Instead of complaining about it, let’s try and limit our attention to a small set of services that an organization typically uses. This may be ECS, AWS Lambda, S3 or EC2. One way of doing it is by using the AWS CLI. It offers you a way to easily integrate AWS interface with your everyday work flow. Once you get over the initial hurdle of setting up the CLI and getting used to a few commands, this will save you hours and hours of time. Time that you can spend on much more pleasant activities.
This tutorial assumes that you already have an AWS account. This can be an IAM user account with programmatic access issued by your organization. If you have your own personal account with AWS then do not use your AWS root credentials for the CLI! Instead create an IAM user with programmatic access for all CLI related stuff. When deciding for policy that you will attach to this new user, think about what you want to do with this account.
The most permissive policy is that of Administrative Access, which I will be using. As you create an IAM user gets assigned a username, an Access ID and a Secret ID Key. Keep the latter two confidential.
For my local environment, I will be using Ubuntu 18.04 LTS.
Installing AWS CLI
Ubuntu 18.04 LTS comes with Python 3.6 preinstalled and you can install pip package manager to go with this by running (if you wish for an apt package for the CLI, read further below for a note on that):
If you are running Python 2.6 or earlier, then replace python3-pip with python-pip. AWS CLI is shipped as a pip package so we will need it. Once installed use pip to install the cli.
Once again, if you are using Python 2, replace pip3 with pip. If you want you can use, sudo apt install awscli to install aws cli as well. You will be a couple of revisions behind but it is fine. Once it is installed relaunch the bash session.
Configuring the Environment
Assuming you don’t have your IAM access keys, you can either ask your organization’s AWS Root user to create one for you or if you are using your own personal account and are your own root admin, then open up the IAM Console in your browser.
Go to the “Users” tab and select the User Account you want to use to access the CLI. Go to “Security Credentials” and create access key and secret access key. Never share this key with anyone, and make sure you don’t push them along with your git commits, etc.
Use these keys as the command below prompts you to enter their respective values:
AWS Secret Access Key [None]: lkdsfh490IODSFOIsGFSD98+fdsfs/fs
Default region name [None]: us-west-2
Default output format [None]: json
The value for access key and secret key will obviously be different in your case. When it comes to region, choose the one that is closest to you (or your users). For output JSON format is fine. Once you have entered valid information for all the values your CLI is ready to interface with the AWS remotely.
The ID and secret as well as other config parameters are stored in a subdirectory inside your home directory ~/.aws. Make sure that it doesn’t get compromised. If it does get compromised, immediately revoke the ID and associated key using the IAM Console.
To login to different machines, you can always create more of these.
Using the CLI
This is the part where you need to do go through the man pages. Fortunately, the CLI is well-documented. Each service is its own command and then various actions that you can perform using that particular service are listed under its own help section.
To illustrate this point better, let’s start with:
If you scroll down in the output page, you will see all the services listed:
Now, let’s say you want to use Amazon EC2 service to launch your EC2 instances. You explore further by going to:
This will get you all sorts of subcommand that you could use for creating snapshots, launching fleets of VMs, managing SSH-keys, etc. However, what your application would demand is something that is for you to decide upon. Of course, the list of commands, subcommands and, valid arguments that can be used is in fact quite long. But you probably won’t have to use every option.
If you are just starting out, I’d recommend begin with the console for launching various instances and managing them. This will give you a pretty good idea of what option to look for when using the CLI. Eventually, as you use more and more of the CLI, you can start writing scripts to automate the entire resources creation, management and deletion process.
Don’t force yourself into learning about it. These things take time to sink in.