Table of contents
The AWS Command Line Interface (CLI) is a tool that you can use to download, manage and configure AWS services. You can control multiple AWS services from the command line and automate them through scripts. AWS Command-line interface provides the best usability and control over AWS services. Infrastructure configuration through AWS Web console is quite a difficult and time-consuming process where AWS CLI comes into the picture and makes the configuration quick, easy, and efficient. It saves a lot of time and increases productivity among the working team. In short you can say it eases developers job.
AWS CLI is a tool that pulls all the AWS services together in one central console, giving you easy control of multiple AWS services with a single tool. The acronym stands for Amazon Web Services Command Line Interface because, as its name suggests, users operate it from the command line. With it, you can control services manually or automate them with powerful scripts.
The AWS CLI provides direct access to the public APIs of AWS services. You can explore a service's capabilities with the AWS CLI, and develop shell scripts to manage your resources. In addition to the low-level, API-equivalent commands, several AWS services provide customizations for the AWS CLI. Customizations can include higher-level commands that simplify using a service with a complex API.
The AWS CLI is available in two versions and information in this guide applies to both versions unless stated otherwise.
Version 2.x – The current, generally available release of the AWS CLI that is intended for use in production environments.
Version 1.x – The previous version of the AWS CLI that is available for backwards compatibility.
Table Of Contents
- Benefits of AWS Command-Line Interface
- Data Encryption in AWS CLI
- Best Practices For Using AWS Command-line interface
- How To Setup AWS Command Line Interface And Configure it
- The AWS CLI Reference Documentation
- CLI Commands to Test Installation
Benefits of AWS Command-line interface
- Easy to Install: Before CLI was introduced, we had something called AWS EC2 Application programming tool kit, and installing this tool kit involves several difficult steps. The user has to set up multiple environment Variables while it would be difficult to set up. Instead of this AWS, CLI is just a one-step process.
- Supports all AWS services: AWS CLI is compatible with all the services like EC2, RDS, Beanstalk, SQS, and SNS, etc.
- Time-Saving: AWS command-line interfaces save a lot of time installing and managing AWS services. Because all the services are getting managed by commands and also we don’t have to follow traditional method (through web console) to manage services.
- Scripting Automation: It’s easy to automate the process of managing and controlling services by writing the script in any programming language.
A key feature of any secure service is that information is encrypted when it is not being actively used.
- Encryption at rest :-
The AWS CLI does not itself store any customer data other than the credentials it needs to interact with the AWS services on the user's behalf.
If you use the AWS CLI to invoke an AWS service that transmits customer data to your local computer for storage, then refer to the Security & Compliance chapter in that service's User Guide for information on how that data is stored, protected, and encrypted.
- Encryption in transit
By default, all data transmitted from the client computer running the AWS CLI and AWS service endpoints is encrypted by sending everything through a HTTPS/TLS connection.
You don't need to do anything to enable the use of HTTPS/TLS. It is always enabled unless you explicitly disable it for an individual command by using the --no-verify-ssl command line option.
Best Practices For Using AWS Command-line interface
Since the interface is a controller for all of Amazon’s web services, best practices for using it well are largely the same as those for AWS as a whole.
- Protect or don't create your root user access key:- With great power comes great responsibility. The command line interface makes everything easier for managing Amazon Web Services for hackers as well as white hat users. Never use root accounts for day to day interactions. Don’t generate a root access key for your AWS root account.
- Use IAM roles instead of long-term access keys:- Only allow app-layer access to your database layer. Allow outside-world connections only where it’s absolutely necessary and deny all other internet traffic.
- Backup early, backup often:- Use Amazon EBS snapshots to back up your instance regularly. Test recovery resources before an emergency happens. Here’s Amazon’s documentation on how to automate backups.
- Use the Trusted Advisor:- Amazon calls Trusted Advisor “your customized cloud expert!” It actually analyzes your AWS environment, helping you to adhere to best practices. The Trusted Advisor looks for ways to save money, close security gaps, and improve system reliability and performance. You can access Trusted Advisor from the AWS command line interface to check service limits, for example.
- Understand the Shared Responsibility Model:- Users manage things like their own data, operating system, and security. Amazon is responsible for infrastructure and services. This is true whether you’re using the standard GUI or the simpler, faster command line interface.
How to setup AWS CLI
Below you can see the AWS CLI resources dashboard from where your can install aws cli installer based upon your operating system. Visit this page here
There are different ways to install the AWS CLI on your machine, depending on what operating system you are using. For example,
1) On Microsoft Windows – use the MSI installer
2) On Linux, OS X, or UNIX – use pip or install manually using bundled installer. On Linux, you can use the bundled installer to install the AWS CLI.
If your computer doesn’t have Python installed, Python 2.6.3 or later
- Download the Python package for your operating system.
- Install Python by following the instructions in the README file (Linux, OS X, UNIX or Windows).
After CLI installation, we have to download the AWS Console access key.
For that, go to My Security Credentials ( Top right ) > choose Access keys > create New Access Key, then download that key to the local machine.
Now we can configure AWS CLI using command, aws configure and fill details like AWS keys, region and output format.
a) Region – AWS region to call your requests.
b) Output – The Command output format
c) AWS_ACCESS_KEY_ID – AWS access key.
d) AWS_SECRET_ACCESS_KEY – AWS secret key.
Access and secret key credentials stored in credential and configure files.
Once the configuration completes, it will create ‘.aws’ folder in user’s home directory along with configure file and credentials like below.
The AWS CLI Reference Documentation
While using aws cli AWS CLI Reference Documentation is one of the most important aws documentation which list all the available services supported by aws cli and associated actions that can be performed on that specific service.
Make sure to view the officail document here
CLI Commands to Test Installation
Hope, you have installed AWS CLI on your computer, Here are some suggestions to test AWS CLI after installation,
- Launch EC2 Instance :- The following run-instances example launches a single instance of type t2.micro into the default subnet for the current Region and associates it with the default subnet for the default VPC for the Region. The key pair is optional if you do not plan to connect to your instance using SSH (Linux) or RDP (Windows).
aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type t2.micro \ --key-name MyKeyPair
- To stop an Amazon EC2 instance: This example stops the specified Amazon EBS-backed instance
aws ec2 stop-instances --instance-ids <Your Instance Id's>
- Terminate-instances :- This example terminates the specified instance.
aws ec2 terminate-instances --instance-ids <Your Instance Id's>
- Delete an S3 bucket and all its contents with just one command :- This command will delete S3 bucket
$ aws s3 rb s3://bucket-name --force
- List the sizes of an S3 bucket and its contents:-The following command uses JSON output to list the size of a bucket and the items stored within. This might come in handy when auditing what is taking up all your S3 storage.
You can get help on the command line to see the supported services
aws s3api list-objects --bucket BUCKETNAME --output json --query "[sum(Contents.Size), length(Contents)]"
$ aws help
So, did you find my content helpful? If you did or like my other content, feel free to buy me a coffee. Thanks.