How to Use the AWS CLI to Run Your Cloud Services Right from Your Keyboard – No GUI Required
As a busy developer or IT professional using AWS, you‘ve probably spent countless hours clicking around the AWS Management Console to launch instances, create S3 buckets, manage IAM permissions, and perform other cloud tasks. While the web GUI is great for getting started, you‘ll soon find that using the AWS Command Line Interface (CLI) is a faster, more efficient, and more scriptable way to get things done in AWS.
In this in-depth guide, I‘ll show you how to unleash the full power of the AWS CLI to manage all your cloud resources right from your terminal – no tedious web console required! We‘ll walk through installing and configuring the CLI, master the syntax of the most useful commands, and see detailed examples of using the CLI with Amazon EC2, S3, IAM, Lambda, VPC, and more.
By the end of this guide, you‘ll be able to ditch the GUI and perform any AWS task with just a few keystrokes on the command line. Let‘s dive in!
Why Use the AWS CLI?
While the AWS Management Console provides a user-friendly web interface, there are many benefits to using the AWS CLI instead:
- Speed – Performing AWS actions from the command line is much faster than navigating through the web console
- Scripting – The CLI allows you to write scripts to automate repetitive tasks and complex workflows
- DevOps – The CLI facilitates infrastructure-as-code and integrates with CI/CD pipelines
- Bulk operations – It‘s easy to perform bulk operations using the CLI
- Remote access – You can manage your cloud environment from anywhere you have shell access, without a web browser
Installing and Configuring the AWS CLI
The AWS CLI is a Python program that runs on Windows, macOS, and Linux. The easiest way to install it is using pip, the Python package manager:
$ pip install awscliOnce installed, configure the CLI with your AWS access keys and default region:
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: jsonYour access keys are now stored under ~/.aws/credentials and config on Linux/Mac or %UserProfile%.aws\credentials and config on Windows.
AWS CLI Command Syntax
AWS CLI commands follow this general syntax:
aws <service> <operation> [parameters]Where:
serviceis the AWS service like ec2, s3, iam, lambda, etc.operationis the action to perform like run-instances, create-bucket, create-user, etc.[parameters]are the arguments to pass in, specified as--key valuepairs
For example, to list your EC2 instances:
$ aws ec2 describe-instancesTo get help on a command:
$ aws ec2 run-instances helpLet‘s see some practical examples of using the CLI to manage AWS services.
Using the AWS CLI with Amazon EC2
To launch a new EC2 instance with the CLI:
$ aws ec2 run-instances \
--image-id ami-0c55b159cbfafe1f0 \
--instance-type t2.micro \
--key-name MyKeyPair \
--security-group-ids sg-0b0384b66d7d692f9This command specifies the AMI ID, instance type, key pair name, and security group ID to use. To get the IDs of your key pairs and security groups:
$ aws ec2 describe-key-pairs
$ aws ec2 describe-security-groupsTo stop an instance:
$ aws ec2 stop-instances --instance-ids i-0af00c0d4be1057c7To terminate an instance:
$ aws ec2 terminate-instances --instance-ids i-0af00c0d4be1057c7You can also use the CLI to create and attach EBS volumes, Elastic IP addresses, and other EC2 resources.
Using the AWS CLI with Amazon S3
To create a new S3 bucket with the CLI:
$ aws s3 mb s3://my-awesome-bucketTo upload a file to the bucket:
$ aws s3 cp my_file.txt s3://my-awesome-bucketTo sync an entire local directory to a bucket:
$ aws s3 sync my_dir s3://my-awesome-bucketTo list the contents of a bucket:
$ aws s3 ls s3://my-awesome-bucketTo delete a bucket (must be empty):
$ aws s3 rb s3://my-awesome-bucketYou can perform many other S3 operations with the CLI like setting bucket policies, configuring website hosting, and enabling versioning.
Using the AWS CLI with IAM
To create a new IAM user with the CLI:
$ aws iam create-user --user-name janeTo generate access keys for the user:
$ aws iam create-access-key --user-name janeTo attach a policy to the user:
$ aws iam attach-user-policy \
--user-name jane \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccessTo create a new role:
$ aws iam create-role --role-name my-ec2-role \
--assume-role-policy-document file://ec2-role-trust-policy.jsonThe trust policy specifies which entities can assume the role. You can also use the CLI to manage groups, policies, access keys, and other IAM resources.
Using the AWS CLI with Lambda
To create a new Lambda function with the CLI:
$ zip my-function.zip index.js
$ aws lambda create-function \
--function-name my-function \
--runtime nodejs12.x \
--handler index.handler \
--role arn:aws:iam::123456789012:role/lambda-ex
--zip-file fileb://my-function.zipThis command zips up your code, creates the Lambda function, specifies the runtime and handler, and attaches an IAM role for permissions.
To invoke the function:
$ aws lambda invoke \
--function-name my-function \
--payload ‘{"key":"value"}‘ \
output.txtThis invokes the function with a JSON payload and saves the response to output.txt.
You can also use the CLI to update function code/config, set up triggers, and manage other Lambda resources.
Using the AWS CLI with VPC
To create a new VPC with the CLI:
$ aws ec2 create-vpc --cidr-block 10.0.0.0/16To create a subnet in the VPC:
$ aws ec2 create-subnet \
--vpc-id vpc-0a60eb65b4EXAMPLE \
--cidr-block 10.0.1.0/24To create an internet gateway and attach it to the VPC:
$ aws ec2 create-internet-gateway
$ aws ec2 attach-internet-gateway \
--vpc-id vpc-0a60eb65b4EXAMPLE \
--internet-gateway-id igw-0d9a3d1cEXAMPLEYou can also use the CLI to create route tables, security groups, NAT gateways, VPC endpoints, and other networking components.
Tips for Using the AWS CLI Effectively
Here are some tips to help you get the most out of the AWS CLI:
-
Use command completion: The CLI supports tab completion for commands, parameters, and resource IDs. Enable it by running
complete -C aws_completer aws. -
Use shortcuts: The AWS CLI supports shortcuts like
--filtersto filter results and--queryto extract attributes from the JSON output. -
Output to a file: Use
>to save command output to a file, e.g.aws ec2 describe-instances > instances.json. -
Set a default region and output format: Run
aws configureto avoid specifying--regionand--outputon every command. -
Use MFA: The CLI supports multi-factor authentication for added security. Run
aws sts get-session-tokento get temporary credentials for your session.
Automating AWS with the CLI
The AWS CLI really shines when it comes to automation. Here are some ways to automate AWS using the CLI:
-
Shell scripts: Write Bash or PowerShell scripts that use the CLI to automate common tasks like launching instances or creating backups.
-
CloudFormation: Use the
aws cloudformationcommands to deploy and manage CloudFormation stacks that define your AWS infrastructure as code. -
AWS CDK: Write infrastructure as code in TypeScript, Python, Java, or C# and use the CDK CLI to deploy it using CloudFormation under the hood.
-
Terraform: Define your AWS resources in Terraform configuration files and use the
terraformCLI to deploy and manage them. -
CI/CD pipelines: Integrate the AWS CLI into your continuous integration and deployment pipelines to automate deployments to AWS on every code change.
Conclusion
The AWS CLI is an indispensable tool for any serious AWS developer or DevOps engineer. With the CLI, you can perform any operation you would normally do through the AWS console right from your terminal. We‘ve covered installing and configuring the CLI, the basic command syntax, and examples of using the CLI with major AWS services including EC2, S3, IAM, Lambda, and VPC.
We‘ve also looked at some tips and tricks for using the CLI more efficiently and how to integrate it into your automation workflows using shell scripts and infrastructure-as-code tools.
Armed with the AWS CLI, you‘re now ready to take your AWS productivity to the next level. Ditch the web console, dust off your keyboard, and happy cloud automating!