{"id":7905,"date":"2019-07-30T15:20:04","date_gmt":"2019-07-30T07:20:04","guid":{"rendered":"http:\/\/rmohan.com\/?p=7905"},"modified":"2019-07-31T12:33:23","modified_gmt":"2019-07-31T04:33:23","slug":"aws-cli","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7905","title":{"rendered":"aws-cli"},"content":{"rendered":"\n

Description<\/h1>\n\n\n\n

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.<\/p>\n\n\n\n

The AWS CLI introduces a new set of simple file commands for efficient file transfers to and from Amazon S3.<\/p>\n\n\n\n

Supported Services<\/h1>\n\n\n\n

For a list of the available services you can use with AWS Command Line Interface, see Available Services<\/a> in the AWS CLI Command Reference.<\/p>\n\n\n\n

AWS Command Line Interface on GitHub<\/h1>\n\n\n\n

You can view\u2014and fork\u2014the source code for the AWS CLI on GitHub in the https:\/\/github.com\/aws\/aws-cli<\/a> project.<\/p>\n\n\n\n

Versions#<\/a><\/h2>\n\n\n\n
Version<\/th>Release Date<\/th><\/tr><\/thead>
1.10.38<\/a><\/td>2016-06-14<\/td><\/tr>
1.10.35<\/a><\/td>2016-06-03<\/td><\/tr>
1.10.33<\/a><\/td>2016-05-25<\/td><\/tr>
1.10.30<\/a><\/td>2016-05-18<\/td><\/tr><\/tbody><\/table>\n\n\n\n

AWS CLI Cheat sheet – List of All CLI commands#<\/a><\/h2>\n\n\n\n

Setup#<\/a><\/h2>\n\n\n\n

Install AWS CLI#<\/a><\/h3>\n\n\n\n

AWS CLI is an common CLI tool for managing the AWS resources. With this single tool we can manage all the aws resources<\/p>\n\n\n\n

sudo apt-get install -y python-dev python-pip\nsudo pip install awscli\naws --version\naws configure\n<\/pre>\n\n\n\n
Bash one-liners#<\/a><\/h3>\n\n\n\n
cat <file> # output a file\ntee # split output into a file\ncut -f 2 # print the 2nd column, per line\nsed -n '5{p;q}' # print the 5th line in a file\nsed 1d # print all lines, except the first\ntail -n +2 # print all lines, starting on the 2nd\nhead -n 5 # print the first 5 lines\ntail -n 5 # print the last 5 lines\n\nexpand # convert tabs to 4 spaces\nunexpand -a # convert 4 spaces to tabs\nwc # word count\ntr ' ' \\\\t # translate \/ convert characters to other characters\n\nsort # sort data\nuniq # show only unique entries\npaste # combine rows of text, by line\njoin # combine rows of text, by initial column value\n<\/pre>\n\n\n\n
Cloudtrail – Logging and Auditing#<\/a><\/h2>\n\n\n\n
http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/cloudtrail\/<\/a> 5 Trails total, with support for resource level permissions<\/p>\n\n\n\n
# list all trails\naws cloudtrail describe-trails\n\n# list all S3 buckets\naws s3 ls\n\n# create a new trail\naws cloudtrail create-subscription \\\n    --name awslog \\\n    --s3-new-bucket awslog2016\n\n# list the names of all trails\naws cloudtrail describe-trails --output text | cut -f 8\n\n# get the status of a trail\naws cloudtrail get-trail-status \\\n    --name awslog\n\n# delete a trail\naws cloudtrail delete-trail \\\n    --name awslog\n\n# delete the S3 bucket of a trail\naws s3 rb s3:\/\/awslog2016 --force\n\n# add tags to a trail, up to 10 tags\naws cloudtrail add-tags \\\n    --resource-id awslog \\\n    --tags-list \"Key=log-type,Value=all\"\n\n# list the tags of a trail\naws cloudtrail list-tags \\\n    --resource-id-list \n\n# remove a tag from a trail\naws cloudtrail remove-tags \\\n    --resource-id awslog \\\n    --tags-list \"Key=log-type,Value=all\"\n<\/pre>\n\n\n\n
IAM#<\/a><\/h2>\n\n\n\n
Users#<\/a><\/h3>\n\n\n\n
https:\/\/blogs.aws.amazon.com\/security\/post\/Tx15CIT22V4J8RP\/How-to-rotate-access-keys-for-IAM-users<\/a>http:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/reference_iam-limits.html<\/a> Limits = 5000 users, 100 group, 250 roles, 2 access keys \/ user<\/p>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/index.html\n<\/div><\/figure>\n\n\n\n
# list all user's info\naws iam list-users\n\n# list all user's usernames\naws iam list-users --output text | cut -f 6\n\n# list current user's info\naws iam get-user\n\n# list current user's access keys\naws iam list-access-keys\n\n# crate new user\naws iam create-user \\\n    --user-name aws-admin2\n\n# create multiple new users, from a file\nallUsers=$(cat .\/user-names.txt)\nfor userName in $allUsers; do\n    aws iam create-user \\\n        --user-name $userName\ndone\n\n# list all users\naws iam list-users --no-paginate\n\n# get a specific user's info\naws iam get-user \\\n    --user-name aws-admin2\n\n# delete one user\naws iam delete-user \\\n    --user-name aws-admin2\n\n# delete all users\n# allUsers=$(aws iam list-users --output text | cut -f 6);\nallUsers=$(cat .\/user-names.txt)\nfor userName in $allUsers; do\n    aws iam delete-user \\\n        --user-name $userName\ndone\n<\/pre>\n\n\n\n
Password policy#<\/a><\/h3>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/\n<\/div><\/figure>\n\n\n\n
# list policy\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/get-account-password-policy.html\naws iam get-account-password-policy\n\n# set policy\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/update-account-password-policy.html\naws iam update-account-password-policy \\\n    --minimum-password-length 12 \\\n    --require-symbols \\\n    --require-numbers \\\n    --require-uppercase-characters \\\n    --require-lowercase-characters \\\n    --allow-users-to-change-password\n\n# delete policy\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/delete-account-password-policy.html\naws iam delete-account-password-policy\n<\/pre>\n\n\n\n
Access Keys#<\/a><\/h3>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/\n<\/div><\/figure>\n\n\n\n
# list all access keys\naws iam list-access-keys\n\n# list access keys of a specific user\naws iam list-access-keys \\\n    --user-name aws-admin2\n\n# create a new access key\naws iam create-access-key \\\n    --user-name aws-admin2 \\\n    --output text | tee aws-admin2.txt\n\n# list last access time of an access key\naws iam get-access-key-last-used \\\n    --access-key-id AKIAINA6AJZY4EXAMPLE\n\n# deactivate an acccss key\naws iam update-access-key \\\n    --access-key-id AKIAI44QH8DHBEXAMPLE \\\n    --status Inactive \\\n    --user-name aws-admin2\n\n# delete an access key\naws iam delete-access-key \\\n    --access-key-id AKIAI44QH8DHBEXAMPLE \\\n    --user-name aws-admin2\n<\/pre>\n\n\n\n
Groups, Policies, Managed Policies#<\/a><\/h3>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles.htmlhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/iam\/\n<\/div><\/figure>\n\n\n\n
# list all groups\naws iam list-groups\n\n# create a group\naws iam create-group --group-name FullAdmins\n\n# delete a group\naws iam delete-group \\\n    --group-name FullAdmins\n\n# list all policies\naws iam list-policies\n\n# get a specific policy\naws iam get-policy \\\n    --policy-arn <value>\n\n# list all users, groups, and roles, for a given policy\naws iam list-entities-for-policy \\\n    --policy-arn <value>\n\n# list policies, for a given group\naws iam list-attached-group-policies \\\n    --group-name FullAdmins\n\n# add a policy to a group\naws iam attach-group-policy \\\n    --group-name FullAdmins \\\n    --policy-arn arn:aws:iam::aws:policy\/AdministratorAccess\n\n# add a user to a group\naws iam add-user-to-group \\\n    --group-name FullAdmins \\\n    --user-name aws-admin2\n\n# list users, for a given group\naws iam get-group \\\n    --group-name FullAdmins\n\n# list groups, for a given user\naws iam list-groups-for-user \\\n    --user-name aws-admin2\n\n# remove a user from a group\naws iam remove-user-from-group \\\n    --group-name FullAdmins \\\n    --user-name aws-admin2\n\n# remove a policy from a group\naws iam detach-group-policy \\\n    --group-name FullAdmins \\\n    --policy-arn arn:aws:iam::aws:policy\/AdministratorAccess\n\n# delete a group\naws iam delete-group \\\n    --group-name FullAdmins\n<\/pre>\n\n\n\n
EC2#<\/a><\/h2>\n\n\n\n
keypairs#<\/a><\/h3>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/ec2-key-pairs.html\n<\/div><\/figure>\n\n\n\n
# list all keypairs\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/describe-key-pairs.html\naws ec2 describe-key-pairs\n\n# create a keypair\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/create-key-pair.html\naws ec2 create-key-pair \\\n    --key-name <value>\n\n# create a new private \/ public keypair, using RSA 2048-bit\nssh-keygen -t rsa -b 2048\n\n# import an existing keypair\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/import-key-pair.html\naws ec2 import-key-pair \\\n    --key-name keyname_test \\\n    --public-key-material file:\/\/\/home\/apollo\/id_rsa.pub\n\n# delete a keypair\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/delete-key-pair.html\naws ec2 delete-key-pair \\\n    --key-name <value>\n<\/pre>\n\n\n\n
Security Groups#<\/a><\/h3>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/index.html\n<\/div><\/figure>\n\n\n\n
# list all security groups\naws ec2 describe-security-groups\n\n# create a security group\naws ec2 create-security-group \\\n    --vpc-id vpc-1a2b3c4d \\\n    --group-name web-access \\\n    --description \"web access\"\n\n# list details about a securty group\naws ec2 describe-security-groups \\\n    --group-id sg-0000000\n\n# open port 80, for everyone\naws ec2 authorize-security-group-ingress \\\n    --group-id sg-0000000 \\\n    --protocol tcp \\\n    --port 80 \\\n    --cidr 0.0.0.0\/24\n\n# get my public ip\nmy_ip=$(dig +short myip.opendns.com @resolver1.opendns.com);\necho $my_ip\n\n# open port 22, just for my ip\naws ec2 authorize-security-group-ingress \\\n    --group-id sg-0000000 \\\n    --protocol tcp \\\n    --port 80 \\\n    --cidr $my_ip\/24\n\n# remove a firewall rule from a group\naws ec2 revoke-security-group-ingress \\\n    --group-id sg-0000000 \\\n    --protocol tcp \\\n    --port 80 \\\n    --cidr 0.0.0.0\/24\n\n# delete a security group\naws ec2 delete-security-group \\\n    --group-id sg-00000000\n<\/pre>\n\n\n\n
Instances#<\/a><\/h2>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/index.html\n<\/div><\/figure>\n\n\n\n
# list all instances (running, and not running)\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/describe-instances.html\naws ec2 describe-instances\n\n# create a new instance\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/run-instances.html\naws ec2 run-instances \\\n    --image-id ami-f0e7d19a \\    \n    --instance-type t2.micro \\\n    --security-group-ids sg-00000000 \\\n    --dry-run\n\n# stop an instance\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/terminate-instances.html\naws ec2 terminate-instances \\\n    --instance-ids <instance_id>\n\n# list status of all instances\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/describe-instance-status.html\naws ec2 describe-instance-status\n\n# list status of a specific instance\naws ec2 describe-instance-status \\\n    --instance-ids <instance_id>\n<\/pre>\n\n\n\n
Tags#<\/a><\/h3>\n\n\n\n
# list the tags of an instance\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/describe-tags.html\naws ec2 describe-tags\n\n# add a tag to an instance\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/create-tags.html\naws ec2 create-tags \\\n    --resources \"ami-1a2b3c4d\" \\\n    --tags Key=name,Value=debian\n\n# delete a tag on an instance\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/delete-tags.html\naws ec2 delete-tags \\\n    --resources \"ami-1a2b3c4d\" \\\n    --tags Key=Name,Value=\n<\/pre>\n\n\n\n
Cloudwatch#<\/a><\/h2>\n\n\n\n
Log Groups#<\/a><\/h3>\n\n\n\n
http:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/DeveloperGuide\/WhatIsCloudWatchLogs.html<\/a>http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/index.html#cli-aws-logs<\/a>create a group<\/p>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/create-log-group.html\n<\/div><\/figure>\n\n\n\n
aws logs create-log-group \\\n    --log-group-name \"DefaultGroup\"\n<\/pre>\n\n\n\n
list all log groups<\/p>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/describe-log-groups.html\n<\/div><\/figure>\n\n\n\n
aws logs describe-log-groups\n\naws logs describe-log-groups \\\n    --log-group-name-prefix \"Default\"\n<\/pre>\n\n\n\n
delete a group<\/p>\n\n\n\n
\nhttp:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/delete-log-group.html\n<\/div><\/figure>\n\n\n\n
aws logs delete-log-group \\\n    --log-group-name \"DefaultGroup\"\n<\/pre>\n\n\n\n
Log Streams#<\/a><\/h3>\n\n\n\n
# Log group names can be between 1 and 512 characters long. Allowed\n# characters include a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen),\n# '\/' (forward slash), and '.' (period).\n\n# create a log stream\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/create-log-stream.html\naws logs create-log-stream \\\n    --log-group-name \"DefaultGroup\" \\\n    --log-stream-name \"syslog\"\n\n# list details on a log stream\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/describe-log-streams.html\naws logs describe-log-streams \\\n    --log-group-name \"syslog\"\n\naws logs describe-log-streams \\\n    --log-stream-name-prefix \"syslog\"\n\n# delete a log stream\n# http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/logs\/delete-log-stream.html\naws logs delete-log-stream \\\n    --log-group-name \"DefaultGroup\" \\\n    --log-stream-name \"Default Stream\"\n<\/pre>\n\n\n\n
AWS completer for Ubuntu with Bash#<\/a><\/h2>\n\n\n\n
The following utility can be used for auto-completion of commands:<\/p>\n\n\n\n
$ which aws_completer\n\/usr\/bin\/aws_completer\n\n$ complete -C '\/usr\/bin\/aws_completer' aws\n<\/code><\/pre>\n\n\n\n
For future shell sessions, consider add this to your ~\/.bashrc<\/p>\n\n\n\n
$ echo \"complete -C '\/usr\/bin\/aws_completer' aws\" >> ~\/.bashrc\n<\/code><\/pre>\n\n\n\n
To check, type:<\/p>\n\n\n\n
$ aws ec\n<\/code><\/pre>\n\n\n\n
Press the [TAB] key, it should add 2 automatically:<\/p>\n\n\n\n
$ aws ec2\n<\/code><\/pre>\n\n\n\n
Creating a New Profile#<\/a><\/h2>\n\n\n\n
To setup a new credential profile with the name myprofile<\/code> :<\/p>\n\n\n\n
$ aws configure --profile myprofile\nAWS Access Key ID [None]: ACCESSKEY\nAWS Secret Access Key [None]: SECRETKEY\nDefault region name [None]: REGIONNAME\nDefault output format [None]: text | table | json\n<\/pre>\n\n\n\n
For the AWS access key id and secret, create an IAM user in the AWS console and generate keys for it.<\/p>\n\n\n\n
Region will be the default region for commands in the format eu-west-1<\/code> or us-east-1<\/code> .<\/p>\n\n\n\n
The default output format can either be text<\/code> , table<\/code> or json<\/code> .<\/p>\n\n\n\n
You can now use the profile name in other commands by using the --profile<\/code> option, e.g.:<\/p>\n\n\n\n
$ aws ec2 describe-instances --profile myprofile\n<\/pre>\n\n\n\n
AWS libraries for other languages (e.g. aws-sdk<\/code> for Ruby or boto3<\/code> for Python) have options to use the profile you create with this method too. E.g. creating a new session in boto3<\/code> can be done like this, boto3.Session(profile_name:'myprofile')<\/code> and it will use the credentials you created for the profile.<\/p>\n\n\n\n
The details of your aws-cli configuration can be found in ~\/.aws\/config<\/code> and ~\/.aws\/credentials<\/code> (on linux and mac-os). These details can be edited manually from there.<\/p>\n\n\n\n
Installation and setup#<\/a><\/h2>\n\n\n\n
There are a number of different ways to install the AWS CLI on your machine, depending on what operating system and environment you are using:<\/p>\n\n\n\n
On Microsoft Windows \u2013 use the MSI installer. On Linux, OS X, or Unix \u2013 use pip (a package manager for Python software) or install manually with the bundled installer.<\/p>\n\n\n\n
Install using pip:<\/strong><\/p>\n\n\n\n
You will need python to be installed (version 2, 2.6.5+,3 or 3.3+). Check with<\/p>\n\n\n\n
python --version\n\npip --help\n<\/code><\/pre>\n\n\n\n
Given that both of these are installed, use the following command to install the aws cli.<\/p>\n\n\n\n
sudo pip install awscli\n<\/code><\/pre>\n\n\n\n
Install on Windows<\/strong> The AWS CLI is supported on Microsoft Windows XP or later. For Windows users, the MSI installation package offers a familiar and convenient way to install the AWS CLI without installing any other prerequisites. Windows users should use the MSI installer unless they are already using pip for package management.<\/p>\n\n\n\n