AWS command line note

Install AWS cli via pip

$ pip install awscli

You may also add auto-complete to you shell

Create credential via the browser

Delete (if any) root credential and never use it.


Create an IAM user to access AWS


Add a user, and set access type to Programmatic Access


Create a group and add the user to it

You need to attach policy (access right) in order to call them via AWS cli. For example


After the user and credentials are created, download them as a csv file

A credential should consists of three fields

  • User
  • Access key ID
  • Secret access key

You cannot edit existing credentials , the only way to modify them it to delete and create a new one.

Now, add the credential to configuration

$ aws configure

AWS Secret Access Key [None]: YOUR SCREAT ACCESS KEY
Default region name [None]: eu-central-1 (check region list)
Default output format [None]:

In this example, default configuration is use. If you have multiple account, add argument –profile [profile name] for each command. You can also specify the default user by setting the environment variable:


Create a security group (firewall)

Note: You may need to add policy in IAM to have privilege to create a security group

$ aws ec2 create-security-group –group-name [devenv-sg] –description “security group for development environment in EC2”

Change the [devenv-sg] to and description to whatever you prefer

It will return the group id like
“GroupId”: “sg-9f0e86f7”

Add (firewall) rules to the security group

$ aws ec2 authorize-security-group-ingress –group-name [devenv-sg] –protocol tcp –port 22 –cidr []

Also change the cidr range for better security if needed.

Generate a key-pair, which is needed for the user to connect to the instance

$ aws ec2 create-key-pair –key-name [devenv-key] –query ‘KeyMaterial’ –output text > [devenv-key.pem]
$ chmod 400 devenv-key.pem

Launch an instance

$ aws ec2 run-instances –image-id [ami-26c43149] –security-group-ids [sg-9f0e86f7] –count 1 –instance-type [t2.micro] –key-name [devenv-key] –query ‘Instances[0].InstanceId’

It will return you instance-id like

Connect to the instance and get the public ip

$ aws ec2 describe-instances –instance-ids [i-181b51a4] –query ‘Reservations[0].Instances[0].PublicIpAddress’

It will return the public ip like

Connect to the instance with key-pair

$ ssh -i devenv-key.pem ubuntu@