How to Use the AWS CLI to Run Your Cloud Services Right from Your Keyboard – No GUI Required
As a busy developer or IT professional using AWS, you‘ve probably spent countless hours clicking around the AWS Management Console to launch instances, create S3 buckets, manage IAM permissions, and perform other cloud tasks. While the web GUI is great for getting started, you‘ll soon find that using the AWS Command Line Interface (CLI) is a faster, more efficient, and more scriptable way to get things done in AWS.
In this in-depth guide, I‘ll show you how to unleash the full power of the AWS CLI to manage all your cloud resources right from your terminal – no tedious web console required! We‘ll walk through installing and configuring the CLI, master the syntax of the most useful commands, and see detailed examples of using the CLI with Amazon EC2, S3, IAM, Lambda, VPC, and more.
By the end of this guide, you‘ll be able to ditch the GUI and perform any AWS task with just a few keystrokes on the command line. Let‘s dive in!
Why Use the AWS CLI?
While the AWS Management Console provides a user-friendly web interface, there are many benefits to using the AWS CLI instead:
- Speed – Performing AWS actions from the command line is much faster than navigating through the web console
- Scripting – The CLI allows you to write scripts to automate repetitive tasks and complex workflows
- DevOps – The CLI facilitates infrastructure-as-code and integrates with CI/CD pipelines
- Bulk operations – It‘s easy to perform bulk operations using the CLI
- Remote access – You can manage your cloud environment from anywhere you have shell access, without a web browser
Installing and Configuring the AWS CLI
The AWS CLI is a Python program that runs on Windows, macOS, and Linux. The easiest way to install it is using pip, the Python package manager:
$ pip install awscli
Once installed, configure the CLI with your AWS access keys and default region:
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
Your access keys are now stored under ~/.aws/credentials and config on Linux/Mac or %UserProfile%.aws\credentials and config on Windows.
AWS CLI Command Syntax
AWS CLI commands follow this general syntax:
aws <service> <operation> [parameters]
Where:
service
is the AWS service like ec2, s3, iam, lambda, etc.operation
is the action to perform like run-instances, create-bucket, create-user, etc.[parameters]
are the arguments to pass in, specified as--key value
pairs
For example, to list your EC2 instances:
$ aws ec2 describe-instances
To get help on a command:
$ aws ec2 run-instances help
Let‘s see some practical examples of using the CLI to manage AWS services.
Using the AWS CLI with Amazon EC2
To launch a new EC2 instance with the CLI:
$ aws ec2 run-instances \
--image-id ami-0c55b159cbfafe1f0 \
--instance-type t2.micro \
--key-name MyKeyPair \
--security-group-ids sg-0b0384b66d7d692f9
This command specifies the AMI ID, instance type, key pair name, and security group ID to use. To get the IDs of your key pairs and security groups:
$ aws ec2 describe-key-pairs
$ aws ec2 describe-security-groups
To stop an instance:
$ aws ec2 stop-instances --instance-ids i-0af00c0d4be1057c7
To terminate an instance:
$ aws ec2 terminate-instances --instance-ids i-0af00c0d4be1057c7
You can also use the CLI to create and attach EBS volumes, Elastic IP addresses, and other EC2 resources.
Using the AWS CLI with Amazon S3
To create a new S3 bucket with the CLI:
$ aws s3 mb s3://my-awesome-bucket
To upload a file to the bucket:
$ aws s3 cp my_file.txt s3://my-awesome-bucket
To sync an entire local directory to a bucket:
$ aws s3 sync my_dir s3://my-awesome-bucket
To list the contents of a bucket:
$ aws s3 ls s3://my-awesome-bucket
To delete a bucket (must be empty):
$ aws s3 rb s3://my-awesome-bucket
You can perform many other S3 operations with the CLI like setting bucket policies, configuring website hosting, and enabling versioning.
Using the AWS CLI with IAM
To create a new IAM user with the CLI:
$ aws iam create-user --user-name jane
To generate access keys for the user:
$ aws iam create-access-key --user-name jane
To attach a policy to the user:
$ aws iam attach-user-policy \
--user-name jane \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
To create a new role:
$ aws iam create-role --role-name my-ec2-role \
--assume-role-policy-document file://ec2-role-trust-policy.json
The trust policy specifies which entities can assume the role. You can also use the CLI to manage groups, policies, access keys, and other IAM resources.
Using the AWS CLI with Lambda
To create a new Lambda function with the CLI:
$ zip my-function.zip index.js
$ aws lambda create-function \
--function-name my-function \
--runtime nodejs12.x \
--handler index.handler \
--role arn:aws:iam::123456789012:role/lambda-ex
--zip-file fileb://my-function.zip
This command zips up your code, creates the Lambda function, specifies the runtime and handler, and attaches an IAM role for permissions.
To invoke the function:
$ aws lambda invoke \
--function-name my-function \
--payload ‘{"key":"value"}‘ \
output.txt
This invokes the function with a JSON payload and saves the response to output.txt.
You can also use the CLI to update function code/config, set up triggers, and manage other Lambda resources.
Using the AWS CLI with VPC
To create a new VPC with the CLI:
$ aws ec2 create-vpc --cidr-block 10.0.0.0/16
To create a subnet in the VPC:
$ aws ec2 create-subnet \
--vpc-id vpc-0a60eb65b4EXAMPLE \
--cidr-block 10.0.1.0/24
To create an internet gateway and attach it to the VPC:
$ aws ec2 create-internet-gateway
$ aws ec2 attach-internet-gateway \
--vpc-id vpc-0a60eb65b4EXAMPLE \
--internet-gateway-id igw-0d9a3d1cEXAMPLE
You can also use the CLI to create route tables, security groups, NAT gateways, VPC endpoints, and other networking components.
Tips for Using the AWS CLI Effectively
Here are some tips to help you get the most out of the AWS CLI:
-
Use command completion: The CLI supports tab completion for commands, parameters, and resource IDs. Enable it by running
complete -C aws_completer aws
. -
Use shortcuts: The AWS CLI supports shortcuts like
--filters
to filter results and--query
to extract attributes from the JSON output. -
Output to a file: Use
>
to save command output to a file, e.g.aws ec2 describe-instances > instances.json
. -
Set a default region and output format: Run
aws configure
to avoid specifying--region
and--output
on every command. -
Use MFA: The CLI supports multi-factor authentication for added security. Run
aws sts get-session-token
to get temporary credentials for your session.
Automating AWS with the CLI
The AWS CLI really shines when it comes to automation. Here are some ways to automate AWS using the CLI:
-
Shell scripts: Write Bash or PowerShell scripts that use the CLI to automate common tasks like launching instances or creating backups.
-
CloudFormation: Use the
aws cloudformation
commands to deploy and manage CloudFormation stacks that define your AWS infrastructure as code. -
AWS CDK: Write infrastructure as code in TypeScript, Python, Java, or C# and use the CDK CLI to deploy it using CloudFormation under the hood.
-
Terraform: Define your AWS resources in Terraform configuration files and use the
terraform
CLI to deploy and manage them. -
CI/CD pipelines: Integrate the AWS CLI into your continuous integration and deployment pipelines to automate deployments to AWS on every code change.
Conclusion
The AWS CLI is an indispensable tool for any serious AWS developer or DevOps engineer. With the CLI, you can perform any operation you would normally do through the AWS console right from your terminal. We‘ve covered installing and configuring the CLI, the basic command syntax, and examples of using the CLI with major AWS services including EC2, S3, IAM, Lambda, and VPC.
We‘ve also looked at some tips and tricks for using the CLI more efficiently and how to integrate it into your automation workflows using shell scripts and infrastructure-as-code tools.
Armed with the AWS CLI, you‘re now ready to take your AWS productivity to the next level. Ditch the web console, dust off your keyboard, and happy cloud automating!