AWS command line note

Install AWS cli via pip

$ pip install awscli

You may also add auto-complete to you shell

Create credential via the browser

http://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html

Delete (if any) root credential and never use it.

 

Create an IAM user to access AWS

https://console.aws.amazon.com/iam/home?#

 

Add a user, and set access type to Programmatic Access

ami

Create a group and add the user to it

You need to attach policy (access right) in order to call them via AWS cli. For example

iam2

After the user and credentials are created, download them as a csv file

A credential should consists of three fields

  • User
  • Access key ID
  • Secret access key

You cannot edit existing credentials , the only way to modify them it to delete and create a new one.

Now, add the credential to configuration

$ aws configure

AWS Access Key ID [None]: YOUR ACCESS KEY
AWS Secret Access Key [None]: YOUR SCREAT ACCESS KEY
Default region name [None]: eu-central-1 (check region list)
Default output format [None]:

Note:
In this example, default configuration is use. If you have multiple account, add argument –profile [profile name] for each command. You can also specify the default user by setting the environment variable:

export AWS_DEFAULT_PROFILE=user1

Create a security group (firewall)

Note: You may need to add policy in IAM to have privilege to create a security group

$ aws ec2 create-security-group –group-name [devenv-sg] –description “security group for development environment in EC2”

Change the [devenv-sg] to and description to whatever you prefer

It will return the group id like
{
“GroupId”: “sg-9f0e86f7”
}

Add (firewall) rules to the security group

$ aws ec2 authorize-security-group-ingress –group-name [devenv-sg] –protocol tcp –port 22 –cidr [0.0.0.0/0]

Also change the cidr range for better security if needed.

Generate a key-pair, which is needed for the user to connect to the instance

$ aws ec2 create-key-pair –key-name [devenv-key] –query ‘KeyMaterial’ –output text > [devenv-key.pem]
$ chmod 400 devenv-key.pem

Launch an instance

$ aws ec2 run-instances –image-id [ami-26c43149] –security-group-ids [sg-9f0e86f7] –count 1 –instance-type [t2.micro] –key-name [devenv-key] –query ‘Instances[0].InstanceId’

It will return you instance-id like
“i-181b51a4”

Connect to the instance and get the public ip

$ aws ec2 describe-instances –instance-ids [i-181b51a4] –query ‘Reservations[0].Instances[0].PublicIpAddress’

It will return the public ip like
“54.183.22.255”

Connect to the instance with key-pair

$ ssh -i devenv-key.pem ubuntu@54.183.22.255

 

Advertisements