AWS CLI Guide Part 1: From Basics to Intermediate Commands

Introduction

What is AWS CLI?

AWS CLI (Command Line Interface) is a tool that allows users to interact with AWS services through a set of text-based commands. Think of it as typing instructions into a “command box” to perform tasks on AWS services, rather than clicking through a web interface (AWS Management Console).

Example:

Let’s say you want to see all the S3 buckets you own. With AWS CLI, you simply type:

aws s3 ls

• What it does: This command lists all the S3 buckets in your AWS account.
• Outcome: You’ll see the bucket names and creation dates displayed in your terminal.

This tool is highly flexible and powerful, as it supports nearly all AWS services and allows automation via scripts.

Why Use AWS CLI?

AWS CLI is a game-changer for cloud management. Here’s why you might choose it over the Management Console:

1. Speed
   Instead of clicking through multiple screens to create an S3 bucket, you can use a single command:

   aws s3 mb s3://my-new-bucket
   

   • What it does: Creates an S3 bucket named my-new-bucket.
   • Outcome: A new storage bucket is ready to use, all in one command!

2. Automation
   AWS CLI supports scripting. This means you can write scripts to automate repetitive tasks, like starting multiple EC2 instances at specific times.
   For instance:

   aws ec2 start-instances --instance-ids i-0abc12345678defg i-0hij12345678klmn
   

   • What it does: Starts the EC2 instances with the specified instance IDs.
   • Outcome: Saves time by automating tasks across multiple services.

3. Scriptability
   CLI integrates seamlessly with shell scripting tools (like Bash or PowerShell). You can create custom workflows, such as daily backups or scheduled cleanups.

4. Broad Coverage
   CLI supports nearly every AWS service, including some not yet available in the AWS Management Console.

Layman’s Analogy:

Imagine the AWS Management Console as a detailed recipe book. While it’s great for learning, it takes time to flip through pages to find a recipe. AWS CLI is like asking a chef to directly prepare the dish for you when you give a short command!

Prerequisites for Using AWS CLI

Before diving into AWS CLI, here’s what you’ll need:

1. An AWS Account

Sign up at AWS to create your account. You can use the free tier for most basic tasks while learning.

2. Basic Knowledge of AWS Services

Understanding AWS services like S3 (storage), EC2 (virtual servers), and IAM (access management) will make your experience smoother.

Getting Started with AWS CLI

This section will guide you through the essential steps to set up and start using AWS CLI effectively.

Installing AWS CLI

AWS CLI is available for different operating systems, and the installation steps are straightforward.

1. For Windows:

1. Download the AWS CLI MSI installer from AWS CLI Downloads.
2. Run the installer and follow the on-screen instructions.
3. Verify the installation:
   Open Command Prompt or PowerShell and type:

   aws --version
   

   • What it does: Checks if AWS CLI is installed and displays the version.
   • Outcome: You should see an output like:

     aws-cli/2.12.2 Python/3.9.10 Windows/10
     

2. For macOS and Linux:

AWS CLI can be installed using pip, the Python package manager:

1. Open your terminal.
2. Run the following command:

   pip install awscli
   

   • What it does: Downloads and installs AWS CLI on your system.
   • Outcome: AWS CLI will be installed and ready to use.
3. Verify the installation:

   aws --version
   

   • Outcome: Similar to Windows, you’ll see the installed version displayed.

(Why do we verify installation?)

Verifying ensures that AWS CLI is properly installed and available in your system’s path, so you can use its commands directly.

Configuring AWS CLI

Once AWS CLI is installed, it needs to be linked to your AWS account. This is done using the aws configure command.

1. Open a terminal (Command Prompt, PowerShell, or any CLI tool).
2. Type:

   aws configure
   

   • What it does: This command starts an interactive setup where you input your AWS credentials and preferences.
3. Provide the following details when prompted:
   • Access Key ID: Acts as your username.
   • Secret Access Key: Works like a password.
   • Default Region: Choose the AWS region closest to your operations (e.g., us-east-1 , ap-south-1).
   • Default Output Format: Select how you want AWS CLI to display results (choose json for clarity).

Example Configuration:

Here’s how the process looks:

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Output Explanation:

• Access Key ID and Secret Access Key: These are generated in the AWS Management Console under IAM > Users > Security Credentials.
• Region: AWS data centers are grouped into regions. Picking the closest one minimizes latency.
• Output Format: Options include:
  • json: Machine-readable and visually structured.
  • table: Easy-to-read, tabular format.
  • text: Minimal, raw output.

(Can I change these settings later?)

Yes, you can run aws configure again to update your credentials or preferences.

Basic AWS CLI Command Structure

AWS CLI commands follow a consistent structure, which makes them easy to learn and use.

Command Syntax:

aws <service> <operation> --parameter1 value1 --parameter2 value2

Example Breakdown:

Suppose you want to list all the S3 buckets in your AWS account. The command would be:

aws s3 ls

• What it does:
  • aws: Invokes the AWS CLI.
  • s3: Specifies the AWS service (S3 in this case).
  • ls: The operation to perform, which lists all buckets.
• Outcome: Displays a list of your S3 buckets, along with their creation dates.

Another Example:

Let’s create an S3 bucket named my-new-bucket:

aws s3 mb s3://my-new-bucket

• What it does:
  • mb: Stands for “Make Bucket.”
  • s3://my-new-bucket: Specifies the name of the new bucket.
• Outcome: A new S3 bucket named my-new-bucket is created in your default region.

Understanding CLI Parameters

AWS CLI commands often require parameters to specify details. For example, launching an EC2 instance involves passing parameters like instance type and key name:

aws ec2 run-instances --image-id ami-0abcdef1234567890 --count 1 --instance-type t2.micro --key-name my-key --security-group-ids sg-0123456789abcdef

• Parameters Explained:
  • --image-id: The Amazon Machine Image (AMI) to use.
  • --count: Number of instances to launch (here, 1).
  • --instance-type: Type of instance (e.g., t2.micro for free tier).
  • --key-name: Name of the key pair for SSH access.
  • --security-group-ids: Security group to associate with the instance.

Layman’s Analogy:

Think of AWS CLI commands like filling out a form:

• Service: Which AWS department do you want to contact?
• Operation: What action do you want to perform?
• Parameters: What specific details are required to complete the action?

Summary for Beginners

1. Install AWS CLI using platform-specific methods.
2. Configure it with your AWS account credentials.
3. Use simple commands like aws s3 ls to explore and interact with services.
4. Gradually learn advanced commands by building on the basic syntax.

Basic AWS CLI Commands

AWS CLI offers a vast range of commands to interact with different AWS services. Let’s start with some basic and commonly used commands across various services, with examples and explanations.

1. General AWS CLI Commands

Checking AWS CLI Version

• Command:

  aws --version
  

• What it does: Checks the version of AWS CLI installed on your system.
• Outcome: Displays the version information, like this:

  aws-cli/2.12.2 Python/3.9.10 Windows/10
  

Listing Available Services

• Command:

  aws help
  

• What it does: Lists all AWS services that AWS CLI can interact with.
• Outcome: A list of AWS services, grouped by categories like “Compute,” “Storage,” and “Networking.”

Getting Help for a Specific Service

• Command:

  aws s3 help
  

• What it does: Shows detailed documentation and usage examples for the s3 service.
• Outcome: Displays command options, descriptions, and examples for working with S3.

2. AWS S3 (Simple Storage Service) Commands

Creating an S3 Bucket

• Command:

  aws s3 mb s3://my-first-bucket
  

• What it does: Creates a new bucket named my-first-bucket in your default region.
• Outcome:

  make_bucket: my-first-bucket
  

Copying a File to an S3 Bucket

• Command:

  aws s3 cp myfile.txt s3://my-first-bucket/
  

• What it does: Uploads myfile.txt to the bucket named my-first-bucket.
• Outcome: Confirmation of successful upload:

  upload: ./myfile.txt to s3://my-first-bucket/myfile.txt
  

Listing Files in an S3 Bucket

• Command:

  aws s3 ls s3://my-first-bucket/
  

• What it does: Lists all files stored in the bucket my-first-bucket.
• Outcome:

  2024-12-17 10:32:45  1024 myfile.txt
  

Deleting an S3 Bucket

• Command:

  aws s3 rb s3://my-first-bucket --force
  

• What it does: Deletes the bucket my-first-bucket along with its contents.
• Outcome:

  remove_bucket: my-first-bucket
  

3. AWS EC2 (Elastic Compute Cloud) Commands

Describing All Instances

• Command:

  aws ec2 describe-instances
  

• What it does: Lists details about all EC2 instances in your AWS account.
• Outcome: JSON output showing instance details like instance ID, type, state, and region.

Starting an EC2 Instance

• Command:

  aws ec2 start-instances --instance-ids i-1234567890abcdef0
  

• What it does: Starts the EC2 instance with the specified ID.
• Outcome:

  {
      "StartingInstances": [
          {
              "InstanceId": "i-1234567890abcdef0",
              "CurrentState": {
                  "Code": 0,
                  "Name": "pending"
              },
              "PreviousState": {
                  "Code": 80,
                  "Name": "stopped"
              }
          }
      ]
  }
  

Stopping an EC2 Instance

• Command:

  aws ec2 stop-instances --instance-ids i-1234567890abcdef0
  

• What it does: Stops the EC2 instance with the specified ID.
• Outcome: Similar to the output for starting an instance but with the Name set to “stopping.”

Launching a New EC2 Instance

• Command:

  aws ec2 run-instances --image-id ami-0abcdef1234567890 --count 1 --instance-type t2.micro --key-name my-key --security-group-ids sg-0123456789abcdef
  

• What it does: Launches a new EC2 instance with the specified AMI, instance type, and security group.
• Outcome: Returns details of the newly launched instance.

4. AWS IAM (Identity and Access Management) Commands

Listing IAM Users

• Command:

  aws iam list-users
  

• What it does: Lists all IAM users in your AWS account.
• Outcome: JSON output with user names, creation dates, and ARNs.

Creating a New IAM User

• Command:

  aws iam create-user --user-name new-user
  

• What it does: Creates a new IAM user named new-user.
• Outcome: JSON response with user details:

  {
      "User": {
          "Path": "/",
          "UserName": "new-user",
          "UserId": "AIDAIEXAMPLEID",
          "Arn": "arn:aws:iam::123456789012:user/new-user",
          "CreateDate": "2024-12-17T12:34:56Z"
      }
  }
  

5. AWS CloudWatch Commands

Listing Metrics

• Command:

  aws cloudwatch list-metrics
  

• What it does: Lists all CloudWatch metrics available in your account.
• Outcome: A JSON array of metrics with namespace, metric name, and dimensions.

Getting Metric Data

• Command:

  aws cloudwatch get-metric-data --metric-data-queries file://queries.json --start-time 2024-12-16T00:00:00Z --end-time 2024-12-17T00:00:00Z
  

• What it does: Retrieves CloudWatch metric data based on the specified query in queries.json.
• Outcome: JSON response with metric values and timestamps.

6. AWS Lambda Commands

Listing Functions

• Command:

  aws lambda list-functions
  

• What it does: Lists all Lambda functions in your account.
• Outcome: JSON output with details like function name, runtime, and last modified date.

Invoking a Lambda Function

• Command:

  aws lambda invoke --function-name my-function-name response.json
  

• What it does: Executes the Lambda function my-function-name and stores the response in response.json.
• Outcome: Creates a response.json file containing the function’s output.

Key Takeaways for Beginners

1. Start with simple commands like checking the AWS CLI version and listing services.
2. Gradually explore service-specific commands, starting with frequently used services like S3 and EC2.
3. Use the help option to learn more about available commands and their parameters.
4. Practice by performing small tasks like creating S3 buckets, uploading files, or starting/stopping EC2 instances.

Intermediate AWS CLI Commands

After mastering the basic commands, you can move on to intermediate-level commands that involve more complex operations and interactions with AWS services. Below are some commonly used commands across multiple services.

1. Advanced S3 Operations

Syncing Local Files with S3

• Command:

  aws s3 sync ./local-folder s3://my-bucket-name
  

• What it does: Synchronizes files from a local folder to an S3 bucket. Only new or modified files are uploaded.
• Outcome:

  upload: ./file1.txt to s3://my-bucket-name/file1.txt
  upload: ./file2.txt to s3://my-bucket-name/file2.txt
  

• Example in Layman’s Terms: Imagine you have a local folder of photos, and you want to upload only the new ones to a cloud photo album. This command does exactly that—it saves time by skipping already uploaded files.

Enabling Bucket Versioning

• Command:

  aws s3api put-bucket-versioning --bucket my-bucket-name --versioning-configuration Status=Enabled
  

• What it does: Turns on versioning for the specified S3 bucket. This keeps previous versions of files whenever they are updated or deleted.
• Outcome: No immediate visible output, but the bucket now supports versioning.
• Why it’s Useful: Helps recover previous versions of files, like undoing an accidental overwrite.

2. Working with EC2 Instances

Resizing an EC2 Instance (Changing Instance Type)

• Command:

  aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --instance-type "{\"Value\":\"t3.large\"}"
  

• What it does: Changes the instance type for an EC2 instance to t3.large. The instance must be stopped before resizing.
• Outcome:

  {
      "ResponseMetadata": {
          "RequestId": "abc12345-6789-0def-1234-567890abcdef",
          "HTTPStatusCode": 200
      }
  }
  

• Example in Layman’s Terms: Imagine upgrading a small laptop (t2.micro) to a powerful desktop (t3.large). This command helps upgrade the EC2 instance to handle more workloads.

Creating a Custom EC2 Key Pair

• Command:

  aws ec2 create-key-pair --key-name MyKeyPair --query "KeyMaterial" --output text > MyKeyPair.pem
  

• What it does: Generates a new SSH key pair for EC2 instances. The private key is saved in MyKeyPair.pem.
• Outcome: A new key pair is created, and the private key is downloaded locally.
• Why it’s Useful: You’ll need this key to securely access your EC2 instance via SSH.

3. DynamoDB Commands

Creating a DynamoDB Table

• Command:

  aws dynamodb create-table \
      --table-name MyTable \
      --attribute-definitions AttributeName=ID,AttributeType=S \
      --key-schema AttributeName=ID,KeyType=HASH \
      --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
  

• What it does: Creates a new DynamoDB table named MyTable with a primary key ID of type string.
• Outcome: JSON output with table details, including table status as CREATING.
• Example in Layman’s Terms: Think of DynamoDB as a digital spreadsheet where each row has a unique ID. This command creates the spreadsheet and sets up the first column as a unique identifier.

Scanning a DynamoDB Table

• Command:

  aws dynamodb scan --table-name MyTable
  

• What it does: Fetches all items from the table MyTable.
• Outcome: JSON output listing all the items in the table.

4. Managing IAM Users and Roles

Attaching a Policy to an IAM User

• Command:

  aws iam attach-user-policy --user-name MyUser --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
  

• What it does: Grants the MyUser access to perform all actions on S3.
• Outcome: No direct output, but the policy is attached to the user.
• Example in Layman’s Terms: Imagine giving someone a key to access all rooms in a house (all S3 buckets). This command hands over that key.

Creating an IAM Role

• Command:

  aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json
  

• What it does: Creates an IAM role named MyRole with the trust policy specified in trust-policy.json.
• Outcome: JSON output containing role details.
• Why it’s Useful: Roles are used for securely granting permissions to AWS services or applications.

5. CloudFormation Commands

Deploying a CloudFormation Stack

• Command:

  aws cloudformation create-stack --stack-name MyStack --template-body file://template.json
  

• What it does: Launches a CloudFormation stack based on the template provided in template.json.
• Outcome:

  {
      "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc12345-def6-7890-ghij-klmnopqrstuv"
  }
  

Listing All Stacks

• Command:

  aws cloudformation list-stacks
  

• What it does: Lists all active and deleted CloudFormation stacks in your account.
• Outcome: JSON output containing stack names, statuses, and creation timestamps.

6. AWS CloudWatch Commands

Setting Up an Alarm

• Command:

  aws cloudwatch put-metric-alarm \
      --alarm-name CPUAlarm \
      --metric-name CPUUtilization \
      --namespace AWS/EC2 \
      --statistic Average \
      --period 300 \
      --threshold 80 \
      --comparison-operator GreaterThanOrEqualToThreshold \
      --dimensions Name=InstanceId,Value=i-1234567890abcdef0 \
      --evaluation-periods 2 \
      --alarm-actions arn:aws:sns:us-east-1:123456789012:MyTopic
  

• What it does: Creates an alarm to notify you when the average CPU utilization of an EC2 instance exceeds 80% over two consecutive 5-minute periods.
• Outcome:

  {
      "ResponseMetadata": {
          "RequestId": "abc12345-6789-0def-1234-567890abcdef",
          "HTTPStatusCode": 200
      }
  }
  

Viewing Logs from CloudWatch

• Command:

  aws logs get-log-events --log-group-name MyLogGroup --log-stream-name MyLogStream
  

• What it does: Retrieves log events from a specific log group and stream.
• Outcome: JSON output showing log messages and timestamps.

Key Takeaways for Intermediate Commands

1. Intermediate commands often involve service-specific operations that require detailed input, such as JSON templates or multiple parameters.
2. Test these commands in a sandbox environment to avoid unintentional resource usage or charges.
3. Use AWS documentation and the --help option for additional details and examples.