blog archive     the meetup     about     contact me

aws cli reference

This is a reference for a typical day in starting with the Amazon AWS command line interface.

Assuming you already have python and pip installed, to install awscli:

pip install awscli

After doing this as a non-elevated user, you’ll need to add to your path:

export PATH=~/.local/bin:$PATH

and then

source ~/.bashrc (or .bash_profile depending on your distro)

Verify with:

aws --version

Let’s enable tab-completion. Tab-completion is built into aws cli, but not enabled by default so we have to do this:

complete -C aws_completer aws

Next, configure a profile; profiles are especially helpful if you are going to manage multiple AWS accounts. If you aren’t managing multiple AWS accounts, you can skip the --profile profileName below.

This step will require you to enter your AWS Access Key ID and Secret Access Key. To generate these, navigate to IAM in the AWS Console, create the user you want for programatic access, and give that user the proper permissions. Then configure the profile:

aws configure --profile profileName

Then you can check your availability zones:

aws ec2 describe-availibility-zones --profile profileName

You can type help after nearly every command or subcommand to get more info. Like this:

aws ec2 help

or

aws ec2 describe-availibility-zones help

…and so on.

What instances do you have running? Multi-line commands are supported:

aws ec2 describe-instances \ --query 'Reservations[*].Instances[*].[InstanceId]' \ --filters Name=instance-state-name,Values=running \ --profile profileName

What do your security groups look like:

aws ec2 describe-security-groups --profile profileName

Or grab one in particular:

aws ec2 describe-security-groups --group-ids sg-xxxxxxxx --profile profileName

Want to add some random port to ingress on this sec group?

aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --port 5601 --cidr THE.IP.ADDRESS.ALLOWED/32 --profile profileName (Bonus points if you know what uses that port by default.)

Stay tuned to this post; I will be updating it regularly with more awscli commands.