And do not worry about visible Acess key Id and Secrete access key cause I have deleted them already ;).
Once you run above command it will ask you to enter Access Key ID, Secret Acess Key, Default region, and default output format.
This will configure your user in AWS CLI. All these details are stored in a file in the user’s home directory in .aws folder.
cat /home/mahesh/.aws/credentials [default] aws_access_key_id = AKIAS3CARBCBRWMADMYP aws_secret_access_key = BlMCN6QM3K32OSqoYRY7CH5EjB8SyWAAavVrRT7L
You can validate the configuration status by running a simple command which lists all buckets in your account provided you have granted AWS user access to read s3 buckets.
aws s3 ls
Configuring Multiple profiles
When you first run “aws configure” command it sets that user as default user of AWS CLI. You can validate the same in the credentials file as well. But we might need to use multiple users to access our AWS services. For example, some users may have only read access to S3 or some users may have access to Dev resources and others to Production resources.
In such a case, we need to configure AWS CLI with multiple users using profiles. We can run configure command with –profile to set profile for users.
In the above image, you can see that, using –profile option we can create multiple profiles like admin and s3_read. I have used the same credentials for both users but you get the idea of creating multiple profiles.
For using one of these profiles while using AWS CLI you can provide them in command using –profile option.
aws s3 ls --profile s3_read
We have installed AWS CLI on our machine and configured it for multiple users using profiles. Now we are ready to access different AWS services using the command line. In the next tutorial, we will learn to create new users from AWS CLI. Until then keep learning.