aws aws-cli linux | unix

AWS CLI – some advanced features

Some advanced features of AWS CLI

Some Commands:

aws configure list – lists all the currently configured options for AWS CLI

aws configure set profile.prod.region us-west-2 – This command will set the default region for prod profile to us-west-2
aws configure --profile prod – This command configure a prod profile besides the default one.  
aws configure set profile.prod.aws_access_key_id JLJKLJODJOJDLDDDLJDL – This command would setthe access key ID of prod profile. In this command, if the profile prod is not currently configured and you only have the default profile in your ~/.aws/credentials file, then it would automatically create the prod profile for you in the credentials file and add the access key in that file. The same holds true for the following command which would add the secret access key for the profile prod:
aws configure set profile.test.aws_secret_access_key JLJKLJODJOJDLDDDLJDL
 
Similarly:
aws configure set profile.prod.region us-west-1
aws configure set profile.prod.output text
However, the above two commands would save the output in the config file rather than the credentials file, as mentioned above.
Also to note, if you just want to change the region of the current CLI profile you are working with, you just have to supply this command:
aws configure set region us-west-1

AWS Configuration Files:
~/.aws/credentials – This file stores the credentials and some times the session token if STS is configured
~/.aws/config – This file stores the configuration settings such as the currently set region and the set output format etc.

AWS CLI credentials providers:

The AWS CLI uses a set of credential providers to look for AWS credentials. Each credential provider looks in a different place, such as the system or user environment variables, local AWS configuration files, or explicitly declared on the command line as a parameter. The AWS CLI looks for credentials and configuration settings by invoking the providers in the following order, stopping when it finds a set of credentials to use:

Command line options – You can specify --region--output, and --profile as parameters on the command line.

Environment variables – You can store values in the environment variables:AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. If they are present, then they are used.

The CLI credentials file – This is one of the files that is updated when you run the command aws configure. The file is located at ~/.aws/credentials on Linux, macOS, or Unix, or at C:\Users\USERNAME\.aws\credentials on Windows. This file can contains the credential details for the default profile and any named profiles.

The CLI configuration file – This is another one of the files that is updated when you run the command aws configure. The file is located at ~/.aws/config on Linux, macOS, or Unix, or at C:\Users\USERNAME\.aws\config on Windows. This file contains the configuration settings for the default profile and any named profiles.

Container credentials – You can associate an IAM role with each of your Amazon Elastic Container Service task definitions. Temporary credentials for that role are then available to that task’s containers. For more information see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.

Instance profile credentials – You can associate an IAM role with each of your Amazon Elastic Compute Cloud (Amazon EC2) instances. Temporary credentials for that role are then available to code running in the instance. The credentials are delivered through the Amazon EC2 metadata service. For more information, see IAM Roles for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances and Using Instance Profiles in the IAM User Guide.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen + fifteen =