Open in app

Sign in

Write

Sign in

IAM and AWS CLI: A Guide to Accessing AWS Services from the Command Line: Day 42 of 90 Days of DevOps

A Step-by-Step Guide to Accessing AWS Services from the Command Line using IAM Programmatic Access and AWS CLI

Ajit Fawade
6 min readNov 8, 2023

Are you a DevOps learner who wants to access AWS services from the command line using IAM programmatic access and AWS CLI? If yes, then this blog post is for you.

In this post, I’ll explain what IAM programmatic access is and how to use AWS CLI, a unified tool to manage your AWS services from the command line.

By the end of this post, you’ll be able to:

  • Understand what IAM programmatic access is and why it is useful for your AWS account
  • Understand what AWS CLI is and how it works with AWS services
  • Create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console
  • Setup and install AWS CLI and configure your account credentials

Let’s get started!

What is IAM Programmatic Access?

IAM programmatic access is a way to allow users or services to interact with AWS resources through APIs, SDKs, or command-line tools, such as AWS CLI, instead of the AWS Management Console. With programmatic access, users or services can perform automated tasks, manage resources, and access data in AWS without manual intervention.

To use programmatic access, you need to create access keys for your IAM user or role. Access keys consist of two parts:

  • AWS_ACCESS_KEY_ID: A unique identifier for your access key
  • AWS_SECRET_ACCESS_KEY: A secret key that you use to sign requests to AWS

You can use these access keys to authenticate your requests to AWS and authorize your actions on AWS resources. You can also rotate or delete your access keys as needed to maintain the security of your AWS account.

What is AWS CLI?

AWS CLI (Command Line Interface) is a unified tool that provides a command-line interface for interacting with AWS services. It allows users to manage AWS resources using commands in the terminal or scripts, making it easier to automate tasks and manage large-scale deployments. The AWS CLI supports a wide range of AWS services, including EC2, S3, Lambda, and more, and can be installed on Windows, macOS, and Linux.

The AWS CLI v2 offers several new features including improved installers, new configuration options such as AWS IAM Identity Center (successor to AWS SSO), and various interactive features.

To use the AWS CLI, you need to configure your AWS credentials and region. You can do this by using the aws configure command or by setting environment variables or configuration files. You can also use profiles to manage multiple sets of credentials and configurations.

How to Create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console

To create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console, we’ll use the following steps:

1. Navigate to the IAM Console: Sign in to your AWS account and open the AWS Management Console. In the search bar at the top of the console, type “IAM” and select “IAM” from the search results.

2. Access Users and Groups: In the IAM console’s left navigation pane, choose “Users” under the “Access Management” section.

3. Select the User: Locate the user for whom you want to create an access key and click on their username.

4. Expand Security Credentials: In the user’s details page, click on the “Security credentials” tab.

5. Create New Access Key: Under the “Access keys” section, click on the “Create access key” button.

6. Review Access Key Details: A pop-up window will appear displaying your new access key ID and secret access key. Ensure you copy and paste these keys securely as they will be used to configure your AWS CLI later.

7. Download Key File (Optional): If preferred, you can download the key file containing both the access key ID and secret access key.

8. Click “Done”: Once you have copied or downloaded the keys, click on the “Done” button to exit the Create access key section.

9. Verify Access Key Creation: Your newly created access key will now appear in the list of access keys under the “Security credentials” tab. You can view the status, creation date, and last used date of the access key. You can also delete or deactivate the access key as needed.

You have successfully created AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the AWS Console.

How to Setup and Install AWS CLI and Configure Your Account Credentials

To setup and install AWS CLI and configure your account credentials, we’ll use the following steps:

1.Go to the AWS CLI [download page] and choose the installer for your operating system. For example, you can choose Windows, Linux, or macOS.

2. Follow the instructions on the download page to install the AWS CLI on your system. For example, you can run the installer file or use the package manager to install the AWS CLI.

3. To verify that the AWS CLI is installed correctly, open a terminal or command prompt and run the following command:

aws --version

This command will display the AWS CLI version and some other information. You should see something like this:

4. To configure your AWS credentials and region, run the following command:

aws configure

This command will prompt you to enter your AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, default region, and default output format. You can enter the values that you obtained or prefer, or press Enter to skip the prompt. For example, you can enter something like this:

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json

This will create a default profile with the specified credentials and configuration in the ~/.aws/credentials and ~/.aws/config files. You can also use the — profile option to create or use a different profile. For example, you can run the following command to create a profile named dev:

aws configure --profile dev

5. To verify that your AWS credentials and region are configured correctly, run the following command:

aws sts get-caller-identity

This command will display the user ID, account ID, and ARN of the user or role that is making the request. You should see something like this:

You have successfully set up and installed AWS CLI and configured your account credentials.

Conclusion

In this blog post, I have explained what IAM programmatic access is and how to use AWS CLI, a unified tool to manage your AWS services from the command line. I have also shown you how to create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console, set up and install AWS CLI, and configure your account credentials.

I hope you found this blog post informative and engaging.

This is the end of the blog post for Day 42 of 90 Days of DevOps.

Thank you for reading and stay tuned for more posts in this series! 😊

DevOps
90daysofdevops
AWS
Aws Cli
Iam Roles

--

--

Ajit Fawade

Written by Ajit Fawade

316 Followers

DevOps Enthusiast

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams