AWS CLI setup and test

This is the second part of the CLI series.   In the 1st post we covered Oracle OCI CLI install, configure and use.  In this post, we’ll do the same for AWS.  This is not a compartive Blog post….so no wagering please.

Firstly we install PIP.  PIP,  is a package-management system used to install and manage software packages written in Python.  Check here for details https://pypi.org/project/pip/

Run and install PIP to pull the rest of the packages down.  Set it in your PATH .

[root@nishanconsult ~]# python --version
Python 2.7.5

[root@nishanconsult ~]# curl -O https://bootstrap.pypa.io/get-pip.py
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Dload  Upload   Total   Spent    Left  Speed
100 1669k  100 1669k    0     0  2221k      0 --:--:-- --:--:-- --:--:-- 2223k
[root@nishanconsult ~]# python get-pip.py --user
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting pip
Downloading https://files.pythonhosted.org/packages/5c/e0/be401c003291b56efc55aeba6a80ab790d3d4cece2778288d65323009420/pip-19.1.1-py2.py3-none-any.whl (1.4MB)
|████████████████████████████████| 1.4MB 3.4MB/s
Collecting wheel
Downloading https://files.pythonhosted.org/packages/bb/10/44230dd6bf3563b8f227dbf344c908d412ad2ff48066476672f3a72e174e/wheel-0.33.4-py2.py3-none-any.whl
Installing collected packages: pip, wheel
WARNING: The script wheel is installed in '/root/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed pip-19.1.1 wheel-0.33.4

 

Lets add this to our PATH

[root@nishanconsult ~]# export PATH=$PATH:/root/.local/bin
[root@nishanconsult ~]# which pip
/root/.local/bin/pip

[root@nishanconsult ~]# pip --version
pip 19.1.1 from /root/.local/lib/python2.7/site-packages/pip (python 2.7)

Noe that we have python installated with PIP.  Lets install the awscli and check it once its done installing 

[root@nishanconsult ~]# pip install awscli --upgrade --user
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting awscli
Downloading https://files.pythonhosted.org/packages/1b/ea/62e3e65da5016f9641b9edee0f459e87eb813ed276f996aceb76f3ddd140/awscli-1.16.167-py2.py3-none-any.whl (1.6MB)
|████████████████████████████████| 1.6MB 3.1MB/s
Collecting colorama<=0.3.9,>=0.2.5 (from awscli)
Downloading https://files.pythonhosted.org/packages/db/c8/7dcf9dbcb22429512708fe3a547f8b6101c0d02137acbd892505aee57adf/colorama-0.3.9-py2.py3-none-any.whl
Collecting rsa<=3.5.0,>=3.1.2 (from awscli)
Downloading https://files.pythonhosted.org/packages/e1/ae/baedc9cb175552e95f3395c43055a6a5e125ae4d48a1d7a924baca83e92e/rsa-3.4.2-py2.py3-none-any.whl (46kB)
|████████████████████████████████| 51kB 11.3MB/s
Collecting docutils>=0.10 (from awscli)
Downloading https://files.pythonhosted.org/packages/50/09/c53398e0005b11f7ffb27b7aa720c617aba53be4fb4f4f3f06b9b5c60f28/docutils-0.14-py2-none-any.whl (543kB)
|████████████████████████████████| 552kB 11.6MB/s
Collecting s3transfer<0.3.0,>=0.2.0 (from awscli)
Downloading https://files.pythonhosted.org/packages/d7/de/5737f602e22073ecbded7a0c590707085e154e32b68d86545dcc31004c02/s3transfer-0.2.0-py2.py3-none-any.whl (69kB)
|████████████████████████████████| 71kB 13.0MB/s
Requirement already satisfied, skipping upgrade: PyYAML<=3.13,>=3.10 in /usr/lib64/python2.7/site-packages (from awscli) (3.10)
Collecting botocore==1.12.157 (from awscli)
Downloading https://files.pythonhosted.org/packages/e5/cb/4eaa777b18010d0419a23c4332b0ff9f9d14b8de251be942b02a79108b91/botocore-1.12.157-py2.py3-none-any.whl (5.4MB)
|████████████████████████████████| 5.4MB 8.0MB/s
Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli)
Downloading https://files.pythonhosted.org/packages/7b/7c/c9386b82a25115cccf1903441bba3cbadcfae7b678a20167347fa8ded34c/pyasn1-0.4.5-py2.py3-none-any.whl (73kB)
|████████████████████████████████| 81kB 15.1MB/s
Requirement already satisfied, skipping upgrade: futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" in /usr/lib/python2.7/site-packages (from s3transfer<0.3.0,>=0.2.0->awscli) (3.1.1)
Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.12.157->awscli)
Downloading https://files.pythonhosted.org/packages/83/94/7179c3832a6d45b266ddb2aac329e101367fbdb11f425f13771d27f225bb/jmespath-0.9.4-py2.py3-none-any.whl
Collecting python-dateutil<3.0.0,>=2.1; python_version >= "2.7" (from botocore==1.12.157->awscli)
Downloading https://files.pythonhosted.org/packages/41/17/c62faccbfbd163c7f57f3844689e3a78bae1f403648a6afb1d0866d87fbb/python_dateutil-2.8.0-py2.py3-none-any.whl (226kB)
|████████████████████████████████| 235kB 14.4MB/s
Collecting urllib3<1.26,>=1.20; python_version == "2.7" (from botocore==1.12.157->awscli)
Downloading https://files.pythonhosted.org/packages/e6/60/247f23a7121ae632d62811ba7f273d0e58972d75e58a94d329d51550a47d/urllib3-1.25.3-py2.py3-none-any.whl (150kB)
|████████████████████████████████| 153kB 12.3MB/s
Requirement already satisfied, skipping upgrade: six>=1.5 in /usr/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1; python_version >= "2.7"->botocore==1.12.157->awscli) (1.9.0)
Installing collected packages: colorama, pyasn1, rsa, docutils, jmespath, python-dateutil, urllib3, botocore, s3transfer, awscli
Successfully installed awscli-1.16.167 botocore-1.12.157 colorama-0.3.9 docutils-0.14 jmespath-0.9.4 pyasn1-0.4.5 python-dateutil-2.8.0 rsa-3.4.2 s3transfer-0.2.0 urllib3-1.25.3

[root@nishanconsult ~]# aws --version
aws-cli/1.16.167 Python/2.7.5 Linux/3.10.0-957.el7.x86_64 botocore/1.12.157


[root@nishanconsult ~]# which aws
/root/.local/bin/aws

AWS requires that all incoming requests are cryptographically signed. The AWS CLI does this for you. The “signature” includes a date/time stamp. Therefore, you must ensure that your computer’s date and time are set correctly. If you don’t, and the date/time in the signature is too far off of the date/time recognized by the AWS service, then AWS rejects the request.

Configure AWS connectivity using the Secret Access Key and Access Key ID.  You can get this info from AWS Console in User section

[root@nishanconsult ~]# aws configure
AWS Access Key ID [None]: AKIA2RO2NWVAM5ITKXXX
AWS Secret Access Key [None]: 5E/h2VbDuHDdHUg5yuEJKC8PJat0u0qwRNZXXX
Default region name [None]:
Default output format [None]: JSON

Lets check to make sure it all works okay.  When you get a AWS account you get a default VPC.

But we will create a non-default VPC with some of the fixins’.   We will create a IGW, a route and Security Group.

Yes …I know we could/should do this in CloudFormation or Terrform, but this is just for illustration.

aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-west-1 --profile nitin
VPC    10.0.0.0/16    dopt-346b3353    default    False    724696937792    pending    vpc-085b96a3dd54738xxx
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-04df232af2dafeXXX    10.0.0.0/16
CIDRBLOCKSTATE    associated

aws ec2 describe-vpcs  --region us-west-1 --profile nitin
VPCS    172.31.0.0/16    dopt-346b3353    default    True    724696937792    available    vpc-33e1c854
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-49352421    172.31.0.0/16
CIDRBLOCKSTATE    associated
VPCS    10.0.0.0/16    dopt-346b3353    default    False    724696937792    available    vpc-085b96a3dd5473844
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-04df232af2dafe795    10.0.0.0/16
CIDRBLOCKSTATE    associated

[root@nishanconsult .aws]# aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-west-1 --profile nitin
VPC    10.0.0.0/16    dopt-346b3353    default    False    724696937792    pending    vpc-085b96a3dd5473844
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-04df232af2dafe795    10.0.0.0/16
CIDRBLOCKSTATE    associated
[root@nishanconsult .aws]# aws ec2 describe-vpcs  --region us-west-1 --profile nitin
VPCS    172.31.0.0/16    dopt-346b3353    default    True    724696937792    available    vpc-33e1c854
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-49352421    172.31.0.0/16
CIDRBLOCKSTATE    associated
VPCS    10.0.0.0/16    dopt-346b3353    default    False    724696937792    available    vpc-085b96a3dd5473844
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-04df232af2dafe795    10.0.0.0/16
CIDRBLOCKSTATE    associated
VPCS    10.0.0.0/16    dopt-346b3353    default    False    724696937792    available    vpc-0accf1cb4c0eb5ad5
CIDRBLOCKASSOCIATIONSET    vpc-cidr-assoc-053aa12740df8d995    10.0.0.0/16
CIDRBLOCKSTATE    associated

[root@nishanconsult .aws]# aws ec2 describe-subnets --region us-west-1 --profile nitin
SUBNETS    False    us-west-1c    usw1-az1    4091    172.31.16.0/20    True    True    724696937792    available    arn:aws:ec2:us-west-1:724696937792:subnet/subnet-a5d7cfc2    subnet-a5d7cfc2    vpc-33e1c854
SUBNETS    False    us-west-1b    usw1-az3    4091    172.31.0.0/20    True    True    724696937792    available    arn:aws:ec2:us-west-1:724696937792:subnet/subnet-fe1226a5    subnet-fe1226a5    vpc-33e1c854




[root@nishanconsult .aws]# aws ec2 create-subnet --vpc-id vpc-085b96a3dd5473844  --cidr-block 10.0.1.0/24 --region us-west-1 --profile nitin
SUBNET    False    us-west-1c    usw1-az1    251    10.0.1.0/24    False    False    724696937792    pending    arn:aws:ec2:us-west-1:724696937792:subnet/subnet-0df0209f63ed935dd    subnet-0df0209f63ed935dd    vpc-085b96a3dd5473844

[root@nishanconsult .aws]# aws ec2  attach-internet-gateway --vpc-id  vpc-085b96a3dd5473844 --internet-gateway-id  igw-0524c6ff9c8a4c486  --profile nitin --region us-west-1

aws ec2 describe-internet-gateways
INTERNETGATEWAYS    igw-0524c6ff9c8a4c486    724696937792
ATTACHMENTS    available    vpc-085b96a3dd5473844
INTERNETGATEWAYS    igw-65a38c01    724696937792
ATTACHMENTS    available    vpc-33e1c854

aws ec2 create-key-pair --key-name nishanKeyPair --query 'KeyMaterial' --output text > nishanKey.pem
[root@nishanconsult .aws]# chmod 400 nishanKey.pem

# aws ec2 create-security-group --group-name mySSHaccess --description "Security group for SSH access" --vpc-id vpc-085b96a3dd5473844
sg-02db6271b0da23b68
[root@nishanconsult .aws]# aws ec2 authorize-security-group-ingress --group-id sg-02db6271b0da23b68 --protocol tcp --port 22 --cidr 0.0.0.0/0

 

I’ll continue to add more use cases here…like creating a MariaDB or MongoDB