AWS From Scratch 04 - Command Line Interface

Up to this point I've showed you how to interact with AWS using a web browser, and although this is convenient, it is not always the best tool for the job.

This post will discus how to work with AWS just by typing commands into the terminal, and for the sake of simplicity, I will be focusing on the Mac OS.

Homebrew

Before we get going, make sure you have Homebrew installed. We will use the Homebrew package manager to install the AWS command line interface (cli).

Install the AWS CLI

The installation process is simple when using Homebrew. Just open up a terminal an type:

brew install awscli

Once the installation is complete

Configuration

If you have been following along with this series, you should have created a sandbox account and assigned administrative privileges to the IAM user you created (in my case the user name is alex).

Get your access keys from the AWS access portal.

Open your AWS access portal (See Login with Identity Center User in AWS From Scratch 02).

Under AWS Accounts, click the arrow next to the account you would like to use with the command line interface (for this tutorial we will use the previously created sandbox account).

Click on the Access keys link

Use the copy buttons to copy the SSO start URL and SSO Region. You will need both of these for the next step.

Open the terminal and type

aws configure sso

For session name use the name of the account and the permission set (e.g. sandbox-admin)

For the start url use the SSO Region you copied from the Get credentials screen (e.g. us-west-1)

For registration scopes accept the default sso:account:access

A warning will pop up saying that python has been modified, go ahead and accept the modification.

A browser window will ask for permission to allow access to your aws account from python, go ahead and allow this.

Choose the account you would like to use (e.g. sandbox)

Choose the role name (e.g. AdministratorAccess)

Set the default region for the CLI (e.g. us-west-1)

Set the output format to json (this is the default, other options are text and table, see Setting the output format in the AWS CLI)

For the profile name use the same naming convention as for the session name account and the permission (e.g. sandbox-admin)

SSO session name (Recommended): sandbox-admin
SSO start URL [None]: https://xxxxxxxxxxxxx.awsapps.com/start/#
SSO region [None]: us-west-1
SSO registration scopes [sso:account:access]:
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://oidc.us-west-1.amazonaws.com/authorize?xxxxxxxxxxxxxxxxx
There are 2 AWS accounts available to you.
Using the account ID xxxxxxxxxxxx
There are 2 roles available to you.
Using the role name "AdministratorAccess"
CLI default client Region [None]: us-west-1
CLI default output format [None]: json
CLI profile name [xxxxxxxxxxxx]: sandbox-admin

To use this profile, specify the profile name using --profile, as shown:

aws s3 ls --profile sandbox-admin

Other Helpful commands:

aws configure list-profiles
aws sso login --profile sandbox-admin #login to aws using the profile you just created