AWS CLI

John

The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell.

The AWS CLI is available in two versions:

  • Version 1.x – The generally available version of the AWS CLI that is suitable for use in production environments.
  • Version 2.x – A preview version of the AWS CLI that is intended for testing and evaluation. This version does include some “breaking” changes that might require you to change your scripts so that they continue to operate as you expect. For a list of new features and breaking changes in version 2, see Breaking Changes – Migrating from AWS CLI version 1 to version 2.

 

All commands AWS CLI has this structure

aws

To setup AWS CLI, run configuration

aws configure 
aws configure list
aws configure get
aws configure set

The configure file has at least the following:
– AWS Access Key ID
– AWS Secret Access Key
– Default Region
– Default Ouput

The configure files are stored in the user’s root .aws directory. Inside the file, there is a [default] decorator showing what configurations belong to that profile.

AWS CLI commands can also take options. Options include debugging, output format, queries, filters, profiles and regions.

aws   
aws --region us-west-2 ec2 describe-instances i-abce1234

aws configure --profile 
aws configure set region eu-west-1 --profile dev2
aws ec2 run-instances --image-id ami-12345 --profile dev2

Query Option is powerful providing output filtering. Uses JMESPath to filter response data. The query option is applied on the client side, not the API endpoint. The result is formatted into JSON.

aws s3api list-objects --bucket mybucket --max-items 100 --query 'Contents[?Size>`1024`].[Key.Size]'

Filter Option is used to restrict the result set. This is applied on the server side (API endpoint). Filters can also be defined in a separate file and referenced on command execution.

aws ec2 describe-instances --filter "Name=platform, Values=windows"
aws ec2 describe-instances --filters file://filters.json
aws ec2 describe-instances --filter "Name=instance-type,Values=t2.micro,t2.small" --query "Reservations[*].Instances[*].InstanceId

Wait command available to hold the AWS CLI until return true. For example we can use this to wait for an ec2 instance to become available. It can also be used for other services such as CloudFormation, DynamoDB etc. Some examples below.

aws ec2 wait instance-running --instance-ids $instance_id
aws emr wait cluster-running --cluster-id x-12345

aws cloudformation wait stack-create-complete --stack-name myStack

aws dynamodb create-table --cli-input-json file:///tmp/table.son --table-name devops-test-2

AWS S3 Streaming is also available through the cli. This would be to stream a file to or from S3.

aws s3 cp - s3:///

AWS ClI also supports table formatting. See example below.

aws cloudformation describe-stacks --query 'Stacks[].[Outputs[?OutputKey==`ConfigRoleARN`].[OutputKey,OutputValue],  Outputs[?OutputKey==`LambdaRoleARN`].[OutputKey,OutputValue], Outputs[?OutputKey==`ConfigS3BucketName`].[OutputKey,OutputValue], Outputs[?OutputKey==`ConfigSNSTopic`].[OutputKey,OutputValue], Outputs[?OutputKey==`AccountNumber`].[OutputKey,OutputValue]]' --output table


-----------------------------------------------------------------------------------------------------------------------
|                                                   DescribeStacks                                                    |
+--------------------+------------------------------------------------------------------------------------------------+
|  ConfigRoleARN     |  arn:aws:iam::728460845097:role/ConfigRole                                                     |
|  LambdaRoleARN     |  arn:aws:iam::728460845097:role/LambdaRole                                                     |
|  ConfigS3BucketName|  qls-2150000-67660c7d24e0a2e5-configbucket-109j68m1yp3iu                                       |
|  ConfigSNSTopic    |  arn:aws:sns:us-west-2:728460845097:qls-2150000-67660c7d24e0a2e5-ConfigSNSTopic-Q2F547WI1ZOH   |
|  AccountNumber     |  728460845097                                                                                  |
+--------------------+------------------------------------------------------------------------------------------------+

Running a query

aws configservice  describe-compliance-by-config-rule --query 'ComplianceByConfigRules[].[ConfigRuleName,Compliance.ComplianceType,Compliance.ComplianceContributorCount.CappedCount]' --output table


-------------------------------------------------
|        DescribeComplianceByConfigRule         |
+------------------------+-----------------+----+
|  IAM-PowerfulActions   |  NON_COMPLIANT  |  2 |
|  IAM-restrictedRegions |  NON_COMPLIANT  |  4 |
+------------------------+-----------------+----+

 

References

AWS CLI Docs
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

.