This document provides an overview of the key functionality and features of the AWS Command Line Interface (AWS CLI). It explores how to configure the AWS CLI by specifying credentials, profiles, and default settings. It also demonstrates how to use the AWS CLI to manage AWS services like EC2 and S3, including using features like waiters, queries, JSON templates, and IAM roles.

1. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
AWS Command Line Interface

2. Intro to the AWS CLI Exploring Key
Functionality
Looking at Advanced
CLI Features

3. Intro to the AWS CLI

4. AWS Command Line Interface
Unified tool to manage your AWS services

5. MSI (Windows)
Bundled (cross platform)
pip (cross platform)

6. aws configure

7. $ aws ec2 describe-instances
Service (command) Operation (subcommand)

8. $ aws iam list-access-keys
Service (command) Operation (subcommand)

9. {
"Places": [
{
"City": "Seattle",
"State": "WA"
},
{
"City": ”Las Vegas",
"State": "NV"
}
]
}
--output JSON

10. PLACES Seattle WA
PLACES Las Vegas NV
--output text

11. | SomeOperationName |
+ +
|| Places ||
|+- + +|
|| City | State ||
|+- + +|
|| Seattle | WA
|| Las Vegas | NV
||
||
|+- + +|
--output table

12. All Outputs
• JSON T
ext
PLACES
PLACES
Seattle WA
Las Vegas NV
T
able
| SomeOperationName |
+------------------------+
|| Places ||
|+------------+---------+|
|| City | State ||
|+------------+---------+|
|| Seattle | WA
|| Las Vegas | NV
||
||
|+------------+---------+|
{
"Places": [
{
"City": "Seattle",
"State": "WA"
},
{
"City": ”Las Vegas",
"State": "NV"
}
]
}

13. Demo
Basic AWS CLI Usage

14. Foundation
Exploring Key Functionality

15. Configuration

16. aws configure

17. aws configure
AWS access key ID [**ABCD]:
AWS secret access key [****************EFGH]:
Default region name [us-west-2]:
Default output format [None]:

18. aws configure <subcommand>

19. aws configure <subcommand>
list - list common configuration sources
get - get the value of a single config var
set - set the value of a single config var

20. aws configure get region

21. aws configure set profile.prod.region us-west-2

22. A profile is a group of configuration values

23. aws configure --profile prod

24. Configuration Files
~/.aws/credentials ~/.aws/config
• Supported by all AWS SDKs
• Only contains credentials
• Used only by the CLI
• Can contain credentials (but not
the default behavior)

25. ~/.aws/credentials ~/.aws/config

26. aws configure set profile.prod.aws_access_key_id foo
~/.aws/credentials ~/.aws/config

27. aws configure set profile.prod.aws_access_key_id foo
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo

28. aws configure set profile.prod.aws_secret_access_key bar
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo

29. aws configure set profile.prod.aws_secret_access_key bar
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar

30. aws configure set profile.prod.region uswest2
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar

31. aws configure set profile.prod.region uswest2
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar
[profile prod]
region = us-west-2

32. aws configure set profile.prod.output text
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar
[profile prod]
region = us-west-2

33. aws configure set profile.prod.output text
~/.aws/credentials ~/.aws/config
[prod]
aws_access_key_id = foo
aws_secret_access_key = bar
[profile prod]
region = us-west-2
output = text

34. create-new-user.sh

35. create-new-user.sh

36. create-new-user.sh

37. create-new-user.sh

38. create-new-user.sh

39. create-new-user.sh

40. Use the aws configure
suite of subcommands

41. Query

43. Implementation Details --query Processing

44. Implementation Details --query Processing

45. Implementation Details --query Processing

46. Implementation Details --query Processing

47. Implementation Details --query Processing
--query User[0].[UserName,Path,UserId]

48. Implementation Details --query Processing
--query User[0].[UserName,Path,UserId]

49. Implementation Details --query Processing

50. Implementation Details --query Processing

51. http://jmespath.org
A Query Language for JSON

52. Demo
JMESPATH

53. http://jmespath.org
A Query Language for JSON

54. Waiters

55. Amazon EC2 Instance State Transitions

56. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

57. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

58. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

59. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

60. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

61. ec2-instance-running.sh
#!/bin/bash
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state" != "running" ]
do
sleep 1
instance_state=$(aws ec2 describe-instances –instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done

62. ec2-waiters.sh
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
aws ec2 wait instance-running –instance-ids $instance_id

63. ec2-waiters.sh
instance_id=$(aws ec2 run-instances –image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
aws ec2 wait instance-running –instance-ids $instance_id
subcommand
waiter name
Describe-instances options

64. Advanced Scenarios
Looking at advanced AWS CLI features

65. Templates

66. The AWS CLI is data driven

67. Implementation Details JSON Models

68. Implementation Details JSON Models

69. Implementation Details JSON Models

70. aws ec2 run‐instances –cli-input-json file://arguments.json

71. What else can we do?

72. aws ec2 run‐instances –generate-cli-skeleton

73. Demo
Creating and using JSON templates

74. Credential Providers

75. Credential Providers

76. Credential Providers

77. Credential Providers

78. Credential Providers

79. Credential Providers

80. Delegate access to AWS resources using
AWS Identity and Access Management (IAM) roles

81. IAM Roles
Production Development

82. IAM Roles
Production Development

83. IAM Roles
Production Development
Role
Policy
TrustvPolicy
role

84. IAM Roles
Production Development
AssumeRole
AWS Security
Token Service
role

85. IAM Roles
Production Development
AssumeRole
AWS Security
Token Service
role
token

86. IAM Roles
Production Development
AssumeRole
AWS Security
Token Service
role
token

87. aws configure set profile.prodrole.role_arn arn:aws:iam…
aws configure set profile.prodrole.source_profile dev
configure-role.sh

88. ~/.aws/credentials ~/.aws/config
[profile prodrole]
role_arn = arn:aws:iam
source_profile = dev

89. ~/.aws/credentials ~/.aws/config
[profile prodrole]
role_arn = arn:aws:iam
source_profile = dev

90. Demo
Using roles with the AWS CLI

91. Amazon S3 Streaming

92. aws s3 cp

93. We want to avoid disk

94. aws s3 cp – s3://bucket/key

95. aws s3 cp s3://bucket/key -

96. Compress