{"id":107000,"date":"2024-03-08T09:40:50","date_gmt":"2024-03-08T14:40:50","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=107000"},"modified":"2024-04-10T13:15:37","modified_gmt":"2024-04-10T17:15:37","slug":"how-to-use-aws-cli-amazon-linux","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-to-use-aws-cli-amazon-linux","title":{"rendered":"How to Use the AWS CLI with Amazon Linux"},"content":{"rendered":"\n
Jump to Tutorial<\/a><\/p>\n\n\n\n Amazon Web Services (AWS) provides a wide array of cloud computing solutions. Mastering the AWS Command Line Interface (CLI) is an essential skill for developers, system administrators, and cloud engineers working within its ecosystem. <\/p>\n\n\n\n Amazon Linux, an open source Linux distribution provided by AWS, is optimized for running on AWS infrastructure, making it a popular choice for cloud-based applications. It\u2019s an example of how mastering the CLI will provide better control over the system and increase efficiency. This tutorial offers a detailed guide on how to use the AWS CLI on an Amazon Linux instance, covering installation, configuration, and various use cases.<\/p>\n\n\n\n The AWS CLI is a powerful tool that enables users to interact with AWS services directly from the command line. It provides a consistent interface for controlling and automating AWS resources, streamlining the process of managing cloud infrastructure.<\/p>\n\n\n\n For this tutorial, we need an active AWS account, at least one AWS EC2 instance, and basic knowledge of Linux command line operations.<\/p>\n\n\n\n AWS Identity and Access Management (IAM) has multi-factor authentication<\/a> (MFA) features. It\u2019s advisable to enable MFA for your account.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n This step assumes that you\u2019ve already provisioned at least one EC2 instance so you can use the terminal or a SSH client to connect to it.<\/p>\n\n\n\n First, go to the Instance section in your AWS account.<\/p>\n\n\n\n Select the instance you want to connect to and select the Connect<\/strong> option from the menu.<\/p>\n\n\n\n Select the SSH client menu item and follow the instructions. <\/p>\n\n\n\n AWS Systems Manager\u00a0Session Manager<\/a> should be used whenever possible to avoid exposing a direct IP to the open web. There are oo open inbound ports and no need to manage bastion hosts or SSH keys.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n When copying the ssh <\/strong>command, make sure you are in the correct directory so you can load your private key and log in to the server.<\/p>\n\n\n\n If this is your first time logging in to the server, then you will receive a notice that the authenticity of the host can’t be established, so you need to type yes<\/strong> to proceed forward.<\/p>\n\n\n\n After this step, you are successfully logged into the instance.<\/p>\n\n\n\n It is a good idea to check for updates for your Amazon Linux instance.<\/p>\n\n\n\n We can do so by running the following command:<\/p>\n\n\n\n sudo dnf update<\/p>\n<\/div><\/div>\n\n\n\n In our case, since we provisioned our instance recently there are no pending updates, but it is always good to check for security patches for your packages.<\/p>\n\n\n\n Next, we need to check if AWS CLI is installed correctly. It\u2019s pre-installed on Amazon Linux so you can check its version by running the following command:<\/p>\n\n\n\n aws –version<\/p>\n<\/div><\/div>\n\n\n\n Next, we need to make sure we meet these prerequisites:<\/p>\n\n\n\n Once the AWS CLI is installed and configured you may created an AWS Instance Profiles<\/a>. Instance profiles are a container for an IAM role and provide temporary credentials with auto-rotation. <\/p>\n\n\n\n First, create an IAM role. Log into AWS and go to Access management<\/strong> | Roles<\/strong>, and then select Create<\/strong> role. Choose the option AWS EC2 Use Case and click on Next: Permissions<\/strong>. Attach the AdministratorAccess<\/strong> policy<\/a> to the role. Review and create the policy; attach the policy to the role and click on Create Role<\/strong>. Save it as “admin-role”.<\/p>\n\n\n\n Next, create an Instance Profile by entering the command:<\/p>\n\n\n\n Add the role with the following command:<\/p>\n\n\n\n You can associate an IAM instance profile with an instance with the following command:<\/p>\n\n\n\n aws ec2 associate-iam-instance-profile –instance-id i-123456789abcde123 –iam-instance-profile Name=admin-role An instance profile can contain only one IAM role, but the same role may be used across different profiles. The AWS SDK can detect these temporary credentials automatically, and no configuration of metadata is required. You can list the associated credentials if you run the aws-cli with the –debug flag. Dedicated IAM roles can be attached to the container<\/a> runtime. <\/p>\n\n\n\n See here<\/a> for more detail about managing Instance Profiles.<\/p>\n\n\n\n The section immediately below is deprecated and should be considered as an anti-pattern that should be avoided by security reasons. IAM Users and their static credentials should be avoided for accessing EC2 instances to reduce risks.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n aws configure<\/p>\n<\/div><\/div>\n\n\n\n aws configure list<\/p>\n<\/div><\/div>\n\n\n\n We can do multiple tasks with our CLI; for example, if we want to list out our instances, we can do so by running the following command:<\/p>\n\n\n\n aws ec2 describe-instances<\/p>\n<\/div><\/div>\n\n\n\n We can see the following output:<\/p>\n\n\n\n Next, we can create a new S3 bucket in our AWS account:<\/p>\n\n\n\n aws s3 mb s3:\/\/jumpcloud-test-1<\/p>\n<\/div><\/div>\n\n\n\n nano test.html<\/p>\n<\/div><\/div>\n\n\n\n In the file, we can place any text with HTML tags:<\/p>\n\n\n\n <h1>This is a simple html file.<\/h1><\/p>\n<\/div><\/div>\n\n\n\n Press Ctrl and O to write and Control and X to exit this file.<\/p>\n\n\n\n Now, we can upload our file to the bucket:<\/p>\n\n\n\n aws s3 cp test.html s3:\/\/jumpcloud-test-1<\/p>\n<\/div><\/div>\n\n\n\n We can list our objects in S3 bucket with CLI by running the following command:<\/p>\n\n\n\n aws s3 ls s3:\/\/jumpcloud-test-1 –recursive<\/p>\n<\/div><\/div>\n\n\n\n The –recursive<\/strong> option is used to list all objects in the bucket, not just the top-level directories.<\/p>\n\n\n\n We will further explore AWS CLI usage on our Amazon Linux instance by creating a script. This script will provide the functionality to list all S3 buckets in your AWS account, create a new S3 bucket, and upload a file to a specified bucket.<\/p>\n\n\n\n In the same directory create a new file for our script:<\/p>\n\n\n\n nano s3_manager.sh<\/p>\n<\/div><\/div>\n\n\n\n Here, paste the following code:<\/p>\n\n\n\n #!\/bin\/bash Save the file, then make it executable:<\/p>\n\n\n\n chmod +x s3_manager.sh<\/p>\n<\/div><\/div>\n\n\n\n Run the script and follow the instructions from the output:<\/p>\n\n\n\n .\/s3_manager.sh<\/p>\n<\/div><\/div>\n\n\n\n We can create a new S3 bucket directly through the menu by selecting the second option.<\/p>\n\n\n\n Here we can also upload our same test.html<\/strong> file to the new bucket, so we will run the script again but now we will select option 3<\/strong> and specify the file we want to upload.<\/p>\n\n\n\n There are times when you might run into some errors when working with AWS CLI. That can be due to syntax, permissions, or some limitations that may come up.<\/p>\n\n\n\n For example, let’s assume you are trying to upload a file to an S3 bucket, but the command is failing. We will go through the steps to identify and resolve the issue.<\/p>\n\n\n\n Run the command to upload your file to a bucket:<\/p>\n\n\n\n aws s3 cp myfile.txt s3:\/\/jumpcloud-test-2\/<\/p>\n<\/div><\/div>\n\n\n\n Here we will get the output that this user-provided path doesn’t exist:<\/p>\n\n\n\n If we want to upload our existing file into an S3 bucket that doesn’t exist we will get a similar error:<\/p>\n\n\n\n We can also try to list out any AWS RDS, which stands for Relational Database Service on AWS, but if we didn’t create any users for it, and the existing user only has permissions and full access to S3 services, we will again experience an error here.<\/p>\n\n\n\n aws rds describe-db-instances<\/p>\n<\/div><\/div>\n\n\n\n Since the AWS list of services is long and there can be various scenarios in the troubleshooting process, it is a good idea to consult CLI help by running the following command:<\/p>\n\n\n\n aws help<\/p>\n<\/div><\/div>\n\n\n\n Also, you can check their website for the latest updates<\/a> regarding AWS CLI.<\/p>\n\n\n\n We went through how to install, set up, and use AWS CLI on Amazon Linux, covering the basics, how to give the right permissions, and how to fix common problems. Your next step is to start using AWS CLI regularly to better manage your AWS resources and quickly solve any issues that come up.<\/p>\n\n\n\n To learn more useful skills for Amazon Linux management, check out one of the following tutorials:<\/p>\n\n\n\n \n Secure & Manage Linux Systems <\/p>\n \n Cross-OS device management for the modern organization <\/p>\n <\/div>\n Step 1: Connect to Your EC2 Instance<\/h2>\n\n\n\n
<\/p><\/div>
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/p><\/div>
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
Step 2: Configure Your Instance for CLI<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
\n
Configure an Instance Profile<\/h3>\n\n\n\n
aws iam create-instance-profile<\/code><\/a><\/p>\n<\/div><\/div>\n\n\n\n
aws iam add-role-to-instance-profile<\/code><\/a><\/p>\n<\/div><\/div>\n\n\n\n
Detach an instance profile that has a role attached from a stopped or active EC2 instance:\u00a0aws ec2 disassociate-iam-instance-profile<\/code><\/a>
To get information about profiles that are attached to a running EC2 instance:aws ec2 describe-iam-instance-profile-associations<\/code><\/a><\/p>\n<\/div><\/div>\n\n\n\n
<\/p><\/div>
For the sake of security, we will create a new set of access keys.<\/s><\/p>\n\n\n\nFirst, in the search bar in your AWS account, search for IAM<\/strong> and select Users<\/strong>.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Select the Create User option in the menu.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Here you can name your User, and it is a good practice to leave the AWS Console option unchecked for security reasons. Once you are done you can click on Next<\/strong>.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Next, whenever we create a new user, we need to select the permissions we will assign to it. In this example, we will give read-only access for EC2 instances, so that the user can list out instances and also AWS S3 full access, so we can create, view, and modify storage buckets.<\/s><\/p>\n\n\n\nFirst, we will select the option Attach policies directly <\/strong>and search for AmazonEC2ReadOnlyAccess <\/strong>in the search bar. Once found, select it.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
As mentioned above, we need to allow full access for AWS S3 so we can perform all operations.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Once done, click Next<\/strong>, <\/strong>and in the final step, you can review the settings and click Create User<\/strong>.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
You can view the user’s data once it is created.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
We can continue with the process by creating a new access key for our user.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
The use case we will select in the menu is CLI.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Finally, we need to accept the notice and click on Next<\/strong>.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
In this step, you can add the description for this user and proceed with the Create access<\/strong> key option.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
You will get all the information needed including access key ID and also the secret key.\u00a0<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Make sure to follow security recommendations from AWS in order to increase the level of security for your AWS account.<\/s><\/p>\n\n\n\nNow that we have a proper access key we will enter the following command:<\/s><\/p>\n\n\n\nHere we can enter our Access Key ID<\/strong>, Secret Key<\/strong>, Default region name<\/strong>, and Default output format<\/strong>.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
If you typically provision your instances in us-south-1, you can place that value. In this example, we are using eu-central-1 as our region.<\/s><\/p>\n\n\n\nAfter the configuration, we can verify the status, and should be able to see our access key in the list.<\/s><\/p>\n\n\n\n<\/figure>\n\n\n\n
Step 2: Basic AWS CLI Commands<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
From here, we can create a simple html file and upload it into our newly created S3 bucket:<\/p>\n\n\n\n<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
Step 3: Advanced CLI Usage<\/h2>\n\n\n\n
echo “AWS S3 Manager Script”
echo “Please choose an option:”
echo “1: List all S3 Buckets”
echo “2: Create a New S3 Bucket”
echo “3: Upload File to S3 Bucket”
read -p “Option: ” option
case $option in
1)
echo “Listing all S3 Buckets…”
aws s3 ls
;;
2)
read -p “Enter the new bucket name: ” bucket_name
aws s3 mb s3:\/\/$bucket_name
echo “Bucket created successfully.”
;;
3)
read -p “Enter the bucket name: ” bucket_name
read -p “Enter the file path to upload: ” file_path
aws s3 cp $file_path s3:\/\/$bucket_name\/
echo “File uploaded successfully.”
;;
*)
echo “Invalid option, please enter a number between 1 and 3.”
;;
esac<\/p>\n<\/div><\/div>\n\n\n\n<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
Step 4: Troubleshooting AWS CLI<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
\n
\n <\/div>\n