SlideShare ist ein Scribd-Unternehmen logo
1 von 51
Downloaden Sie, um offline zu lesen
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction to the AWS CLI
L e o Z h a d a n o v s k y
P r i n c i p a l S o l u t i o n s A r c h i t e c t
A W S
N o v e m b e r 2 9 , 2 0 1 7
D E V 3 2 3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Agenda
• Basics
• Installation
• Configuration
• Syntax
• Foundations
• Profiles
• Environment Variables
• Roles
• Advanced
• Querying & Filtering
• MFA
• S3 Commands
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Command Line Interface
Unified tool to manage your AWS Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Basics
• Installing the CLI
• Setting up Credentials
• Configuration Files
• Syntax
• Help
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Install the CLI
• Requirements
• Python 2 version 2.6.5+ or Python 3 version 3.3+
• OS: Windows, Linux, MacOS, or Unix
• Installation Options
• pip
• Bundled Installer
• MSI
• virtualenv recommended when using pip
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ pip install awscli
Install the CLI
Update the CLI
$ pip install awscli --upgrade
Check version of the CLI
$ aws --version
Uninstall the CLI
$ pip uninstall awscli
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws configure
AWS Access Key ID [None]:AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]:us-east-1
Default output format [None]:json
Setting up Credentials
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Supported by all AWS SDKs
• Contains credentials
• Some settings used only by CLI
• Can contain credentials
~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s
Configuration files
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar
[profile prod]
aws_access_key_id = foo
aws_secret_access_key = bar
region = us-east-1
emr =
service_role = EMR_DefaultRole
instance_profile = EMR_EC2_DefaultRole
log_uri = s3://myBucket/logs
enable_debugging = True
key_name = myKeyName
key_pair_file = /home/myUser/myKeyName.pem
output = json
~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s
Configuration files
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Syntax
$ aws ec2 describe-instances
service (command) operation (subcommand)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Syntax
$ aws iam list-access-keys
service (command) operation (subcommand)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws ec2 describe-instances help
Help
$ aws ec2 help
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Help
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Foundations
• Configuration Settings and Precedence
• Named Profiles
• Environment Variables
• Command Line Options
• Roles
• Output Types
• Tab Completion
• aws-shell
• Bastion Hosts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Settings and Precedence
1. Command line options – region, output format and profile can be specified as command options to
override default settings.
2. Environment variables – AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.
3. The AWS credentials file – located at ~/.aws/credentials on Linux, macOS, or Unix, or
at C:UsersUSERNAME .awscredentials on Windows. This file can contain multiple named profiles in
addition to a default profile.
4. The CLI configuration file – typically located at ~/.aws/config on Linux, macOS, or Unix, or
at C:UsersUSERNAME .awsconfig on Windows. This file can contain a default profile, named profiles,
and CLI specific configuration parameters for each.
5. Container credentials – provided by Amazon EC2 Container Service on container instances when
you assign a role to your task.
6. Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance
role, and are delivered through the Amazon EC2 metadata service.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYE
XAMPLEKEY
[user2]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbE
XAMPLEKEY
[default]
region=us-east-1
output=json
[profile user2]
region=us-west-2
output=text
~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s
Named Profiles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws ec2 describe-instances –-profile user2
Using Profiles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Environment Variables
• AWS_ACCESS_KEY_ID – AWS access key.
• AWS_SECRET_ACCESS_KEY – AWS secret key. Access and secret key variables override credentials stored in
credential and config files.
• AWS_SESSION_TOKEN – Specify a session token if you are using temporary security credentials.
• AWS_DEFAULT_REGION – AWS region. This variable overrides the default region of the in-use profile, if set.
• AWS_DEFAULT_OUTPUT – Change the AWS CLI's output formatting to json, text, or table.
• AWS_PROFILE – name of the CLI profile to use. This can be the name of a profile stored in a credential or
config file, or default to use the default profile.
• AWS_CA_BUNDLE – Specify the path to a certificate bundle to use for HTTPS certificate validation.
• AWS_SHARED_CREDENTIALS_FILE – Change the location of the file that the AWS CLI uses to store access
keys.
• AWS_CONFIG_FILE – Change the location of the file that the AWS CLI uses to store configuration profiles.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
$ export
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYE
XAMPLEKEY
$ export AWS_DEFAULT_REGION=us-west-2
> set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
> set
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEX
AMPLEKEY
> set AWS_DEFAULT_REGION=us-west-2
W i n d o w sL i n u x , m a c O S , o r U n i x
Using Environment Variables
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Command Line Options
• --profile – name of a profile to use, or "default" to use the default profile.
• --region – AWS region to call.
• --output – output format.
• --endpoint-url – The endpoint to make the call against. The endpoint can be the address of a proxy or an
endpoint URL for the in-use AWS region. Specifying an endpoint is not required for normal use as the AWS
CLI determines which endpoint to call based on the in-use region.
* The above options override the corresponding profile settings for a single operation.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Roles
• Set of permissions granted to a trusted entity
• Assumed by IAM users, applications or AWS services like EC2
• Use case:
• Cross-services
• Temporary access
• Cross-account
• Federation
• Benefits
• Security: no sharing of secrets
• Control: revoke access anytime
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
[profilemarketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadmin
source_profile = default
~ / . a w s / c o n f i g
Roles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
json
{
"Places": [
{
"City": "Seattle",
"State": "WA"
},
{
"City": "Las Vegas",
"State": "NV"
}
]
}
text
PLACES Seattle WA
PLACES Las Vegas NV
table
----------------------
| SomeOperationName |
+------------------------+
|| Places ||
|+------------+---------+|
|| City | State ||
|+------------+---------+|
|| Seattle | WA ||
|| Las Vegas | NV ||
|+------------+---------+|
Output Types
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tab Completion
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tab Completion Setup
$ which aws_completer
/usr/local/bin/aws_completer
$ complete –C '/usr/local/bin/aws_completer’ aws
* assuming bash
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Shell
An integrated shell for working with the
AWS CLI
Get it here:
https://github.com/awslabs/aws-shell
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Bastion Hosts
Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Advanced
• MFA
• Querying & Filtering
• CLI Aliases
• JMESPath Terminal
• Generate CLI Skeleton
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
MFA
• Require MFA for role assumption:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::179442201234:user/leozh" },
"Action": "sts:AssumeRole",
"Condition": { "Bool": { "aws:MultiFactorAuthPresent": true } }
}
]
}
• ~/.aws/config
[profile billing]
role_arn = arn:aws:iam::179442201234:role/billing
source_profile = default
mfa_serial = arn:aws:iam::179442201234:mfa/leozh
Where do I find my MFA ARN?
or
$ aws iam list-mfa-devices --user-name leozh
{
"MFADevices": [
{
"UserName": "leozh",
"SerialNumber": "arn:aws:iam::179442201234:mfa/leozh",
"EnableDate": "2016-09-15T00:27:33Z"
}
]
}
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
MFA
Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• --filter
• Server side
• Only available on certain subcommands (such as
many list-* and describe-*)
• Use this if you are expecting a large (1000 or >)
amount of items as a return
• Use in conjunction with --page-size on large item
sets
• --query
• Client side
• Available on all subcommands
• JMESPath query language
Q u e r y i n gF i l t e r i n g
Querying & Filtering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws ec2 describe-instances --filter Name=instance-type,Values=t2.micro
{
"Reservations": [
{
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ec2-34-228-84-177.compute-1.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2017-07-18T23:14:07.000Z",
…
…
},
Filtering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CLI Aliases
$ aws whoami
{
"Account": "179442201234”,
"UserId": "AIDAIXV2V6G4AEXAMPLE”,
"Arn": "arn:aws:iam::179442201234:user/leozh"
}
$ aws amazon-linux-amis
ami-6057e21a amzn-ami-hvm-2017.09.1.20171103-x86_64-gp2 Amazon Linux AMI 2017.09.1.20171103 x86_64 HVM GP2
ami-8c1be5f6 amzn-ami-hvm-2017.09.0.20170930-x86_64-gp2 Amazon Linux AMI 2017.09.0.20170930 x86_64 HVM GP2
ami-5e8c9625 amzn-ami-hvm-2017.09.rc-0.20170913-x86_64-gp2 Amazon Linux AMI 2017.09.rc-0.20170913 x86_64 HVM
GP2
ami-4fffc834 amzn-ami-hvm-2017.03.1.20170812-x86_64-gp2 Amazon Linux AMI 2017.03.1.20170812 x86_64 HVM GP2
…
https://github.com/awslabs/awscli-aliases
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Querying
$ aws iam list-users
{
"Users": [
{
"UserName": "leozh",
"PasswordLastUsed": "2017-11-07T00:15:03Z",
"CreateDate": "2013-08-04T17:24:01Z",
"UserId": "AIDAIXV2V6G4AAAV5UXYZ”,
"Path": "/",
"Arn": "arn:aws:iam::179442201234:user/leozh"
},
{
"UserName": “billing”,
"PasswordLastUsed": "2015-03-17T18:47:44Z",
"CreateDate": "2015-03-17T03:31:45Z",
"UserId": "AIDAIFVT4OFCCN6B5QABC”,
"Path": "/",
"Arn": "arn:aws:iam::1794422041234:user/billing”
}
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Querying
$ aws iam list-users --query 'Users[*].[UserName, CreateDate, PasswordLastUsed, Arn]'
[
[
"leozh",
"2013-08-04T17:24:01Z",
"2017-11-07T00:15:03Z",
"arn:aws:iam::179442201234:user/leozh"
],
[
“Billing”,
"2015-03-17T03:31:45Z",
"2015-03-17T18:47:44Z",
"arn:aws:iam::179442201234:user/billing”
]
]
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws ec2 describe-instances --query Reservations[*].Instances[*].State.Name
[
[
"stopped"
],
[
"running"
],
[
"running"
]
]
Querying
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
JMESPath Terminal
Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Querying
JMESPath
Learn more here: http://jmespath.org/tutorial.html
JMESPath Terminal
https://github.com/jmespath/jmespath.terminal
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws ec2 run-instances --generate-cli-skeleton > ec2runinst.json
{
"DryRun": true,
"ImageId": "",
"MinCount": 0,
"MaxCount": 0,
"KeyName": "",
"SecurityGroups": [
""
],
"SecurityGroupIds": [
""
],
"UserData": "",
"InstanceType": "",
…
}
Generate CLI Skeleton
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
{
"DryRun": false,
"ImageId": "ami-dfc39aef",
"KeyName": "mykey",
"SecurityGroups": [
"my-sg"
],
"InstanceType": "t2.micro",
"Monitoring": {
"Enabled": true
}
}
Generate CLI Skeleton
edit ec2runinst.json
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$ aws ec2 run-instances --cli-input-json file://ec2runinst.json
{
"OwnerId": "123456789012",
"ReservationId": "r-d94a2b1",
"Groups": [],
"Instances": [
...
Generate CLI Skeleton
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Generate CLI Skeleton
Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
S3 Commands
• Copy
• Sync
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws s3 cp local s3://bucket/key
aws s3 sync . s3://bucket/dir
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws s3 cp s3://src-bucket/key s3://dest-bucket/key
aws s3 sync s3://src-bucket s3://dest/bucket
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
largefile-part-1
largefile-part-2
largefile-part-3
largefile-part-4
delete-filesmallfile
Threads
aws s3 sync . s3://bucket/dir
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
multipart_chunksize
multipart_threshold
max_queue_size
max_concurrent_requests
$ aws configure set default.s3.max_concurrent_requests 20
$ aws configure set default.s3.max_queue_size 10000
$ aws configure set default.s3.multipart_threshold 64MB
$ aws configure set default.s3.multipart_chunksize 16MB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
http://docs.aws.amazon.com/cli/latest/topic/s3-config.html
$ aws help s3-config
S3 Commands
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Recap
• Many ways to install on multiple platforms
• Use tab completion, help commands and aws-shell to your advantage
• Take advantage of Roles and MFA
• Powerful parsing of CLI command returns with querying, filtering & jmespath
• Generate CLI Skeleton makes scripting with the CLI easier
• Use S3 commands for data migration / backups
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learn More
• Go to or watch on YouTube
• DEV307 - AWS CLI: 2017 and Beyond
• Go to
• https://aws.amazon.com/cli/
• Connect with other AWS developers on the CLI community forum
• Find examples and more in the User Guide
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
THANK YOU!

Weitere ähnliche Inhalte

Was ist angesagt?

AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitAmazon Web Services
 
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...Amazon Web Services Korea
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...Amazon Web Services Korea
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpacesAmazon Web Services Japan
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...Amazon Web Services
 

Was ist angesagt? (20)

Open Policy Agent
Open Policy AgentOpen Policy Agent
Open Policy Agent
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost Management
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
 
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Introduction to AWS Batch
Introduction to AWS BatchIntroduction to AWS Batch
Introduction to AWS Batch
 
AWS Systems Manager
AWS Systems ManagerAWS Systems Manager
AWS Systems Manager
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
 

Ähnlich wie DEV323_Introduction to the AWS CLI

AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017
AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017
AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017Amazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
 
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech Talks
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech TalksDeep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech Talks
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech TalksAmazon Web Services
 
SRV334-Making Things Right with AWS Config Rules and AWS Lambda
SRV334-Making Things Right with AWS Config Rules and AWS LambdaSRV334-Making Things Right with AWS Config Rules and AWS Lambda
SRV334-Making Things Right with AWS Config Rules and AWS LambdaAmazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Boaz Ziniman
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Migrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSMigrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSAmazon Web Services
 
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Amazon Web Services
 

Ähnlich wie DEV323_Introduction to the AWS CLI (20)

AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017
AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017
AWS CLI: 2017 and Beyond - DEV307 - re:Invent 2017
 
GPSTEC307_Too Many Tools
GPSTEC307_Too Many ToolsGPSTEC307_Too Many Tools
GPSTEC307_Too Many Tools
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)Amazon Amazon Elastic Container Service (Amazon ECS)
Amazon Amazon Elastic Container Service (Amazon ECS)
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveWIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
WIN403_AWS Directory Service for Microsoft Active Directory Deep Dive
 
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech Talks
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech TalksDeep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech Talks
Deep Dive on New Features in Amazon S3 & Glacier - AWS Online Tech Talks
 
SRV334-Making Things Right with AWS Config Rules and AWS Lambda
SRV334-Making Things Right with AWS Config Rules and AWS LambdaSRV334-Making Things Right with AWS Config Rules and AWS Lambda
SRV334-Making Things Right with AWS Config Rules and AWS Lambda
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
AWS Serverless Development
AWS Serverless DevelopmentAWS Serverless Development
AWS Serverless Development
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
 
Migrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWSMigrate & Optimize Microsoft Applications on AWS
Migrate & Optimize Microsoft Applications on AWS
 
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the Rescue
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

DEV323_Introduction to the AWS CLI

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction to the AWS CLI L e o Z h a d a n o v s k y P r i n c i p a l S o l u t i o n s A r c h i t e c t A W S N o v e m b e r 2 9 , 2 0 1 7 D E V 3 2 3
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Basics • Installation • Configuration • Syntax • Foundations • Profiles • Environment Variables • Roles • Advanced • Querying & Filtering • MFA • S3 Commands
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Command Line Interface Unified tool to manage your AWS Services
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Basics • Installing the CLI • Setting up Credentials • Configuration Files • Syntax • Help
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Install the CLI • Requirements • Python 2 version 2.6.5+ or Python 3 version 3.3+ • OS: Windows, Linux, MacOS, or Unix • Installation Options • pip • Bundled Installer • MSI • virtualenv recommended when using pip
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ pip install awscli Install the CLI Update the CLI $ pip install awscli --upgrade Check version of the CLI $ aws --version Uninstall the CLI $ pip uninstall awscli
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws configure AWS Access Key ID [None]:AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]:us-east-1 Default output format [None]:json Setting up Credentials
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Supported by all AWS SDKs • Contains credentials • Some settings used only by CLI • Can contain credentials ~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s Configuration files
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] aws_access_key_id = foo aws_secret_access_key = bar region = us-east-1 emr = service_role = EMR_DefaultRole instance_profile = EMR_EC2_DefaultRole log_uri = s3://myBucket/logs enable_debugging = True key_name = myKeyName key_pair_file = /home/myUser/myKeyName.pem output = json ~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s Configuration files
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Syntax $ aws ec2 describe-instances service (command) operation (subcommand)
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Syntax $ aws iam list-access-keys service (command) operation (subcommand)
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws ec2 describe-instances help Help $ aws ec2 help
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Help
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundations • Configuration Settings and Precedence • Named Profiles • Environment Variables • Command Line Options • Roles • Output Types • Tab Completion • aws-shell • Bastion Hosts
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Settings and Precedence 1. Command line options – region, output format and profile can be specified as command options to override default settings. 2. Environment variables – AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. 3. The AWS credentials file – located at ~/.aws/credentials on Linux, macOS, or Unix, or at C:UsersUSERNAME .awscredentials on Windows. This file can contain multiple named profiles in addition to a default profile. 4. The CLI configuration file – typically located at ~/.aws/config on Linux, macOS, or Unix, or at C:UsersUSERNAME .awsconfig on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each. 5. Container credentials – provided by Amazon EC2 Container Service on container instances when you assign a role to your task. 6. Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. [default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYE XAMPLEKEY [user2] aws_access_key_id=AKIAI44QH8DHBEXAMPLE aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbE XAMPLEKEY [default] region=us-east-1 output=json [profile user2] region=us-west-2 output=text ~ / . a w s / c o n f i g~ / . a w s / c r e d e n t i a l s Named Profiles
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws ec2 describe-instances –-profile user2 Using Profiles
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Environment Variables • AWS_ACCESS_KEY_ID – AWS access key. • AWS_SECRET_ACCESS_KEY – AWS secret key. Access and secret key variables override credentials stored in credential and config files. • AWS_SESSION_TOKEN – Specify a session token if you are using temporary security credentials. • AWS_DEFAULT_REGION – AWS region. This variable overrides the default region of the in-use profile, if set. • AWS_DEFAULT_OUTPUT – Change the AWS CLI's output formatting to json, text, or table. • AWS_PROFILE – name of the CLI profile to use. This can be the name of a profile stored in a credential or config file, or default to use the default profile. • AWS_CA_BUNDLE – Specify the path to a certificate bundle to use for HTTPS certificate validation. • AWS_SHARED_CREDENTIALS_FILE – Change the location of the file that the AWS CLI uses to store access keys. • AWS_CONFIG_FILE – Change the location of the file that the AWS CLI uses to store configuration profiles.
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE $ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYE XAMPLEKEY $ export AWS_DEFAULT_REGION=us-west-2 > set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE > set AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEX AMPLEKEY > set AWS_DEFAULT_REGION=us-west-2 W i n d o w sL i n u x , m a c O S , o r U n i x Using Environment Variables
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Command Line Options • --profile – name of a profile to use, or "default" to use the default profile. • --region – AWS region to call. • --output – output format. • --endpoint-url – The endpoint to make the call against. The endpoint can be the address of a proxy or an endpoint URL for the in-use AWS region. Specifying an endpoint is not required for normal use as the AWS CLI determines which endpoint to call based on the in-use region. * The above options override the corresponding profile settings for a single operation.
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Roles • Set of permissions granted to a trusted entity • Assumed by IAM users, applications or AWS services like EC2 • Use case: • Cross-services • Temporary access • Cross-account • Federation • Benefits • Security: no sharing of secrets • Control: revoke access anytime
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. [profilemarketingadmin] role_arn = arn:aws:iam::123456789012:role/marketingadmin source_profile = default ~ / . a w s / c o n f i g Roles
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. json { "Places": [ { "City": "Seattle", "State": "WA" }, { "City": "Las Vegas", "State": "NV" } ] } text PLACES Seattle WA PLACES Las Vegas NV table ---------------------- | SomeOperationName | +------------------------+ || Places || |+------------+---------+| || City | State || |+------------+---------+| || Seattle | WA || || Las Vegas | NV || |+------------+---------+| Output Types
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tab Completion
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tab Completion Setup $ which aws_completer /usr/local/bin/aws_completer $ complete –C '/usr/local/bin/aws_completer’ aws * assuming bash
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shell An integrated shell for working with the AWS CLI Get it here: https://github.com/awslabs/aws-shell
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bastion Hosts Demo
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Advanced • MFA • Querying & Filtering • CLI Aliases • JMESPath Terminal • Generate CLI Skeleton
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MFA • Require MFA for role assumption: { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::179442201234:user/leozh" }, "Action": "sts:AssumeRole", "Condition": { "Bool": { "aws:MultiFactorAuthPresent": true } } } ] } • ~/.aws/config [profile billing] role_arn = arn:aws:iam::179442201234:role/billing source_profile = default mfa_serial = arn:aws:iam::179442201234:mfa/leozh Where do I find my MFA ARN? or $ aws iam list-mfa-devices --user-name leozh { "MFADevices": [ { "UserName": "leozh", "SerialNumber": "arn:aws:iam::179442201234:mfa/leozh", "EnableDate": "2016-09-15T00:27:33Z" } ] }
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MFA Demo
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • --filter • Server side • Only available on certain subcommands (such as many list-* and describe-*) • Use this if you are expecting a large (1000 or >) amount of items as a return • Use in conjunction with --page-size on large item sets • --query • Client side • Available on all subcommands • JMESPath query language Q u e r y i n gF i l t e r i n g Querying & Filtering
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. aws ec2 describe-instances --filter Name=instance-type,Values=t2.micro { "Reservations": [ { "Instances": [ { "Monitoring": { "State": "disabled" }, "PublicDnsName": "ec2-34-228-84-177.compute-1.amazonaws.com", "State": { "Code": 16, "Name": "running" }, "EbsOptimized": false, "LaunchTime": "2017-07-18T23:14:07.000Z", … … }, Filtering
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLI Aliases $ aws whoami { "Account": "179442201234”, "UserId": "AIDAIXV2V6G4AEXAMPLE”, "Arn": "arn:aws:iam::179442201234:user/leozh" } $ aws amazon-linux-amis ami-6057e21a amzn-ami-hvm-2017.09.1.20171103-x86_64-gp2 Amazon Linux AMI 2017.09.1.20171103 x86_64 HVM GP2 ami-8c1be5f6 amzn-ami-hvm-2017.09.0.20170930-x86_64-gp2 Amazon Linux AMI 2017.09.0.20170930 x86_64 HVM GP2 ami-5e8c9625 amzn-ami-hvm-2017.09.rc-0.20170913-x86_64-gp2 Amazon Linux AMI 2017.09.rc-0.20170913 x86_64 HVM GP2 ami-4fffc834 amzn-ami-hvm-2017.03.1.20170812-x86_64-gp2 Amazon Linux AMI 2017.03.1.20170812 x86_64 HVM GP2 … https://github.com/awslabs/awscli-aliases
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Querying $ aws iam list-users { "Users": [ { "UserName": "leozh", "PasswordLastUsed": "2017-11-07T00:15:03Z", "CreateDate": "2013-08-04T17:24:01Z", "UserId": "AIDAIXV2V6G4AAAV5UXYZ”, "Path": "/", "Arn": "arn:aws:iam::179442201234:user/leozh" }, { "UserName": “billing”, "PasswordLastUsed": "2015-03-17T18:47:44Z", "CreateDate": "2015-03-17T03:31:45Z", "UserId": "AIDAIFVT4OFCCN6B5QABC”, "Path": "/", "Arn": "arn:aws:iam::1794422041234:user/billing” }
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Querying $ aws iam list-users --query 'Users[*].[UserName, CreateDate, PasswordLastUsed, Arn]' [ [ "leozh", "2013-08-04T17:24:01Z", "2017-11-07T00:15:03Z", "arn:aws:iam::179442201234:user/leozh" ], [ “Billing”, "2015-03-17T03:31:45Z", "2015-03-17T18:47:44Z", "arn:aws:iam::179442201234:user/billing” ] ]
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws ec2 describe-instances --query Reservations[*].Instances[*].State.Name [ [ "stopped" ], [ "running" ], [ "running" ] ] Querying
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. JMESPath Terminal Demo
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Querying JMESPath Learn more here: http://jmespath.org/tutorial.html JMESPath Terminal https://github.com/jmespath/jmespath.terminal
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws ec2 run-instances --generate-cli-skeleton > ec2runinst.json { "DryRun": true, "ImageId": "", "MinCount": 0, "MaxCount": 0, "KeyName": "", "SecurityGroups": [ "" ], "SecurityGroupIds": [ "" ], "UserData": "", "InstanceType": "", … } Generate CLI Skeleton
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. { "DryRun": false, "ImageId": "ami-dfc39aef", "KeyName": "mykey", "SecurityGroups": [ "my-sg" ], "InstanceType": "t2.micro", "Monitoring": { "Enabled": true } } Generate CLI Skeleton edit ec2runinst.json
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. $ aws ec2 run-instances --cli-input-json file://ec2runinst.json { "OwnerId": "123456789012", "ReservationId": "r-d94a2b1", "Groups": [], "Instances": [ ... Generate CLI Skeleton
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Generate CLI Skeleton Demo
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. S3 Commands • Copy • Sync
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. aws s3 cp local s3://bucket/key aws s3 sync . s3://bucket/dir
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. aws s3 cp s3://src-bucket/key s3://dest-bucket/key aws s3 sync s3://src-bucket s3://dest/bucket
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. largefile-part-1 largefile-part-2 largefile-part-3 largefile-part-4 delete-filesmallfile Threads aws s3 sync . s3://bucket/dir
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. multipart_chunksize multipart_threshold max_queue_size max_concurrent_requests $ aws configure set default.s3.max_concurrent_requests 20 $ aws configure set default.s3.max_queue_size 10000 $ aws configure set default.s3.multipart_threshold 64MB $ aws configure set default.s3.multipart_chunksize 16MB
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. http://docs.aws.amazon.com/cli/latest/topic/s3-config.html $ aws help s3-config S3 Commands
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap • Many ways to install on multiple platforms • Use tab completion, help commands and aws-shell to your advantage • Take advantage of Roles and MFA • Powerful parsing of CLI command returns with querying, filtering & jmespath • Generate CLI Skeleton makes scripting with the CLI easier • Use S3 commands for data migration / backups
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Learn More • Go to or watch on YouTube • DEV307 - AWS CLI: 2017 and Beyond • Go to • https://aws.amazon.com/cli/ • Connect with other AWS developers on the CLI community forum • Find examples and more in the User Guide
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU!