Published on

Configuring AWS CLI

3 min read

Authors
banner

In this article we'll be setting up AWS CLI and credentials which is useful when we want to interact with our aws services or resources programmatically.

Setting up AWS Credentials

Before we can install and setup our AWS CLI we will require AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. So, let's look at how we can get those from the aws console

Note: we will be creating a new IAM user rather than creating access keys on the root aws account which is generally a good practice

Add a new user

Let's start by going over to IAM dashboard and add a new user

dashboard

Give a user name and allow programmatic access

details

Attach policies

This is the most important part. Here, we will attach policies that will give the user appropriate access to the AWS services.

For demonstration purposes I've attached a AWS managed policy AmazonS3FullAccess

policies

Tags (optional)

It's always good to tag our resources but this is optional.

tags

Review

Let's give it a final review and then click Create user review

Secrets

The user has been created and now we will be able to get our secrets

Note: This is the only time you'll be able to view the Secret Access Key ID so be sure to write it down or download the CSV.

secrets

Our new user was created!

user created

Install AWS CLI

We can install AWS CLI from docs here

Configure AWS CLI

Let's configure the CLI for single user

Single user

$ aws configure
AWS Access Key ID [None]: <Your Access Key ID>
AWS Secret Access Key [None]: <Your Secret Access Key ID>
Default region name [None]: <Your preferred AWS region>
Default output format [None]: json

After the configuration the credentials will be stored at ~/.aws/credentials

Here's a list of all the aws regions

Multiple profiles (optional)

Profiles are really helpful if you're working with multiple users/accounts.

$ aws configure --profile xyz

We can switch between profiles using AWS_PROFILE environment variable. For example: export AWS_PROFILE=xyz

Note: it is recommended to create a new IAM user with limited permissions and generating access keys for that user instead read more

$ aws configure list

Name                    Value               Type      Location
----                    -----               ----      --------
profile                 ********           manual    --profile
access_key            *********ABCD   shared-credentials-file
secret_key            *********ABCD   shared-credentials-file
region                  <not set>             None      None

Finally, Let's see if it works!

$ aws s3 ls

If everything is setup correctly, we should see an output.

Next steps

Now that we've created our aws credentials securely, we can can now use them with AWS CLI or SDK and even terraform!

Thanks for Reading, I hope this was helpful. As always feel free to reach out to me on Twitter if you face any issues!

© 2024 NMILI Abdelali