Why do I need the AWS CLI ๐คทโโ๏ธ๐คทโโ๏ธ? The Management console works!
Hi, warm welcome to my blog again as I write on DevOps tools and AWS my core interests :). This article is targeted at newbies just starting with DevOps or the Cloud. so I'll list out the prerequisites needed to follow the demo examples in this article which we will create an Admin account and interact with that account using the CLI. We'll be creating an s3 bucket using the CLI
Basic Knowledge of AWS
Terminal or Command line
An AWS account
So a lot of newbies in the cloud use AWS management console to create resources and manage them but when they later hear about creating resources using the CLI, thoughts then come about what it's going to be used for if a beautiful console with all the useful buttons exists? ๐ง
The AWS CLI is just interacting with your AWS account just the way you use the management console but this time by passing commands to your command line, terminal or any Linux machine you have as long as you have your AWS account's credentials configured to that machine.
I'll give you two pros and two cons of this powerful AWS tool so you can best understand its use cases and how it can help you in any of your DevOps or Cloud solution. Let's start with the pros
Automation & Scripting: Since you'll be interacting with AWS using the CLI it automatically gives you the superpower of writing scripts that can interact with your AWS account programmatically, for example, let's say you need to pass a command that should upload all log files you got from your server to an s3 bucket every week, instead of downloading the files to your local machine every weekend and then upload them using the management console, you can just write a cron job that runs every weekend and automatically uploads those files to s3. In all cases, the first option of downloading the files from the server to your local machine is wrong because some files you'll want to upload to s3 are customer data which should be kept with all confidentiality.
Integration with Other tools: The AWS cli allows you to integrate it with other tools I'll state an example let's say you have a web application and you want to deploy this web application on Elastic Beanstalk. Using the console works greatly! But what if you wanted to implement a CI/CD pipeline with Jenkins to automatically deploy a new version of your application's code when you make some change in your version control (git)? This is where the power of the CLI comes in you can just easily pass commands to Jenkins to interact with your elasticbeanstalk environment to deploy the new version change that will be automatically triggered.
There are many other interesting Pros of the AWS CLI that you could explore but let's not leave out the cons of using the AWS CLI
Versioning: One thing with the AWS CLI, when new services roll out, older versions of the CLI do not support them so you'll have to ensure your CLI version is up to date when working with these services for example you can't use AWS Amplify using the aws
command rather you'll have to install amplify on its own as a command line tool.
Commands Complexity: Sometimes commands in the CLI can be quite complex and will require high familiarity with the docs. Nevertheless, the docs is your friend so you're free to always go back to it.
Now let's build a demo with the knowledge we have. For this article, we will create an IAM admin account that has access to all AWS resources and then get keys for that account. We'll install AWS CLI and configure those keys on a Linux machine and then finally create an s3 bucket and delete it when we are done.
I'll assume you have already signed up for AWS and you are already logged into your root account. Now head over to IAM so we can create an Admin IAM account since using the root account on AWS is quite insecure. So to create the admin account, we'll be creating an Admin User group, the concept of user groups in AWS is creating a group and passing in permissions to that group for example you'll have a group for developers and then any account added into that developer's group should have permissions maybe for AWS Cloud 9 but no permissions for EC2 servers, then maybe user group for Operations team with permissions to EC2 but no permission to Cloud 9 environments.
On IAM in your root account, click on user groups in the sidebar
Next, click on Create group
For group name, give it a name in this demo we are creating groups for Admins so I'll name mine Administrators
If you already have an account created and you would like to add it to the admin group you can easily check the box with the account you want to add to the group in the next section
The last section is the permissions policy where you can add permissions to the group. Since here we are creating user groups for the admin accounts, we'll grant administrator access to the group. Just search for the word admin
and select the first one AdministratorAccess
. This provides full access to AWS services and resources. Click on create group down below after selecting it.
Now that we have the group created, let's create an admin and add that admin to the group. Head over to Users
in the left tab
Click on "Add Users" Let's give our admin a name I'll name mine "David-AWS-Admin", check box the option that says "Provide user access to the AWS Management Console - optional", also select "I want to create an IAM user"
The password options are up to you, both options are based on your preference. Click on next so we can set permissions.
Now for the permissions section, select "add user to group", you canthen select the Administrator group we created earlier on
Click on "Next" then click on "Create User". if you followed this successfully, you can then log into the IAM account we just created using the password you specified.
So back to interacting with AWS using the CLI, first let's generate keys that the CLI can use for authentication like I told you, the CLI is just basically interacting with your AWS account but in another way, so you'll need to log in. Head over to IAM from your Admin account, click on "Users" and select the user you created which you are currently logged in to. Switch to the Security credentials tab and scroll down to the access key section.
Click on create access key for use case, select "Command Line Interface (CLI)"
Check the confirmation box and click next
You can give it a description if you wish to
Click "Create access key" and download the csv file in the download button below.
Now let's install AWS CLI. For this demo, I'm using an ubuntu machine you can also follow along on any terminal or command line based on your operating system. To install the AWS CLI, just head over to the docs using this Link and install based on your operating system. Just simply follow the steps for your operating system.
To confirm that you have aws cli installed, open your terminal or command prompt and pass in the command aws --version
you should have a response like this
Now let's configure the access keys we created earlier. Still in the same terminal or command prompt pass in the command aws configure
This command will ask you to input the keys you downloaded from AWS, these are the Access key and Secret Access key, then the default region you wish to deploy resources.
As I said earlier we will create an s3 bucket from the CLI and then list what we have. To create a bucket, pass in the command aws s3 mb s3://<bucket-name>
you can also add other configurations such as ACLs, region, or even versions just see the AWS Documentation for s3 Make bucket. Please note that all bucket names must be unique in AWS so endeavor not to use the same name as mine.
Below, I created the bucket using the s3 mb
bucket command and got a response of the bucket name. Now let's head over to the management console and check if the bucket is created there too
You can see the bucket has been created
let's try to list all the buckets from the CLI the command to do this is aws s3 ls
please note that these commands will work through on any terminal or command prompt. I have a couple buckets in my account but I have highlighted the one i just created.
Now let's delete this bucket. Since our bucket is empty, we can pass the command aws s3 rb s3://<bucket name>
just this command deleted the bucket.
Thank you for this read I hope you have an idea of the reason for AWS CLI and some of its use cases, feel free to build solutions using it. Please if you have any corrections you can please reach out to me on Twitter.