aws-cli開始使用aws-cli


備註

描述

AWS命令行界面(CLI)是用於管理AWS服務的統一工具。只需一個工具即可下載和配置,您可以從命令行控制多個AWS服務,並通過腳本自動執行這些服務。

AWS CLI引入了一組新的簡單文件命令,用於與Amazon S3之間的高效文件傳輸。

支持的服務

有關可與AWS Command Line Interface一起使用的可用服務的列表,請參閱AWS CLI命令參考中的可用服務

GitHub上的AWS命令行界面

您可以在https://github.com/aws/aws-cli項目中查看和分叉GitHub上AWS CLI的源代碼。

版本

發布日期
38年1月10日 2016年6月14日
35年1月10日 2016年6月3日
33年1月10日 2016年5月25日
30年10月1日 2016年5月18日

AWS CLI備忘單 - 所有CLI命令列表

建立

安裝AWS CLI

AWS CLI是用於管理AWS資源的通用CLI工具。使用這個單一工具,我們可以管理所有aws資源

sudo apt-get install -y python-dev python-pip
sudo pip install awscli
aws --version
aws configure

Bash one-liners

cat <file> # output a file
tee # split output into a file
cut -f 2 # print the 2nd column, per line
sed -n '5{p;q}' # print the 5th line in a file
sed 1d # print all lines, except the first
tail -n +2 # print all lines, starting on the 2nd
head -n 5 # print the first 5 lines
tail -n 5 # print the last 5 lines

expand # convert tabs to 4 spaces
unexpand -a # convert 4 spaces to tabs
wc # word count
tr ' ' \\t # translate / convert characters to other characters

sort # sort data
uniq # show only unique entries
paste # combine rows of text, by line
join # combine rows of text, by initial column value




Cloudtrail - 日誌記錄和審計

http://docs.aws.amazon.com/cli/latest/reference/cloudtrail/ 5總計路徑,支持資源級別權限

# list all trails
aws cloudtrail describe-trails

# list all S3 buckets
aws s3 ls

# create a new trail
aws cloudtrail create-subscription \
    --name awslog \
    --s3-new-bucket awslog2016

# list the names of all trails
aws cloudtrail describe-trails --output text | cut -f 8

# get the status of a trail
aws cloudtrail get-trail-status \
    --name awslog

# delete a trail
aws cloudtrail delete-trail \
    --name awslog

# delete the S3 bucket of a trail
aws s3 rb s3://awslog2016 --force

# add tags to a trail, up to 10 tags
aws cloudtrail add-tags \
    --resource-id awslog \
    --tags-list "Key=log-type,Value=all"

# list the tags of a trail
aws cloudtrail list-tags \
    --resource-id-list 

# remove a tag from a trail
aws cloudtrail remove-tags \
    --resource-id awslog \
    --tags-list "Key=log-type,Value=all"




我是

用戶

https://blogs.aws.amazon.com/security/post/Tx15CIT22V4J8RP/How-to-rotate-access-keys-for-IAM-users http://docs.aws.amazon.com/IAM/latest/UserGuide /reference_iam-limits.html限制= 5000個用戶,100個組,250個角色,2個訪問密鑰/用戶

http://docs.aws.amazon.com/cli/latest/reference/iam/index.html

# list all user's info
aws iam list-users

# list all user's usernames
aws iam list-users --output text | cut -f 6

# list current user's info
aws iam get-user

# list current user's access keys
aws iam list-access-keys

# crate new user
aws iam create-user \
    --user-name aws-admin2

# create multiple new users, from a file
allUsers=$(cat ./user-names.txt)
for userName in $allUsers; do
    aws iam create-user \
        --user-name $userName
done

# list all users
aws iam list-users --no-paginate

# get a specific user's info
aws iam get-user \
    --user-name aws-admin2

# delete one user
aws iam delete-user \
    --user-name aws-admin2

# delete all users
# allUsers=$(aws iam list-users --output text | cut -f 6);
allUsers=$(cat ./user-names.txt)
for userName in $allUsers; do
    aws iam delete-user \
        --user-name $userName
done

密碼政策

http://docs.aws.amazon.com/cli/latest/reference/iam/

# list policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/get-account-password-policy.html
aws iam get-account-password-policy

# set policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/update-account-password-policy.html
aws iam update-account-password-policy \
    --minimum-password-length 12 \
    --require-symbols \
    --require-numbers \
    --require-uppercase-characters \
    --require-lowercase-characters \
    --allow-users-to-change-password

# delete policy
# http://docs.aws.amazon.com/cli/latest/reference/iam/delete-account-password-policy.html
aws iam delete-account-password-policy

訪問密鑰

http://docs.aws.amazon.com/cli/latest/reference/iam/

# list all access keys
aws iam list-access-keys

# list access keys of a specific user
aws iam list-access-keys \
    --user-name aws-admin2

# create a new access key
aws iam create-access-key \
    --user-name aws-admin2 \
    --output text | tee aws-admin2.txt

# list last access time of an access key
aws iam get-access-key-last-used \
    --access-key-id AKIAINA6AJZY4EXAMPLE

# deactivate an acccss key
aws iam update-access-key \
    --access-key-id AKIAI44QH8DHBEXAMPLE \
    --status Inactive \
    --user-name aws-admin2

# delete an access key
aws iam delete-access-key \
    --access-key-id AKIAI44QH8DHBEXAMPLE \
    --user-name aws-admin2

組,策略,託管策略

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html http://docs.aws.amazon.com/cli/latest/reference/iam/

# list all groups
aws iam list-groups

# create a group
aws iam create-group --group-name FullAdmins

# delete a group
aws iam delete-group \
    --group-name FullAdmins

# list all policies
aws iam list-policies

# get a specific policy
aws iam get-policy \
    --policy-arn <value>

# list all users, groups, and roles, for a given policy
aws iam list-entities-for-policy \
    --policy-arn <value>

# list policies, for a given group
aws iam list-attached-group-policies \
    --group-name FullAdmins

# add a policy to a group
aws iam attach-group-policy \
    --group-name FullAdmins \
    --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

# add a user to a group
aws iam add-user-to-group \
    --group-name FullAdmins \
    --user-name aws-admin2

# list users, for a given group
aws iam get-group \
    --group-name FullAdmins

# list groups, for a given user
aws iam list-groups-for-user \
    --user-name aws-admin2

# remove a user from a group
aws iam remove-user-from-group \
    --group-name FullAdmins \
    --user-name aws-admin2

# remove a policy from a group
aws iam detach-group-policy \
    --group-name FullAdmins \
    --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

# delete a group
aws iam delete-group \
    --group-name FullAdmins




EC2

密鑰對

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

# list all keypairs
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-key-pairs.html
aws ec2 describe-key-pairs

# create a keypair
# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-key-pair.html
aws ec2 create-key-pair \
    --key-name <value>

# create a new private / public keypair, using RSA 2048-bit
ssh-keygen -t rsa -b 2048

# import an existing keypair
# http://docs.aws.amazon.com/cli/latest/reference/ec2/import-key-pair.html
aws ec2 import-key-pair \
    --key-name keyname_test \
    --public-key-material file:///home/apollo/id_rsa.pub

# delete a keypair
# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-key-pair.html
aws ec2 delete-key-pair \
    --key-name <value>

安全組

http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html

# list all security groups
aws ec2 describe-security-groups

# create a security group
aws ec2 create-security-group \
    --vpc-id vpc-1a2b3c4d \
    --group-name web-access \
    --description "web access"

# list details about a securty group
aws ec2 describe-security-groups \
    --group-id sg-0000000

# open port 80, for everyone
aws ec2 authorize-security-group-ingress \
    --group-id sg-0000000 \
    --protocol tcp \
    --port 80 \
    --cidr 0.0.0.0/24

# get my public ip
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com);
echo $my_ip

# open port 22, just for my ip
aws ec2 authorize-security-group-ingress \
    --group-id sg-0000000 \
    --protocol tcp \
    --port 80 \
    --cidr $my_ip/24

# remove a firewall rule from a group
aws ec2 revoke-security-group-ingress \
    --group-id sg-0000000 \
    --protocol tcp \
    --port 80 \
    --cidr 0.0.0.0/24

# delete a security group
aws ec2 delete-security-group \
    --group-id sg-00000000

實例

http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html

# list all instances (running, and not running)
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html
aws ec2 describe-instances

# create a new instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html
aws ec2 run-instances \
    --image-id ami-f0e7d19a \    
    --instance-type t2.micro \
    --security-group-ids sg-00000000 \
    --dry-run

# stop an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html
aws ec2 terminate-instances \
    --instance-ids <instance_id>

# list status of all instances
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-status.html
aws ec2 describe-instance-status

# list status of a specific instance
aws ec2 describe-instance-status \
    --instance-ids <instance_id>

標籤

# list the tags of an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-tags.html
aws ec2 describe-tags

# add a tag to an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-tags.html
aws ec2 create-tags \
    --resources "ami-1a2b3c4d" \
    --tags Key=name,Value=debian

# delete a tag on an instance
# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-tags.html
aws ec2 delete-tags \
    --resources "ami-1a2b3c4d" \
    --tags Key=Name,Value=




的CloudWatch

日誌組

http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html http://docs.aws.amazon.com/cli/latest/reference/logs/index.html#cli-aws-logs

創建一個組

http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-group.html

aws logs create-log-group \
    --log-group-name "DefaultGroup"
列出所有日誌組

http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html

aws logs describe-log-groups

aws logs describe-log-groups \
    --log-group-name-prefix "Default"
刪除一個組

http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-group.html

aws logs delete-log-group \
    --log-group-name "DefaultGroup"

記錄流

# Log group names can be between 1 and 512 characters long. Allowed
# characters include a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen),
# '/' (forward slash), and '.' (period).

# create a log stream
# http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-stream.html
aws logs create-log-stream \
    --log-group-name "DefaultGroup" \
    --log-stream-name "syslog"

# list details on a log stream
# http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-streams.html
aws logs describe-log-streams \
    --log-group-name "syslog"

aws logs describe-log-streams \
    --log-stream-name-prefix "syslog"

# delete a log stream
# http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-stream.html
aws logs delete-log-stream \
    --log-group-name "DefaultGroup" \
    --log-stream-name "Default Stream"

使用Bash為Ubuntu進行AWS完成

以下實用程序可用於自動完成命令:

$ which aws_completer
/usr/bin/aws_completer

$ complete -C '/usr/bin/aws_completer' aws
 

對於將來的shell會話,請考慮將其添加到〜/ .bashrc中

$ echo "complete -C '/usr/bin/aws_completer' aws" >> ~/.bashrc
 

要檢查,請鍵入:

$ aws ec
 

按[TAB]鍵,它應自動添加2:

$ aws ec2
 

創建新的配置文件

要設置名為myprofile 的新憑據配置文件:

$ aws configure --profile myprofile
AWS Access Key ID [None]: ACCESSKEY
AWS Secret Access Key [None]: SECRETKEY
Default region name [None]: REGIONNAME
Default output format [None]: text | table | json

對於AWS訪問密鑰ID和密鑰,請在AWS控制台中創建IAM用戶並為其生成密鑰。

Region將是eu-west-1us-east-1 格式的命令的默認區域。

默認輸出格式可以是texttablejson

您現在可以使用--profile 選項在其他命令中使用配置文件名稱,例如:

$ aws ec2 describe-instances --profile myprofile

其他語言的AWS庫(例如Ruby的aws-sdk 或Python的boto3 )也可以選擇使用您使用此方法創建的配置文件。例如,在boto3 創建一個新會話可以這樣做, boto3.Session(profile_name:'myprofile') ,它將使用您為配置文件創建的憑據。

您可以在~/.aws/config~/.aws/credentials (在linux和mac-os上)找到aws-cli配置的詳細信息。可以從那里手動編輯這些細節。

安裝和設置

在您的計算機上安裝AWS CLI有多種不同的方法,具體取決於您使用的操作系統和環境:

在Microsoft Windows上 - 使用MSI安裝程序。在Linux,OS X或Unix上 - 使用pip(Python軟件包管理器)或使用捆綁安裝程序手動安裝。

使用pip安裝:

你需要安裝python(版本2,2.6.5 +,3或3.3+)。檢查

python --version

pip --help
 

鑑於已安裝這兩個,請使用以下命令安裝aws cli。

sudo pip install awscli
 

在Windows上安裝 Microsoft Windows XP或更高版本支持AWS CLI。對於Windows用戶,MSI安裝包提供了一種熟悉且方便的方式來安裝AWS CLI,而無需安裝任何其他先決條件。 Windows用戶應該使用MSI安裝程序,除非他們已經使用pip進行包管理。

運行下載的MSI安裝程序。按照顯示的說明進行操作。

使用捆綁的安裝程序安裝AWS CLI

先決條件:

  • Linux,OS X或Unix
  • Python 2版本2.6.5+或Python 3版本3.3+
  1. 使用wget或curl下載AWS CLI捆綁安裝程序。

  2. 解壓縮包。

  3. 運行安裝可執行文件。

在Linux和OS X上,以下是與每個步驟對應的三個命令:

$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
$ unzip awscli-bundle.zip
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
 

在OS X上使用HomeBrew安裝:

OS X的另一個選擇

brew install awscli
 

測試AWS CLI安裝

通過查看幫助文件確認CLI已正確安裝。打開終端,shell或命令提示符,輸入aws help並按Enter鍵:

$ aws help
 

配置AWS CLI

完成安裝後,需要對其進行配置。您需要在aws上創建帳戶時獲得的訪問密鑰和密鑰。您還可以指定默認區域名稱和默認輸出類型(text | table | json)。

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: ENTER
 

更新CLI工具

亞馬遜定期發布新版AWS工具。如果使用Python Pip工具安裝該工具,則以下命令將檢查遠程存儲庫中的更新,並將其應用於本地系統。

$ pip install awscli --upgrade
 

列出S3存儲桶

aws s3 ls
 

使用命名的配置文件

aws --profile myprofile s3 ls
 

列出存儲桶中的所有對象,包括文件夾中的對象,其大小為人類可讀的格式,最後是存儲桶屬性的摘要 -

aws s3 ls --recursive --summarize --human-readable s3://<bucket_name>/
 

使用aws cli命令

使用aws cli的語法如下:

aws [options] <command> <subcommand> [parameters]
 

使用'ec2'命令和'describe-instances'子命令的一些示例:

aws ec2 describe-instances

aws ec2 describe-instances --instance-ids <your-id>
 

假身份證的示例:

aws ec2 describe-instances --instance-ids i-c71r246a