AWS CLI setup

Sat 11th Nov 2017 / Tags: #AWS

Installation

On Linux

sudo pip install awscli

Note: The version in Ubuntu Xenial APT is 1.11.13 (Nov 2016), while the latest is 1.11.183 (Nov 2017). pip is also the recommended installation method.

On Cygwin

Either install apt-cyg or use the GUI to install python-setuptools manually.

apt-cyg install python python-setuptools
easy_install-2.7 pip
pip install awscli

Test it

aws --version

Tab completion

echo "complete -C aws_completer aws" >> ~/.bashrc

I added it to my dotfiles, but there is a bug preventing this working correctly with 'menu-complete'.

It doesn't seem to be available on Windows (standard console).

Interactive shell

sudo pip install aws-shell
aws-shell

Upgrading

sudo pip install --upgrade awscli aws-shell

Configuration

Go to AWS Console > (Your name) > My Security Credentials.

While there, make sure multi-factor authentication (MFA) is enabled/configured for the root account.

Then go to Access keys > Create New Access Key. Press Show Access Key.

(Later I'll create an IAM user instead of using the root account.)

To choose a default region, consult:

I chose Ireland (eu-west-1) because it's marginally cheaper than London and has more services available.

For available output formats see here.

$ aws configure
AWS Access Key ID [None]: AKIAJX36SHYAL4QL7Z2Q
AWS Secret Access Key [None]: ***
Default region name [None]: eu-west-1
Default output format [None]: json

Test it:

aws iam get-user

Troubleshooting

An error occurred (SignatureDoesNotMatch) when calling the ListMFADevices operation: Signature expired: 20171110T224041Z is now earlier than 20171111T094029Z (20171111T095529Z - 15 min.)

Check the clock - in my case it was wrong after suspending the host machine.

$ sudo ntpdate ntp.org
11 Nov 09:58:14 ntpdate[24931]: step time server 128.4.24.98 offset 40487.921029 sec

Starting over

To revert everything set up above:

aws iam list-access-keys
aws iam delete-access-key --access-key-id AKIAIVEMCHMV42VQA7QA
vim ~/.bashrc
# Remove 'complete -C aws_completer aws'
sudo pip uninstall awscli aws-shell
rm -rf ~/.aws