Advanced Usage of the AWS CLI. Brian Wagner, Solutions Architect

Similar documents
AWS SDK for Node.js. Getting Started Guide Version pre.1 (developer preview)

Leveraging the Security of AWS's Own APIs for Your App. Brian Wagner Solutions Architect Serverless Web Day June 23, 2016

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Detecting Credential Compromise in AWS

CycleCloud Developer's Guide. version 5.3.0

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Cloud Catastrophes. and how to avoid them

Thanks for downloading this sample chapter of Keep Your Ruby on Rails App Healthy!

ChaliceWorkshop Documentation

Forseti Documentation

CIT 668: System Architecture

Attacking Modern SaaS Companies. Sean Cassidy

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Diving into AWS Lambda

AWS Security Hub. User Guide

CPM. Quick Start Guide V2.4.0

Lab 2 Third Party API Integration, Cloud Deployment & Benchmarking

Qualys CloudView v1.x

certbot-dns-route53 Documentation

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

"SecretAccessKey" : { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type" : "String"

MRCP. AWS Lex Plugin. Administrator Guide. Powered by Universal Speech Solutions LLC

EC2 and VPC Deployment Guide

Filters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43

Securing Serverless Architectures

dbx MNT AWS Setup Guide

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Use AWS Config to Monitor License Compliance on Amazon EC2 Dedicated Hosts. April 2016

Amazon Web Services (AWS) Training Course Content

Elastic Load Balancing. API Reference API Version

Ahead in the Cloud. Matt Wood TECHNOLOGY EVANGELIST

The Logstash Config Guide

Jan Metzner. Solutions Architect Mobile/IoT EMEA, Amazon Web Services. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Network Security & Access Control in AWS

Architecting for Greater Security in AWS

Amazon Web Services Monitoring Integration User Guide

Deliver Docker Containers Continuously on AWS. Philipp

Hands-On Lab: NetApp StorageGRID Webscale March 2017 SL10303 Version 3.1

Hardening AWS Environments. Automating Incident Response. AWS Compromises

boom AWS-agentless-MPI Documentation Version 2.0

AWS London Loft: CloudFormation Workshop

Exam Questions AWS-Certified- Developer-Associate

Amazon Web Services Training. Training Topics:

veos Router Configuration Guide

Cloud Computing /AWS Course Content

BriCS. University of Bristol Cloud Service Simulation Runner. User & Developer Guide. 1 October John Cartlidge & M.

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Alibaba Cloud CLI. User Guide

Commerce Analytics Service On-boarding and Technical Guide

Portal Gun Documentation

AWS Serverless Application Repository. Developer Guide

Quick Install for Amazon EMR

Quick start guide for Infscape UrBackup Appliance on Amazon Web Services

django- -gateway Documentation

Installation and Configuration Guide Simba Technologies Inc.

Getting Started with Cloudamize Manage

AWS Elemental MediaPackage API Reference. API Reference

EXPRESSCLUSTER X 3.3. HA Cluster Configuration Guide for Amazon Web Services (Windows) 10/03/2016 2nd Edition

Chapter 1: Overview...5 Chapter 2: veos Licensing...7 Chapter 3: Cloud High Availability...13

Blow up the monolith? Serverless computing, nanofunctions, & Amazon Lambda

Amazon Simple Storage Service. Developer Guide API Version

Amazon Virtual Private Cloud. VPC Peering Guide

TestkingPass. Reliable test dumps & stable pass king & valid test questions

Scrapoxy Documentation

Amazon S3 Glacier. Developer Guide API Version

KubeNow Documentation

sqlalchemy-redshift Documentation

AWS CloudFormation. AWS CloudFormation CLI Reference

Installation and Configuration Guide Simba Technologies Inc.

AWS Import/Export: Developer Guide

SGOS on AWS Deployment Guide

Overview. Creating a Puppet Master

High School Technology Services myhsts.org Certification Courses

Swift Web Applications on the AWS Cloud

Dokumentation voixen upload

Software as a Service (SaaS) Quick Start

Part2: Let s pick one cloud IaaS middleware: OpenStack. Sergio Maffioletti

Cloud Cluster Management: A vfxt.py Usage Guide

Driving DevOps Transformation in Enterprises

EDB Ark. Administrative User s Guide. Version 3.1

QUICK START: VERITAS STORAGE FOUNDATION BASIC FOR AMAZON EC2

The Packer Book. James Turnbull. April 20, Version: v1.1.2 (067741e) Website: The Packer Book

How to Modify AWS CloudFormation Templates to Retrieve the PAR File from a Control Center

Amazon Web Services Hands On S3 January, 2012

Amazon Simple Notification Service. CLI Reference API Version

Digital Democracy Video Manager

Amazon Glacier. Developer Guide API Version

About Intellipaat. About the Course. Why Take This Course?

Archer Documentation. Release 0.1. Praekelt Dev

Red Hat CloudForms 4.6

Monitoring AWS VPCs with Flow Logs

Secrets in the Cloud JAX Dominik Schadow

HOW TO MANAGE A MULTI AWS ACCOUNT INFRASTRUCTURE

SUREedge Migrator Installation Guide for Amazon AWS

AWS Service Catalog. User Guide

Getting started with AWS security

hca-cli Documentation

Infoblox Installation Guide. vnios for Amazon Web Services

Transcription:

Berlin

Advanced Usage of the AWS CLI Brian Wagner, Solutions Architect

Crash Course Intro to the AWS CLI Foundation Exploring Key Functionality Advanced Scenarios Looking at Advanced CLI Features

Crash Course Introduction to the AWS CLI Novice Proficient Advanced

AWS Command Line Interface Unified tool to manage your AWS services

MSI (Windows) Bundled (cross platform) pip (cross platform)

aws configure

$ aws ec2 describe-instances service (command) operation (subcommand)

$ aws iam list-access-keys service (command) operation (subcommand)

--output json { Places : [ { City : Berlin, Country : Germany }, { City : Dublin, Country : Ireland } ]

--output text PLACES Berlin Germany PLACES Dublin Ireland

--output table -------------------------- SomeOperationName +------------------------+ Places +------------+---------+ City Country +------------+---------+ Berlin Germany Dublin Ireland +------------+---------+

All Outputs JSON Text Table { } Places : [ { City : Berlin, Country : Germany }, { City : Dublin, Country : Ireland } ] PLACES Berlin Germany PLACES Dublin Ireland -------------------------- SomeOperationName +------------------------+ Places +------------+---------+ City Country +------------+---------+ Berlin Germany Dublin Ireland +------------+---------+

Basic AWS CLI Usage Demo

Foundation Exploring Key Functionality Novice Proficient Advanced

Configuration

aws configure

aws configure AWS Access Key ID [**ABCD]: AWS Secret Access Key [****************EFGH]: Default region name [us-west-2]: Default output format [None]:

aws configure <subcommand> list - list common configuration sources get - Get the value of a single config var set - Set the value of a single config var

aws configure get region

aws configure set profile.prod.region eu-west-1

A profile is a group of configuration values

aws configure --profile prod

Configuration Files ~/.aws/credentials used only by the CLI Can contain credentials (but not the default behavior) supported by all AWS SDKs only contains credentials ~/.aws/config

aws configure set profile.prod.aws_access_key_id foo ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo

aws configure set profile.prod.aws_secret_access_key bar ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo

aws configure set profile.prod.aws_secret_access_key bar ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar

aws configure set profile.prod.region eu-west-1 ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar

aws configure set profile.prod.region eu-west-1 ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = eu-west-1

aws configure set profile.prod.output text ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = eu-west-1

aws configure set profile.prod.output text ~/.aws/credentials ~/.aws/config [prod] aws_access_key_id = foo aws_secret_access_key = bar [profile prod] region = eu-west-1 output = text

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

create-new-user.sh #!/bin/bash # Create a new user and create a new profile. aws iam create-user --user-name summit-user credentials=$(aws iam create-access-key --user-name summit-user \ --query 'AccessKey.[AccessKeyId,SecretAccessKey]' \ --output text) access_key_id=$(echo $credentials cut -d' ' -f 1) secret_access_key=$(echo $credentials cut -d' ' -f 2) aws configure set profile.summit.aws_access_key_id "$access_key_id" aws configure set profile.summit.secret_access_key "$secret_access_key"

Use the aws configure suite of subcommands

Query

--query (string) A JMESPath query to use in filtering the response data.

Implementation Details --query Processing aws ec2 parse params HTTP request parse response Retry Pagination format response display response

Implementation Details --query Processing aws ec2 parse params HTTP request parse response format response Retry parse response body Pagination apply --query display response

<ListUsersResponse xmlns="..."> <ListUsersResult> <Users> <member> <UserId>userid</UserId> <Path>/</Path> <UserName>james</UserName> <Arn>arn:aws:iam::..:user/james</Arn> <CreateDate>2013-03-09T23:36:32Z</CreateDate> </member> <Users> </ListUsersResult> <ListUsersResponse> Implementation Details --query Processing

Implementation Details --query Processing { } "Users": [ { "Arn": "arn:aws:iam::...:user/james", "UserId": userid", "CreateDate": "2013-03-09T23:36:32Z", "Path": "/", "UserName": "james" } ]

Implementation Details --query Processing --query Users[0].[UserName,Path,UserId] { } "Users": [ { "Arn": "arn:aws:iam::...:user/james", "UserId": userid", "CreateDate": "2013-03-09T23:36:32Z", "Path": "/", "UserName": "james" } ]

Implementation Details --query Processing --query Users[0].[UserName,Path,UserId] [ ] [ ], james, /, id

Implementation Details --query Processing ----------------------------- ListUsers +--------------+---+--------+ james / userid +--------------+---+--------+

Implementation Details --query Processing aws ec2 parse params HTTP request parse response Retry Pagination format response display response

http://jmespath.org A Query Language for JSON

Waiters

Amazon EC2 Instance State Transitions rebooting pending Start rebooting Reboot running Stop stopping stopped Terminate shutting-down terminated Terminate

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') while [ "$instance_state"!= "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') done

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') while [ "$instance_state"!= "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') done

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') while [ "$instance_state"!= "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') done

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') while [ "$instance_state"!= "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') done

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') while [ "$instance_state"!= "running" ] do sleep 1 instance_state=$(aws ec2 describe-instances --instance-ids $instance_id \ --query 'Reservations[].Instances[].State.Name') done

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) aws ec2 wait instance-running --instance-ids $instance_id

ec2-instance-running.sh #!/bin/bash instance_id=$(aws ec2 run-instances --image-id ami-12345 \ --query Reservations[].Instances[].InstanceId \ --output text) aws ec2 wait instance-running --instance-ids $instance_id subcommand waiter name describe-instances options

Advanced Scenarios Looking at advanced AWS CLI features Novice Proficient Advanced

Templates

The AWS CLI is data driven

Implementation Details JSON Models "RunInstancesRequest":{ "type":"structure", "required":[ "ImageId", "MinCount", "MaxCount" ], "members":{ "ImageId":{"shape":"String"}, "MinCount":{"shape":"Integer"}, "MaxCount":{"shape":"Integer"}, "KeyName":{"shape":"String"}, "SecurityGroups":{ "shape":"securitygroupstringlist", "locationname":"securitygroup" },

Implementation Details JSON Models "RunInstancesRequest":{ "type":"structure", "required":[ "ImageId", "MinCount", "MaxCount" ], "members":{ "ImageId":{"shape":"String"}, "MinCount":{"shape":"Integer"}, "MaxCount":{"shape":"Integer"}, "KeyName":{"shape":"String"}, "SecurityGroups":{ "shape":"securitygroupstringlist", "locationname":"securitygroup" }, --image-id --min-count --max-count --key-name --security-groups

Implementation Details JSON Models "RunInstancesRequest":{ "type":"structure", "required":[ "ImageId", "MinCount", "MaxCount" ], "members":{ "ImageId":{"shape":"String"}, "MinCount":{"shape":"Integer"}, "MaxCount":{"shape":"Integer"}, "KeyName":{"shape":"String"}, "SecurityGroups":{ "shape":"securitygroupstringlist", "locationname":"securitygroup" }, { } arguments.json "ImageId": "ami-12345", "MinCount": 1, "MaxCount": 1, "KeyName": "id_rsa", "SecurityGroups": ["SSH", "web"],

aws ec2 run-instances --cli-input-json file://arguments.json

What else can we do?

aws ec2 run-instances --generate-cli-skeleton

Creating and using JSON templates Demo

Credential Providers

export AWS_ACCESS_KEY_ID=... ~/.aws/credentials CredentialLocator ~/.aws/config Amazon EC2 Instance Metadata

export AWS_ACCESS_KEY_ID=... ~/.aws/credentials CredentialLocator ~/.aws/config Amazon EC2 Instance Metadata

export AWS_ACCESS_KEY_ID=... ~/.aws/credentials CredentialLocator ~/.aws/config Amazon EC2 Instance Metadata

export AWS_ACCESS_KEY_ID=... ~/.aws/credentials CredentialLocator ~/.aws/config Amazon EC2 Instance Metadata

export AWS_ACCESS_KEY_ID=... ~/.aws/credentials CredentialLocator ~/.aws/config AssumeRole Amazon EC2 Instance Metadata

Delegate access to AWS resources using AWS Identity and Access Management (IAM) Roles

Production Development Role Policy Trust Policy

Production Development Assume Role

aws configure set profile.prodrole.role_arn arn:aws:iam... aws configure set profile.prodrole.source_profile dev

~/.aws/credentials ~/.aws/config [dev] aws_access_key_id = foo aws_secret_access_key = bar [profile prodrole] role_arn = arn:aws:iam source_profile = dev

Using Roles with the AWS CLI Demo

Amazon S3 Streaming

aws s3 cp

We want to avoid disk

aws s3 cp - s3://bucket/key

aws s3 cp s3://bucket/key -

Compress

aws s3 cp s3://bucket/key - \ bzip2 --best \ aws s3 cp - s3://buckey/key.bz2

Amazon S3 Streaming Demo

botocore

Implementation Details Architecture AWS CLI botocore Providers Serializers Parsers HTTP

Implementation Details Architecture AWS CLI AWS CLI botocore Providers Serializers Parsers HTTP

list_buckets.py import botocore s = botocore.session.get_session() s3 = s.create_client('s3', region_name='us-west-2') for bucket in s3.list_buckets()['buckets']: print("bucket: {bucket}.format(bucket=bucket['name']))

Using botocore in the python REPL Demo

Wrap-Up

Review Configuration Waiters Query Templates Credential Providers Amazon S3 Streaming

More Information https://github.com/aws/aws-cli http://docs.aws.amazon.com/cli/latest/userguide/ https://forums.aws.amazon.com/forum.jspa?forumid=150 http://docs.aws.amazon.com/cli/latest/reference/ http://jmespath.org/ Boto3 Talk

Brian Wagner, Solutions Architect

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback