AWS CLI: An Introduction
Today we are continuing our journey into the AWS cloud with AWS CLI. Command line interface (CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell. AWS CLI enables you to run commands that are the equivalent to those provided by the browser based AWS Management Console.
In my previous article Automation: How to update an AWS EC2 instance and install NGINX upon launch, I discussed how to save some time by updated and installing an NGIX web server via the user-data field. Today we do all of this through the AWS CLI, which provides us with a more efficient way to start an EC2 instance and a way reduce repetitive tasks. You can read more about the AWS CLI here. This official guide will help you troubleshoot any problems and has a step-by-step guide that you can follow as well.
Prerequisites
- An AWS account and an IAM user
- Basic working knowledge of the AWS Management console
- Basic knowledge of AWS EC2 instances
- Basic knowledge of Linux and commands
- Basic knowledge of Bash scripting
- Access to a command line terminal or shell
Step 1: Installing the AWS CLI
Follow the guide provided on the AWS CLI webpage to install the AWS CLI on Windows, Linux, or Mac. I will be installing the CLI using the package installer for MacOS.
Once you have downloaded the installer, open it and follow the guided steps.
Once the installation process is complete, let’s run the following command in terminal to confirm that the install was successful.
which aws
Then run:
aws --version
If you see a result like the screenshot below, great: AWS and the shell can communicate, and we have checked which version we are running.
Step 2: Configuring AWS CLI
We now need to configure the CLI with some basic settings and credentials in order to access resources from AWS. Below is a list of the four things we will be configuring:
- AWS access Key ID
- AWS Secret Key
- Default region
- Default output format
The Key pair that was generated when our IAM account was created contains both the Access key ID and the Secret access key. I have my keys saved to a specific folder, so that I always have access to them. If you have lost your Key pair or forgotten where it is stored, you can create a new one. You should always delete unused keys.
Type aws configure and follow along.
AWS Access Key ID [None]: [Your Access Key]
AWS Secret Access Key [None]: [Your Secret Access Key]
Default region name [None]: [us-east-1]
Default output format [None]: [json]If you have gotten this far without any issues, congratulations! If you had any sort of problem (like I did), go back to the beginning and make sure that you are using the correct Key Pair. If you are following along and are still having issues, go to the AWS CLI official guide here for help.
Step 3: Collect all the information we need to create an EC2 instance
We are going to need to collect some information in order to complete today’s task.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type <type-name> \
--security-group-ids <security-group=id> \
--subnet-id <subnet-id> \
--key-name <keyname> \
--user-data file://<userdatafile.txt>Create an AMI image.
This is the operating system that the EC2 instance will run on. Navigate to the instance dashboard in EC2 webpage and select the AMI Catalog tab under Images on the left. I will be using an Ubuntu 22.04 AMI; you can use an AWS Linux 2 AMI or whatever you feel comfortable with. Copy the AMI Id.
Next we need to find and copy our VPC ID. Our AWS account was provided a default VPC and subnet upon startup. You can find this information in a few different ways. You can navigate to the VPC services page and “Your VPC’s.” Copy the ID as you can see I have done.
Or you can use the CLI; type the following command:
aws ec2 describe-vpcs
Next up we need to find and copy our subnet ID: you can find this under the Subnets tab. Make sure to select the subnet you want, then copy the ID as shown.
This information can also be acquired with the CLI; type in the following command:
aws ec2 describe-subnets
I just noticed for future reference that our VPC ID is also listed here, so we can just use aws ec2 describe-subnets.
Creating a Key pair:
We now need to create a Key pair or copy one if we already have one. You can use one that you already have created, but if you need to, you can create one by navigating to the Key pairs tab under network security in EC2. Click “Create new key pair” and save the file.
This can also be accomplished through the CLI; type the following command:
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pemThis will create a new key pair named “MyKeyPair”!
You can verify this by opening the file where your keys are stored, or you can use this command in the CLI to display your keys.
aws ec2 describe-key-pairs — key-name MyKeyPair
Fantastic!
Next we need to change the permissions of our new key. Use the command:
chmod 400 [your key name].pem
We will now create a security group:
A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups.
Again, we can create a new security group on the AWS management console and copy the ID here.
We can use the CLI; type the following command:
aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4dCopy the following group ID into your file.
We can now go back to the AWS management console, look in security groups, and see that it has indeed been created. We still need to assign rules to it.
Security group rules:
We are now going to create SSH rules for our group. We need to allow traffic to port 22, but we only are going to allow this from our IP address. Using the instructions from the AWA CLI guide, we are going to use the following command to find our IP address:
curl https://checkip.amazonaws.comCopy the address that is returned to you.
The following command adds another rule to enable SSH to instances in the same security group. Don’t forget to include /32 on the end of your IP.
aws ec2 authorize-security-group-ingress --group-id [your security group ID] --protocol tcp --port 22 --cidr x.x.x.xThis next command will add another rule to enable SSH to instances in the same security group.
aws ec2 authorize-security-group-ingress --group-id [your security group id] --protocol tcp --port 80 --cidr x.x.x.xYou will again be returned some information in json format.
To view the changes to the security group use this command:
aws ec2 describe-security-groups --group-ids [your security group]
Step 4: Create a Bash script that installs and runs an NGNIX web server
In my last article Automation: How to update an AWS EC2 instance and install NGINX upon launch, I created a short Bash script to update all packages, install NGINX, and start the web server during initialization. I will be using the same script here and storing it as a user-data.sh file.
Open up vim [your file name].
Insert:
#!/bin/bash
sudo apt update -y
sudo apt-get install nginx -y
sudo service nginx startType :wq to save and quit. Now we need to change the permissions for this file.
chmod 744 [your file name]
We now have all of the information needed to start our EC2 instance via AWS CLI.
Now let’s see this whole shebang!
Use the following command:
aws ec2 run-instances --image-id ami-0574da719dca65348 --count 1 --instance-type t2.micro --key-name [Your key pair name]--security-group-ids [Your security group id]--user-data file://user-data.shAnd you should see this:
There is more in the json format. Give it a minute and go to the AWS Management console to see your new instance initializing and then running.
Copy the Public IP address and paste it into your browser.
Congratulations! We covered a lot of ground and various AWS services to get today’s task completed. I really enjoyed today’s task, and I hope that you enjoyed reading this.
Thank you for reading the projects that I am posting. I will continue to post more in the future!
