So far we’ve only covered interacting with AWS via the Management Console. Now it’s time to explore accessing it via API.
The most common way of programmatic interaction with AWS is via their official CLI. AWS provides detailed installation instructions for every major platform, and for Windows users the most straightforward way of installing it is via the msi package.
Once installed, the CLI needs to be connected to your AWS account via aws configure . An example first run is shown below:
$ aws configure
Tip: You can deliver temporary credentials to the AWS CLI using your AWS Console session by running the command 'aws login'.
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: json
This will create a config and a credentials file in your home directory’s .aws subdirectory.
In order to get Access Key ID/Secret Access Key pair, you need to create them for a user via the IAM management console, as discussed in previous section.
<aside> ⚠️
AWS credentials are sensitive data, and are stored in plain text. Anybody having access to your Access Key ID/Secret Access Key pair has all the powers of the IAM identity they are assigned to. Needless to say, the credentials file should not be stored on any server.
</aside>
--profileBy default, the AWS CLI uses the default profile, but you can manage multiple accounts or roles on the same machine with named profiles. Create one with aws configure --profile dev (repeat for prod, personal, and so on). This stores separate entries in ~/.aws/credentials and ~/.aws/config. To use a specific set of credentials, add --profile <name> to any command, for example: aws sts get-caller-identity --profile dev. If you want a profile to be the default for your current terminal session, set the AWS_PROFILE environment variable (for example, export AWS_PROFILE=dev).
To verify that your CLI is configured properly, try the following command:
aws sts get-caller-identity
This should return the data about your identity and its properties. In general, the AWS CLI command structure is as follows:
aws <service> <action> --parameters
AWS documentation provides a lot of great examples on how to use their CLI to interact with their services. For example, to list the contents of an S3 bucket, you can run:
$ aws s3 ls s3://amzn-s3-demo-bucket
PRE example/
2018-12-04 19:05:48 3 MyFile1.txt
The CLI can be configured to output JSON, table (text in ASCII table format) and text. While more readable, text and table formats are less convenient to parse. Thus we recommend setting the output to JSON, which is structured format that can be easily parsed programmatically with utilities like jq. This will come in handy when dealing with lots of CLI output.
The HackYourFuture curriculum is licensed under CC BY-NC-SA 4.0 *https://hackyourfuture.net/*
Built with ❤️ by the HackYourFuture community · Thank you, contributors
Found a mistake or have a suggestion? Let us know in the feedback form.