In this article I'll briefly demonstrate how we can access the AWS command line interface from an EC2 instance.
I've launched an Amazon Linux AMI instance and attached a role to it. I won't go through the entire instance launch wizard but I'll show you the step where I specified the role which is step 3 (Configure instance).
I have created a role of the type Amazon EC2 and attached EC2FullAccess policy with this role as shown in the below screenshot:
This will allow the instance to have access to all EC2 related actions from the AWS command line interface.
I used an IAM role here because the instance I'm using resides in my EC2 environment. In case you want to use AWS cli from an on premises server then you could create an IAM, generate access keys for that user and attach the appropriate policies to that user. You can then install AWS cli on your on premises instance and use the IAM users' access keys for authentication to AWS while running commands.
I chose to build an instance from the Amazon Linux AMI because it comes pre-configured with the AWS cli. But we can install it on other Linux variants fairly easily via pip.
The syntax to run an AWS cli command is as follows:
aws <service> <action>
To use help you can type aws help to get information on available commands for all services or type aws ec2 help to get information on available EC2 related commands only.
Here are examples of the same:
[ec2-user@ip-172-31-23-118 ~]$ aws help | more
AWS() AWS()
NAME
aws -
DESCRIPTION
The AWS Command Line Interface is a unified tool to manage your AWS
services.
SYNOPSIS
aws [options] <command> <subcommand> [parameters]
Use aws command help for information on a specific command. Use aws
help topics to view a list of available help topics. The synopsis for
each command shows its parameters and their usage. Optional parameters
are shown in square brackets.
OPTIONS
--debug (boolean)
Turn on debug logging.
--endpoint-url (string)
Override command's default URL with the given URL.
--no-verify-ssl (boolean)
By default, the AWS CLI uses SSL when communicating with AWS services.
For each SSL connection, the AWS CLI will verify SSL certificates. This
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 help | more
EC2() EC2()
NAME
ec2 -
DESCRIPTION
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing
capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 elim-
inates your need to invest in hardware up front, so you can develop and
deploy applications faster.
AVAILABLE COMMANDS
o accept-reserved-instances-exchange-quote
o accept-vpc-peering-connection
Now, after viewing the help pages lets run describe-instances command for EC2.
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances
You must specify a region. You can also configure your region by running "aws configure".
[ec2-user@ip-172-31-23-118 ~]$
As you may observe from the output we need to run aws configure first to set a few parameters.
[ec2-user@ip-172-31-23-118 ~]$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: US East
Default output format [None]:
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances
Invalid endpoint: https://ec2.US East.amazonaws.com
This throws an error because I wrote the region name incorrectly.
To correct this you could run aws configure again or edit the file ~/.aws/config.
[ec2-user@ip-172-31-23-118 .aws]$ ls
config
[ec2-user@ip-172-31-23-118 .aws]$ cat config
[default]
region = US East
[ec2-user@ip-172-31-23-118 ~]$ cd .aws/
[ec2-user@ip-172-31-23-118 .aws]$ cat config
[default]
region = us-east-1
Now when I run the describe-instances command I should get the desired output.
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances | more
{
"Reservations": [
{
"OwnerId": "242386062125",
"ReservationId": "r-02d7e6663b8d8dde5",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ec2-54-147-27-195.compute-1.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
Now lets view the AWS regions available to us:
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-regions
{
"Regions": [
{
"Endpoint": "ec2.ap-south-1.amazonaws.com",
"RegionName": "ap-south-1"
},
{
"Endpoint": "ec2.eu-west-2.amazonaws.com",
"RegionName": "eu-west-2"
},
{
"Endpoint": "ec2.eu-west-1.amazonaws.com",
"RegionName": "eu-west-1"
},
{
"Endpoint": "ec2.ap-northeast-2.amazonaws.com",
"RegionName": "ap-northeast-2"
},
{
"Endpoint": "ec2.ap-northeast-1.amazonaws.com",
"RegionName": "ap-northeast-1"
},
{
"Endpoint": "ec2.sa-east-1.amazonaws.com",
"RegionName": "sa-east-1"
},
{
"Endpoint": "ec2.ca-central-1.amazonaws.com",
"RegionName": "ca-central-1"
},
{
"Endpoint": "ec2.ap-southeast-1.amazonaws.com",
"RegionName": "ap-southeast-1"
},
{
"Endpoint": "ec2.ap-southeast-2.amazonaws.com",
"RegionName": "ap-southeast-2"
},
{
"Endpoint": "ec2.eu-central-1.amazonaws.com",
"RegionName": "eu-central-1"
},
{
"Endpoint": "ec2.us-east-1.amazonaws.com",
"RegionName": "us-east-1"
},
{
"Endpoint": "ec2.us-east-2.amazonaws.com",
"RegionName": "us-east-2"
},
{
"Endpoint": "ec2.us-west-1.amazonaws.com",
"RegionName": "us-west-1"
},
{
"Endpoint": "ec2.us-west-2.amazonaws.com",
"RegionName": "us-west-2"
}
]
}
This concludes this brief but insightful introduction to the AWS command line interface.
I hope this article was helpful to you and I thank you for reading.
I've launched an Amazon Linux AMI instance and attached a role to it. I won't go through the entire instance launch wizard but I'll show you the step where I specified the role which is step 3 (Configure instance).
I have created a role of the type Amazon EC2 and attached EC2FullAccess policy with this role as shown in the below screenshot:
This will allow the instance to have access to all EC2 related actions from the AWS command line interface.
I used an IAM role here because the instance I'm using resides in my EC2 environment. In case you want to use AWS cli from an on premises server then you could create an IAM, generate access keys for that user and attach the appropriate policies to that user. You can then install AWS cli on your on premises instance and use the IAM users' access keys for authentication to AWS while running commands.
I chose to build an instance from the Amazon Linux AMI because it comes pre-configured with the AWS cli. But we can install it on other Linux variants fairly easily via pip.
The syntax to run an AWS cli command is as follows:
aws <service> <action>
To use help you can type aws help to get information on available commands for all services or type aws ec2 help to get information on available EC2 related commands only.
Here are examples of the same:
[ec2-user@ip-172-31-23-118 ~]$ aws help | more
AWS() AWS()
NAME
aws -
DESCRIPTION
The AWS Command Line Interface is a unified tool to manage your AWS
services.
SYNOPSIS
aws [options] <command> <subcommand> [parameters]
Use aws command help for information on a specific command. Use aws
help topics to view a list of available help topics. The synopsis for
each command shows its parameters and their usage. Optional parameters
are shown in square brackets.
OPTIONS
--debug (boolean)
Turn on debug logging.
--endpoint-url (string)
Override command's default URL with the given URL.
--no-verify-ssl (boolean)
By default, the AWS CLI uses SSL when communicating with AWS services.
For each SSL connection, the AWS CLI will verify SSL certificates. This
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 help | more
EC2() EC2()
NAME
ec2 -
DESCRIPTION
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing
capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 elim-
inates your need to invest in hardware up front, so you can develop and
deploy applications faster.
AVAILABLE COMMANDS
o accept-reserved-instances-exchange-quote
o accept-vpc-peering-connection
Now, after viewing the help pages lets run describe-instances command for EC2.
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances
You must specify a region. You can also configure your region by running "aws configure".
[ec2-user@ip-172-31-23-118 ~]$
As you may observe from the output we need to run aws configure first to set a few parameters.
[ec2-user@ip-172-31-23-118 ~]$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: US East
Default output format [None]:
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances
Invalid endpoint: https://ec2.US East.amazonaws.com
This throws an error because I wrote the region name incorrectly.
To correct this you could run aws configure again or edit the file ~/.aws/config.
[ec2-user@ip-172-31-23-118 .aws]$ ls
config
[ec2-user@ip-172-31-23-118 .aws]$ cat config
[default]
region = US East
[ec2-user@ip-172-31-23-118 ~]$ cd .aws/
[ec2-user@ip-172-31-23-118 .aws]$ cat config
[default]
region = us-east-1
Now when I run the describe-instances command I should get the desired output.
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-instances | more
{
"Reservations": [
{
"OwnerId": "242386062125",
"ReservationId": "r-02d7e6663b8d8dde5",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ec2-54-147-27-195.compute-1.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
Now lets view the AWS regions available to us:
[ec2-user@ip-172-31-23-118 ~]$ aws ec2 describe-regions
{
"Regions": [
{
"Endpoint": "ec2.ap-south-1.amazonaws.com",
"RegionName": "ap-south-1"
},
{
"Endpoint": "ec2.eu-west-2.amazonaws.com",
"RegionName": "eu-west-2"
},
{
"Endpoint": "ec2.eu-west-1.amazonaws.com",
"RegionName": "eu-west-1"
},
{
"Endpoint": "ec2.ap-northeast-2.amazonaws.com",
"RegionName": "ap-northeast-2"
},
{
"Endpoint": "ec2.ap-northeast-1.amazonaws.com",
"RegionName": "ap-northeast-1"
},
{
"Endpoint": "ec2.sa-east-1.amazonaws.com",
"RegionName": "sa-east-1"
},
{
"Endpoint": "ec2.ca-central-1.amazonaws.com",
"RegionName": "ca-central-1"
},
{
"Endpoint": "ec2.ap-southeast-1.amazonaws.com",
"RegionName": "ap-southeast-1"
},
{
"Endpoint": "ec2.ap-southeast-2.amazonaws.com",
"RegionName": "ap-southeast-2"
},
{
"Endpoint": "ec2.eu-central-1.amazonaws.com",
"RegionName": "eu-central-1"
},
{
"Endpoint": "ec2.us-east-1.amazonaws.com",
"RegionName": "us-east-1"
},
{
"Endpoint": "ec2.us-east-2.amazonaws.com",
"RegionName": "us-east-2"
},
{
"Endpoint": "ec2.us-west-1.amazonaws.com",
"RegionName": "us-west-1"
},
{
"Endpoint": "ec2.us-west-2.amazonaws.com",
"RegionName": "us-west-2"
}
]
}
This concludes this brief but insightful introduction to the AWS command line interface.
I hope this article was helpful to you and I thank you for reading.
Thanks for providing your information and Keep update and share AWS Online Training
ReplyDeleteIt is really a great work and the way in which you are sharing the knowledge is excellent.
ReplyDeleteaws training in omr | aws training in velachery | best aws training center in chennai
very informative blog and useful article thank you for sharing with us , keep posting learn more about aws with cloud computing,AWS Training
ReplyDeleteI am very happy to visit your blog. This is definitely helpful to me, eagerly waiting for more updates.
ReplyDeleteR Training in Chennai
R Programming Training in Chennai
Machine Learning Course in Chennai
Machine Learning Training in Chennai
Data Science Course in Chennai
Data Science Training in Chennai
Data Science Training in Anna Nagar
Machine Learning Training in Chennai
very useful information, the post shared was very nice
ReplyDeleteAWS Online Training
Nice Article!!!
ReplyDeleteAWS Training
AWS certification training
Nice post. Keeo updating more and more AWS Online Training
ReplyDelete