AWS CLI Kung Fu¶
Guide: Installing the AWS CLI on your device¶
- Use the official AWS install page at:
- Verify installtion by running:
AWS commands auto-complete (Optional)¶
- If using
zshrcshell, run the below commands:
echo -e '\nexport PATH=/usr/local/bin/:$PATH\nautoload bashcompinit \
&& bashcompinit\nautoload -Uz compinit && compinit\ncomplete \
-C "/usr/local/bin/aws_completer" aws' >> ~/.zshrc
- If using
Bashshell, run:
- If using Windows: Follow the process below.
# Open your $PROFILE file
Notepad $PROFILE
# If you don't have a $PROFILE, you can create one using;
if (!(Test-Path -Path $PROFILE ))
{ New-Item -Type File -Path $PROFILE -Force }
# Add the below code block to the $PROFILE and save.
Register-ArgumentCompleter -Native -CommandName aws -ScriptBlock {
param($commandName, $wordToComplete, $cursorPosition)
$env:COMP_LINE=$wordToComplete
if ($env:COMP_LINE.Length -lt $cursorPosition){
$env:COMP_LINE=$env:COMP_LINE + " "
}
$env:COMP_POINT=$cursorPosition
aws_completer.exe | ForEach-Object {
[System.Management.Automation.CompletionResult]::new($_, $_, 'ParameterValue', $_)
}
Remove-Item Env:\COMP_LINE
Remove-Item Env:\COMP_POINT
}
Authenticating Using an IAM User's credentials for the AWS CLI¶
Use the below AWS Official documentation for steps in configuring basic setting for an IAM user and retrieving the Access Keys.
Now that you have:
- The AWS Cli installed and configured
- Configured an IAM user and retrieved it's Access Keys.
- Configured the AWS Cli to use the Access Keys.
Next step; Developing your AWS CLI Ninja skills 
AWS CLI Ninja skills¶
(Optional) Install the below tools to enhance your productivity.
jq→ JSON parsingbat→ better outputfzf→ interactive selectionaws-vault→ credential managementdirenv→ per-project AWS envs
Install using
Core AWS CLI flags you should be familiar with¶
--profile
Use in multiple account scenerio.
Set a default profile for a session:
--region
Never assume a region.
Set it once:
--output
Change output format.
--query (JMESPath = built-in power)
Extract exactly what you want without jq.
Filter running instances only:
AWS CLI + jq (Next-Level Power)¶
Extract Instance IDs
`Get public IPs of running instances
aws ec2 describe-instances \
| jq -r '.Reservations[].Instances[]
| select(.State.Name=="running")
| .PublicIpAddress'
List EC2 Name + Instance ID
aws ec2 describe-instances \
| jq -r '.Reservations[].Instances[]
| [.InstanceId,
(.Tags[]? | select(.Key=="Name") | .Value)] | @tsv'
AWS CLI "NINJA" Productivity Tricks¶
Dry run (simulate before you destroy things)
Pipe into xargs (bulk actions)
aws ec2 describe-instances \
--query "Reservations[].Instances[?State.Name=='running'].InstanceId" \
--output text \
| xargs aws ec2 stop-instances
Use --no-paginate
Avoid annoying pagers.
Disable the pager permanently
(Add to .bashrc)
S3 Power Moves¶
Sync directories
Human-readable bucket sizes
aws s3 ls s3://terraform-s3-remote-backend-playroom --recursive --human-readable --summarize
2024-11-01 16:14:06 181 Bytes dev/terraform.state
Total Objects: 1
Total Size: 181 Bytes
Find large objects
IAM & Security Tricks (Very Important)¶
Who am I?
List IAM policies attached to a role
Simulate IAM permissions
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:role/MyRole \
--action-names s3:PutObject
CloudWatch & Logs Like a Pro¶
Tail logs in real-time
Search logs
EC2 Metadata (From Inside an Instance)¶
Instance ID:
AWS CLI Aliases (Huge Time Saver)¶
Add to ~/.bashrc:
alias awsls='aws s3 ls'
alias awswhoami='aws sts get-caller-identity'
alias ec2running='aws ec2 describe-instances --query "Reservations[].Instances[?State.Name==\`running\`].InstanceId" --output text'
Reload:
Use aws configure sso (Modern Auth)¶
Then:
Debugging AWS CLI Issues¶
Enable debug mode
Check config
aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************M7PW shared-credentials-file
secret_key ****************nC5J shared-credentials-file
region us-east-1 config-file ~/.aws/config
Automation & Scripting Patterns¶
Bash loop
for r in us-east-1 us-west-2 eu-west-1; do
aws ec2 describe-instances --region $r --query 'Reservations[].Instances[].InstanceId'
done
AWS CLI Mental Model (Important)¶
Think in pipes:
Example: