Working with Command Line can be painful specially if you are on Windows.
It doesn’t have to be anymore.
You will learn:
- How to download and install AWS CLI V2 in your Windows OS.
- How to create an IAM user for AWS CLI
- How to create access key and secret for IAM user
- How to configure AWS CLI using
aws configure
Let’s start with installing the CLI
The easy way using chocolatey:
Install chocolatey if you don’t have it already:
- Open PowerShell in Admin (Run as Administrator)
- Run the command below to install chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Finally install AWS CLI using choco
choco install awscli
Install manually using the MSI installer
Click to show installation instructions
Open the installer.
Click on **Next**, accept the license agreement, then click Next again.
Now all you need to do is click on Install.
In few minutes your AWS CLI will be installed in your Windows operating system.
Let’s create an IAM user for our AWS CLI!
Login to your AWS Console with admin access.
Go to your IAM User console.
Click on the Add Users button on the top-right of the Console.
Enter a username, e.g. my-cli-user.
Don’t use your existing IAM user, creating a sepaarate IAM user for CLI will help you pinpoint your activity logs in CloudTrail. Another article will be what happens when you accidentally make your Access Key public.
Click Next.
On the next screen, from the three options, select “Attach Policies Directly”. From the “Permissions’ Policies” tab, check the option AdministratorAccess. Scroll down and click Next.
To finish things off, on the Review and Create screen, simply click on Create User.
We see that our new user my-cli-user has been created successfully.
Generating Access Key and Secret for the CLI user
Click on my-cli-user.
Visit the Security credentials tab.
Scroll down and go to the Access Keys section, and click on Create Access Key button.
Select the Command Line Interface (CLI) option.
Scroll down and check the box for I understand the above recommendation and want to proceed to create an access key and hit Next.
Setting description tag is optional. Go ahead and click on Create Access Key.
Your access key has been created. You can simply download the .CSV file if you want to reuse it.
It won’t be shown again.
Configuring AWS CLI
To configure AWS CLI in our computer, run the following command.
aws configure --profile cli-user
INFO: You can omit the
--profile cli-userpart if you don’t plan on using multiple users.
It will ask for the following:
- Access Key
- Secret Access Key
- Region (e.g.
us-east-1) - Output Format (
jsonoryaml)
This is how it should look:
AWS Access Key ID [None]: AKIAS75KUR6WAVS3L3NE
AWS Secret Access Key [None]: aPklnUwaOMHTm/nVEvVXV6ZZyH2u/BHKOWFeKJk5
Default region name [None]: us-east-1
Default output format [None]: json
Now you are all set.
Testing your AWS CLI
Run the following command to know your IAM identity:
aws sts get-caller-identity --profile cli-user
You will see your user Id and ARN:
{
"UserId": "AIDAS75KUR6WHT3V6PS25",
"Account": "205979422636",
"Arn": "arn:aws:iam::205979422636:user/my-cli-user"
}
This means you have set up everything properly and you can use AWS CLI to its full potential.
From here you can take your productivity to the next level.
Here are the list of things you can do with AWS CLI:
- Copy files from S3 to your local computer, or another bucket.
- Get real-time CloudWatch logs in your terminal.
- Run DynamoDB queries from your terminal.
- Easily update and delete secrets in SSM / Secrets Manager.
- Invoke Lambdas from AWS CLI
The possibilities are endless, you just have to think about it.