Setting up AWS CLI can be painful, but it doesn’t have to be anymore.
All you need to do is follow our no-fluff guide and set up your AWS CLI for success with crystal-clear instructions in under 5 minutes.
Let’s start with installing the CLI
For Linux / MacOS users
Install homebrew if you don’t have it already
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
If you use Arch BTW ;)
yay -Sy aws-cli-v2
Install AWS CLI using brew
brew install awscli
Your AWS CLI will be installed in no time.
For Windows users
Install chocolatey chocolatey if you don’t have it already:
- Open PowerShell in Admin (Run as Administrator)
- Run the command below to install chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Finally install AWS CLI using choco
choco install awscli
If this method didn’t work for you, you can try the MSI installer method described in this tutorial
Let’s create an IAM user for our AWS CLI!
Login to your AWS Console with admin access.
Go to your IAM User console.
Click on the Add Users button on the top-right of the Console.
Enter a username, e.g. my-cli-user.
Don’t use your existing IAM user, creating a sepaarate IAM user for CLI will help you pinpoint your activity logs in CloudTrail. Another article will be what happens when you accidentally make your Access Key public.
Click Next.
On the next screen, from the three options, select “Attach Policies Directly”. From the “Permissions’ Policies” tab, check the option AdministratorAccess. Scroll down and click Next.
To finish things off, on the Review and Create screen, simply click on Create User.
We see that our new user my-cli-user has been created successfully.
Generating Access Key and Secret for the CLI user
Click on my-cli-user.
Visit the Security credentials tab.
Scroll down and go to the Access Keys section, and click on Create Access Key button.
Select the Command Line Interface (CLI) option.
Scroll down and check the box for I understand the above recommendation and want to proceed to create an access key and hit Next.
Setting description tag is optional. Go ahead and click on Create Access Key.
Your access key has been created. You can simply download the .CSV file if you want to reuse it.
It won’t be shown again.
Configuring AWS CLI
To configure AWS CLI in our computer, run the following command.
aws configure --profile cli-user
INFO: You can omit the
--profile cli-userpart if you don’t plan on using multiple users.
It will ask for the following:
- Access Key
- Secret Access Key
- Region (e.g.
us-east-1) - Output Format (
jsonoryaml)
This is how it should look:
AWS Access Key ID [None]: AKIAS75KUR6WAVS3L3NE
AWS Secret Access Key [None]: aPklnUwaOMHTm/nVEvVXV6ZZyH2u/BHKOWFeKJk5
Default region name [None]: us-east-1
Default output format [None]: json
Now you are all set.
Testing your AWS CLI
Run the following command to know your IAM identity:
aws sts get-caller-identity --profile cli-user
You will see your user Id and ARN:
{
"UserId": "AIDAS75KUR6WHT3V6PS25",
"Account": "205979422636",
"Arn": "arn:aws:iam::205979422636:user/my-cli-user"
}
This means you have set up everything properly and you can use AWS CLI to its full potential.
From here you can take your productivity to the next level.
Here are the list of things you can do with AWS CLI:
- Copy files from S3 to your local computer, or another bucket.
- Get real-time CloudWatch logs in your terminal.
- Run DynamoDB queries from your terminal.
- Easily update and delete secrets in SSM / Secrets Manager.
- Invoke Lambdas from AWS CLI
The possibilities are endless, you just have to think about it.