The AWS Command Line Interface (AWS CLI) is a centralized management tool for AWS services. You can control multiple AWS services from the command line and automate them using scripts with just one tool to download and configure. Amazon Web Services (AWS) is the market leader and a leading innovator in cloud computing. It assists businesses with a wide range of workloads, including game development, data processing, warehousing, archive, development, and many others. However, AWS is more than just an eye-catching browser console. It’s time to take a look at how you can access the AWS Management Console and create your favorite resources via Amazon’s Command Line Interface—AWS CLI.
As a tool that combines all AWS services into a single central console, allowing you to control multiple AWS services with a single tool, it gives you the opportunity to manually control services or automate them with powerful scripts. The acronym stands for Amazon Web Services Command Line Interface because, as the name implies, users interact with it via the command line. With this in mind, developers can take control of any Amazon cloud service of their choice through the command-line terminal directly on their local PC.
To learn more about the AWS CLI, feel free to check out the following related articles: AWS Command-Line Interface: How to configure AWS CLI [Part 1], Understanding AWS CLI: How to configure Command Line Interface [Part 2], AWS CLI Error: All commands return Unknown output type [None], How to manage and use Amazon S3 access points using the AWS Management Console, and How to uninstall AWS CLI in Windows.
AWS CLI also enables you to use command shell programs like bash, tsch and zsh to run commands in operating systems like Linux, macOS, or Unix and on Windows, you can run commands in PowerShell or in the Windows command prompt as well as manage and run commands on Amazon EC2 instances through a remote terminal such as PuTTY or SSH. You can even use AWS Systems Manager to automate operational tasks across your AWS resources.
What we will cover:
In the articles, we will cover the following areas:
- How to create an IAM User on the AWS Management Console and set the login option to programmatic method only.
- How to install AWS CLI on Windows and add it to the system path.
- How to programmatically used IAM User credentials via AWS CLI
- How to create an S3 Bucket via AWS CLI
Create an IAM User
To create an IAM User, take the following steps:
Step 1 – Sign into the AWS Management Console as the user with permission to create another User. It could be a Root User or an ordinary IAM user with the required permission.
Step 2 – Search for and click on IAM, and then click on Users.
Step 3 – Click on Add Users
Step 4 – In the add user interface, supply the user name. In the “Select AWS credential type” field, select “Access key – Programmatic access“. This means that this user cannot log into the AWS Management Console with a username and password.
Step 5 – In the Add User to Group screen, jump to the
attach existing policies directly tab.
Note: For the purpose of this article, we don't set permission boundary. In real-world scenarios you have to as this will ensure maximum compliance with security best practices put in place by the AWS.
set permission tab, keeping the
attach existing policies directly blade selected, check the box beside
AdministratorAccess. Note, that this will grant the user an administrator access.
Step 6 – Ignore the tag section and move straight to review and create user.
Step 7 – Download the Access key ID and the Secret Access key in a CSV format to your PC after successfully creating the user before closing out the window.
Note: AWS doesn't keep a copy of your Access key ID and the Secret Access key. Therefore, if you fail to download it, the user will not be able to log into the AWS Management console and there is no way to recover it if lost. The only solution is to delete and regenerate a new key.
Installing the AWS CLI in Windows
To install AWS CLI on windows, you need to have the admin right to install the software. Follow the steps below to install it.
Step 1 – Download and run the AWS CLI MSI installer for Windows (64-bit) or run the command below in your Command Prompt window to run the MSI installer.
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
Step 2 – The installation wizard will take a little while to bring up the page where you will click next to continue.
Step 3 – Accept End-User License Agreement and click next to continue.
Step 4 – In the custom setup page, leave everything at default and take note of the default path. Click next to go to the next phase
Step 5 – Click on “Install” and it back and watch the installation to complete and click on “Finish” when the progress bar loads completely.
Adding the AWS CLI to System Path
Adding the AWS CLI to the system path will make it available to you anywhere in the system. To do so, follow the steps below:
Step 1 – Search for System Environment in the Windows search bar.
You may likely encounter an error similar to the one below if you don’t add it to the system path.
'aws' is not recognized as an internal or external command, operable program or batch file.
Step 2 – Click to open the system environment and then, click on
Environment variables -> Path -> Edit
Step 3 – Locate and copy the path as
C:\Program Files\Amazon\AWSCLIV2 in your local drive.
Step 4 – In the
"Edit Environment variables" windows, click New -> Past the path copied above and click Okay.
Step 5 – Restart your windows command prompt and check by typing
aws --version to see if it’s now been recognized.
Accessing the AWS Management Console Programmatically
The next section in this writeup is to use the access key id and the secret key id to programmatically gain access to the AWS Management Console. Before we proceed let’s briefly talk about the AWS Access Key ID and AWS Secret Key ID respectively.
AWS Access Key ID
There are two ways in which a user can access the AWS Management Control. One is through the use of
password and the second one is the
programmatic access which is the focus of this writeup. Now, AWS Access Key ID is made up of 20- character alpha-numeric uppercase while the Secret Access Key is made up of 40 random upper and lowercase characters and alpha-numeric, and non-alpha-numeric characters. They can be created for any IAM User who requires programmatic authentication to the AWS services. When they are created, you will only be prompted to download them once. It is not possible to retrieve lost secret access keys as AWS does not retain copies of your it for security reasons to prevent them from being compromised by unauthorized persons. The access key must be applied and associated with the system or app that you require for development purposes. For instance, to use the access key with the AWS CLI, you must, first of all, instruct the AWS CLI to use it. The method of associating the access keys varies based on the system and application.
Configure the Credentials and Default Preferences
Before we can use the access keys, we need to configure the credentials and default preferences we will like to use which will grant us access to the AWS Management Console with administrative permission attached to the IAM User named
To do this follow the step below:
Step 1 – Launch your Windows Command Prompt and type:
Once you press Enter, you will be prompted to supply the access key id, secret access keys, default region and the default output format. The default output format is available in text, JSON, YAML and Table. For the purpose of this write-up, we’re selecting text as the output format.
Now that we have configured access, it’s time to interact with AWS resources via AWS CLI.
Creating and Interacting with AWS Resources via AWS CLI
To demonstrate the power of AWS CLI, let’s create and interact with AWS S3 Bucket. Before creating an S3 Bucket, let’s list the available Buckets on our account. Run:
aws s3 ls
As you can see, we currently do not have any Bucket.
To create an S3 Bucket via the command line, type:
aws s3 mb s3://techdirectarchivebucket1
Replace the name of the bucket with any name suitable for you.
In the command above, the S3 means the AWS resources we are creating while the mb means make bucket
Let’s attempt to upload a file to the Bucket we just created. We have a file on our Desktop named
$aws s3 cp C:\filepath\techdirectfile s3://techdirectarchivebucket1
If we go to the AWS Management Console, the uploaded file should show up in the Bucket
In a similar fashion, with a minor modification, we can use the same CLI script to upload all files from the folder (source) to the destination S3 bucket. For uploading multiple files at once, we add the
$aws s3 cp S3bucketfiles s3://techdirectarchivebucket1 --recursive
We have created a folder on our Desktop called
S3bucketfiles and created 4 .txt files inside it.
Now the output screen should look similar to the one below:
Check to confirm that the files are available in your S3 Bucket
Delete the bucket using:
aws s3 rb s3://techdirectarchivebucket1
Note: You can’t delete Bucket with files inside it. Empty it before deletion.