Deep Dive: AWS Command Line Interface

Transcript

• 1. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Deep Dive: AWS Command Line Interface Thomas Jones, Ecosystem Solutions Architect
• 2. Crash Course Intro to the AWS CLI FOUNDATION ADVANCED SCENARIOS Exploring Key Functionality Looking at Advanced CLI Features
• 3. Crash Course Intro to the AWS CLI
• 4. AWS Command Line Interface Unified tool to manage your AWS services
• 5. MSI (Windows) Bundled (cross platform) pip (cross platform)
• 6. aws configure
• 7. $ aws ec2 describe-instances Service (command) Operation (subcommand)
• 8. $ aws iam list-access-keys Service (command) Operation (subcommand)
• 9. { "Places": [ { "City": "Seattle", "State": "WA" }, { "City": ”Las Vegas", "State": "NV" } ] } --output JSON
• 10. PLACES Seattle WA PLACES Las Vegas NV --output text
• 11. -------------------------- | SomeOperationName | +------------------------+ || Places || |+------------+---------+| || City | State || |+------------+---------+| || Seattle | WA || || Las Vegas | NV || |+------------+---------+| --output table
• 12. All Outputs • JSON Text PLACES Seattle WA PLACES Las Vegas NV Table -------------------------- | SomeOperationName | +------------------------+ || Places || |+------------+---------+| || City | State || |+------------+---------+| || Seattle | WA || || Las Vegas | NV || |+------------+---------+| { "Places": [ { "City": "Seattle", "State": "WA" }, { "City": ”Las Vegas", "State": "NV" } ] }
• 13. Demo Basic AWS CLI Usage
• 14. Foundation Exploring Key Functionality
• 15. Configuration
• 16. aws configure
• 17. aws configure AWS access key ID [**ABCD]: AWS secret access key [****************EFGH]: Default region name [us-west-2]: Default output format [None]:
• 18. aws configure <subcommand>
• 19. aws configure <subcommand> list - list common configuration sources get - get the value of a single config var set - set the value of a single config var
• 20. aws configure get region
• 21. aws configure set profile.prod.region us-west-2
• 22. A profile is a group of configuration values
• 23. aws configure --profile prod
• 24. Configuration Files ~/.aws/credentials ~/.aws/config • Supported by all AWS SDKs • Only contains credentials • Used only by the CLI • Can contain credentials (but not the default behavior)
• 25. ~/.aws/credentials ~/.aws/config
• 26. aws configure set profile.prod.aws_access_key_id foo ~/.aws/credentials ~/.aws/config
• 27. aws configure set profile.prod.aws_access_key_id foo ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo
• 28. aws configure set profile.prod.aws_secret_access_key bar ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo
• 29. aws configure set profile.prod.aws_secret_access_key bar ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar
• 30. aws configure set profile.prod.region uswest2 ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar
• 31. aws configure set profile.prod.region uswest2 ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = us-west-2
• 32. aws configure set profile.prod.output text ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = us-west-2
• 33. aws configure set profile.prod.output text ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = us-west-2 output = text
• 34. create-new-user.sh
• 35. create-new-user.sh
• 36. create-new-user.sh
• 37. create-new-user.sh
• 38. create-new-user.sh
• 39. create-new-user.sh
• 40. Use the aws configure suite of subcommands
• 41. Query
• 42. Implementation Details --query Processing
• 43. Implementation Details --query Processing
• 44. Implementation Details --query Processing
• 45. Implementation Details --query Processing
• 46. Implementation Details --query Processing --query User[0].[UserName,Path,UserId]
• 47. Implementation Details --query Processing --query User[0].[UserName,Path,UserId]
• 48. Implementation Details --query Processing
• 49. Implementation Details --query Processing
• 50. http://jmespath.org A Query Language for JSON
• 51. Demo JMESPATH
• 52. http://jmespath.org A Query Language for JSON
• 53. Waiters
• 54. Amazon EC2 Instance State Transitions
• 55. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 56. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 57. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 58. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 59. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 60. ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') while [ "$instance_state" != "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances –instance-ids $instance_id --query 'Reservations[].Instances[].State.Name') done
• 61. ec2-waiters.sh instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) aws ec2 wait instance-running –instance-ids $instance_id
• 62. ec2-waiters.sh instance_id=$(aws ec2 run-instances –image-id ami-12345 --query Reservations[].Instances[].InstanceId --output text) aws ec2 wait instance-running –instance-ids $instance_id subcommand Describe-instances options waiter name
• 63. Advanced Scenarios Looking at advanced AWS CLI features
• 64. Templates
• 65. The AWS CLI is data driven
• 66. Implementation Details JSON Models
• 67. Implementation Details JSON Models
• 68. Implementation Details JSON Models
• 69. aws ec2 run‐instances –cli-input-json file://arguments.json
• 70. What else can we do?
• 71. aws ec2 run‐instances –generate-cli-skeleton
• 72. Demo Creating and using JSON templates
• 73. Credential Providers
• 74. Credential Providers
• 75. Credential Providers
• 76. Credential Providers
• 77. Credential Providers
• 78. Credential Providers
• 79. Delegate access to AWS resources using AWS Identity and Access Management (IAM) roles
• 80. IAM Roles Production Development
• 81. IAM Roles Production Development
• 82. v IAM Roles Production Development Role Policy Trust Policy role
• 83. IAM Roles Production Development AssumeRole AWS Security Token Service role
• 84. IAM Roles Production Development AssumeRole AWS Security Token Service role token
• 85. IAM Roles Production Development AssumeRole AWS Security Token Service role token
• 86. aws configure set profile.prodrole.source_profile dev aws configure set profile.prodrole.role_arn arn:aws:iam… configure-role.sh
• 87. ~/.aws/credentials ~/.aws/config [profile prodrole] role_arn = arn:aws:iam source_profile = dev
• 88. ~/.aws/credentials ~/.aws/config [profile prodrole] role_arn = arn:aws:iam source_profile = dev
• 89. Demo Using roles with the AWS CLI
• 90. Amazon S3 Streaming
• 91. aws s3 cp
• 92. We want to avoid disk
• 93. aws s3 cp – s3://bucket/key
• 94. aws s3 cp s3://bucket/key -
• 95. Compress
• 96. aws s3 cp s3://bucket/key ‐ | bzip2 -best | aws s3 cp - s3://bucket/key.bz2
• 97. Summary
• 98. Wrapping Up • Configuration • Waiters • Query • Templates • Credential Providers • Amazon S3 Streaming
• 99. For More Information • https://github.com/aws/aws-cli • http://docs.aws.amazon.com/cli/latest/userguide/ • https://forums.aws.amazon.com/forum.jspa?forumID=150 • http://docs.aws.amazon.com/cli/latest/reference/ • http://jmespath.org/
• 100. Thank you! tpjones@amazon.com