The AWS CLI is a handy and extremely powerful tool for managing resources on AWS from a local shell. In this post we will walk through the process of setting up the AWS CLI on a Linux Machine ( I use the Linux Subsystem on Windows which gives me an Ubuntu bash). Then we begin using the AWS CLI to perform administrative tasks on the environment.
AWS IAM User with the correct permissions to administer EC2
The Access keys of said AWS IAM User with the correct permissions
Lets get started…
Setting Up The AWS CLI
Setup an IAM User with Permission to Administer EC2
I am always in the habit of thinking about what group a user should be in before I create the user account. In this case my new user is going to be a System Administrator with some elevated permissions. First we create a group called EC2SysAdmins and give it full access permission to EC2. Then we pull the user into that group.
Filter : AmazonEC2FullAccess > Check – AmazonEC2FullAccess > Next Step
Review > Create Group
You are returned to the Groups Screen
Create a User
Users > Add User
User Name : EC2Admin
Access Type : Check – Programmatic Access > Next: Permissions
Add user to group
Check – EC2SysAdmin > Next: Review
Review > Create user
You then see a Success screen listing the Access key ID and the Secret Access Key. You will need these to configure the AWS CLI later on. To make sure you have these credentials later (just in case you can not memorize long alphanumeric strings) download them.
Click download CSV > Optionally, go to where the the file was downloaded and rename the file from credentials.csv to EC2Admin_AccessKey.csv or something a bit more fitting as you will refer to it shortly.
With a list of regions in front of us, let’s take a look at which availability zones are present in a particular region. In this case lets check us-east-1.
aws ec2 describe-availability-zones --region us-east-1 --output text |grep -w AVAILABILITYZONES
We get a text list of availability zones. TAKE NOTE: Since we already configured the region in the AWS CLI, we could just omit the --region us-east-1 parameter in the command above which would return the same list of availability zones. Include the region parameter if you have not configured a preferred default region in the AWS CLI.
AVAILABILITYZONES us-east-1 available us-east-1a
AVAILABILITYZONES us-east-1 available us-east-1b
AVAILABILITYZONES us-east-1 available us-east-1c
AVAILABILITYZONES us-east-1 available us-east-1d
AVAILABILITYZONES us-east-1 available us-east-1e
AVAILABILITYZONES us-east-1 available us-east-1f
Get the Name, Instance ID, IP Addresses of EC2 Instances
Sometimes you just want a human readable list of instances that you can then take action on, like quickly stopping or starting an instance based on the InstanceID.