Skip to main content

Universal Command Line Environment for AWS.

Project description

Build Status

This package provides a unified command line interface to Amazon Web Services.

The aws-cli package works on Python versions:

  • 3.8.x

  • 3.9.x

  • 3.10.x

  • 3.11.x

Notices

On 2024-06-20, support for macOS versions 10.14 and prior will be dropped. To avoid disruption, customers using macOS 10.14 or prior should upgrade to macOS 10.15 or later. For more information, please see this blog post.

Installation

AWS CLI v2 can easily be installed on most standard platforms:

You can find more detailed installation instructions here.

If you want to run the v2 development branch of the CLI, see the “CLI Dev Version” section below.

CLI Releases

The release notes for the AWS CLI can be found here.

Command Completion

The aws-cli package includes a very useful command completion feature. This feature is not automatically installed so you need to configure it manually. To enable tab completion for bash either use the built-in command complete:

$ complete -C aws_completer aws

Or add bin/aws_bash_completer file under /etc/bash_completion.d, /usr/local/etc/bash_completion.d or any other bash_completion.d location.

For tcsh:

$ complete aws 'p/*/`aws_completer`/'

You should add this to your startup scripts to enable it for future sessions.

For zsh please refer to bin/aws_zsh_completer.sh. Source that file, e.g. from your ~/.zshrc, and make sure you run compinit before:

$ source bin/aws_zsh_completer.sh

For now the bash compatibility auto completion (bashcompinit) is used. For further details please refer to the top of bin/aws_zsh_completer.sh.

Getting Started

Before using aws-cli, you need to tell it about your AWS credentials. You can do this in several ways:

  • Environment variables

  • Shared credentials file

  • Config file

  • IAM Role

The quickest way to get started is to run the aws configure command:

$ aws configure
AWS Access Key ID: foo
AWS Secret Access Key: bar
Default region name [us-west-2]: us-west-2
Default output format [None]: json

To use environment variables, do the following:

$ export AWS_ACCESS_KEY_ID=<access_key>
$ export AWS_SECRET_ACCESS_KEY=<secret_key>

To use the shared credentials file, create an INI formatted file like this:

[default]
aws_access_key_id=foo
aws_secret_access_key=bar

[testing]
aws_access_key_id=foo
aws_secret_access_key=bar

and place it in ~/.aws/credentials (or in %UserProfile%\.aws/credentials on Windows). If you wish to place the shared credentials file in a different location than the one specified above, you need to tell aws-cli where to find it. Do this by setting the appropriate environment variable:

$ export AWS_SHARED_CREDENTIALS_FILE=/path/to/shared_credentials_file

To use a config file, create a configuration file like this:

[default]
aws_access_key_id=<default access key>
aws_secret_access_key=<default secret key>
# Optional, to define default region for this profile.
region=us-west-1

[profile testing]
aws_access_key_id=<testing access key>
aws_secret_access_key=<testing secret key>
region=us-west-2

and place it in ~/.aws/config (or in %UserProfile%\.aws\config on Windows). If you wish to place the config file in a different location than the one specified above, you need to tell aws-cli where to find it. Do this by setting the appropriate environment variable:

$ export AWS_CONFIG_FILE=/path/to/config_file

As you can see, you can have multiple profiles defined in both the shared credentials file and the configuration file. You can then specify which profile to use by using the --profile option. If no profile is specified the default profile is used.

In the config file, except for the default profile, you must prefix each config section of a profile group with profile. For example, if you have a profile named “testing” the section header would be [profile testing].

The final option for credentials is highly recommended if you are using aws-cli on an EC2 instance. IAM Roles are a great way to have credentials installed automatically on your instance. If you are using IAM Roles, aws-cli will find them and use them automatically.

Other Configurable Variables

In addition to credentials, a number of other variables can be configured either with environment variables, configuration file entries or both. The following table documents these.

Variable

Option

Config Entry

Environment Variable

Description

profile

–profile

profile

AWS_PROFILE

Default profile name

region

–region

region

AWS_DEFAULT_REGION

Default AWS Region

config_file

AWS_CONFIG_FILE

Alternate location of config

credentials_file

AWS_SHARED_CREDENTIALS_FILE

Alternate location of credentials

output

–output

output

AWS_DEFAULT_OUTPUT

Default output style

ca_bundle

–ca-bundle

ca_bundle

AWS_CA_BUNDLE

CA Certificate Bundle

access_key

aws_access_key_id

AWS_ACCESS_KEY_ID

AWS Access Key

secret_key

aws_secret_access_key

AWS_SECRET_ACCESS_KEY

AWS Secret Key

token

aws_session_token

AWS_SESSION_TOKEN

AWS Token (temp credentials)

cli_timestamp_format

cli_timestamp_format

Output format of timestamps

metadata_service_timeout

metadata_service_timeout

AWS_METADATA_SERVICE_TIMEOUT

EC2 metadata timeout

metadata_service_num_attempts

metadata_service_num_attempts

AWS_METADATA_SERVICE_NUM_ATTEMPTS

EC2 metadata retry count

parameter_validation

parameter_validation

Toggles local parameter validation

Examples

If you get tired of specifying a --region option on the command line all of the time, you can specify a default region to use whenever no explicit --region option is included using the region variable. To specify this using an environment variable:

$ export AWS_DEFAULT_REGION=us-west-2

To include it in your config file:

[default]
aws_access_key_id=<default access key>
aws_secret_access_key=<default secret key>
region=us-west-1

Similarly, the profile variable can be used to specify which profile to use if one is not explicitly specified on the command line via the --profile option. To set this via environment variable:

$ export AWS_PROFILE=testing

The profile variable can not be specified in the configuration file since it would have to be associated with a profile and would defeat the purpose.

Further Information

For more information about configuration options, please refer the AWS CLI Configuration Variables topic. You can access this topic from the CLI as well by running aws help config-vars.

Accessing Services With Global Endpoints

Some services, such as AWS Identity and Access Management (IAM) have a single, global endpoint rather than different endpoints for each region.

To make access to these services simpler, aws-cli will automatically use the global endpoint unless you explicitly supply a region (using the --region option) or a profile (using the --profile option). Therefore, the following:

$ aws iam list-users

will automatically use the global endpoint for the IAM service regardless of the value of the AWS_DEFAULT_REGION environment variable or the region variable specified in your profile.

JSON Parameter Input

Many options that need to be provided are simple string or numeric values. However, some operations require JSON data structures as input parameters either on the command line or in files.

For example, consider the command to authorize access to an EC2 security group. In this case, we will add ingress access to port 22 for all IP addresses:

$ aws ec2 authorize-security-group-ingress --group-name MySecurityGroup \
  --ip-permissions '{"FromPort":22,"ToPort":22,"IpProtocol":"tcp","IpRanges":[{"CidrIp": "0.0.0.0/0"}]}'

File-based Parameter Input

Some parameter values are so large or so complex that it would be easier to place the parameter value in a file and refer to that file rather than entering the value directly on the command line.

Let’s use the authorize-security-group-ingress command shown above. Rather than provide the value of the --ip-permissions parameter directly in the command, you could first store the values in a file. Let’s call the file ip_perms.json:

{"FromPort":22,
 "ToPort":22,
 "IpProtocol":"tcp",
 "IpRanges":[{"CidrIp":"0.0.0.0/0"}]}

Then, we could make the same call as above like this:

$ aws ec2 authorize-security-group-ingress --group-name MySecurityGroup \
    --ip-permissions file://ip_perms.json

The file:// prefix on the parameter value signals that the parameter value is actually a reference to a file that contains the actual parameter value. aws-cli will open the file, read the value and use that value as the parameter value.

This is also useful when the parameter is really referring to file-based data. For example, the --user-data option of the aws ec2 run-instances command or the --public-key-material parameter of the aws ec2 import-key-pair command.

Command Output

The default output for commands is currently JSON. You can use the --query option to extract the output elements from this JSON document. For more information on the expression language used for the --query argument, you can read the JMESPath Tutorial.

Examples

Get a list of IAM user names:

$ aws iam list-users --query Users[].UserName

Get a list of key names and their sizes in an S3 bucket:

$ aws s3api list-objects --bucket b --query Contents[].[Key,Size]

Get a list of all EC2 instances and include their Instance ID, State Name, and their Name (if they’ve been tagged with a Name):

$ aws ec2 describe-instances --query \
  'Reservations[].Instances[].[InstanceId,State.Name,Tags[?Key==`Name`] | [0].Value]'

You may also find the jq tool useful in processing the JSON output for other uses.

There is also an ASCII table format available. You can select this style with the --output table option or you can make this style your default output style via environment variable or config file entry as described above. Try adding --output table to the above commands.

CLI Dev Version

If you are just interested in using the latest released version of the AWS CLI, please see the Installation section above. This section is for anyone who wants to install the development version of the CLI. You normally would not need to do this unless:

  • You are developing a feature for the CLI and plan on submitting a Pull Request.

  • You want to test the latest changes of the CLI before they make it into an official release.

The latest changes to the CLI are in the v2 branch on github. This is NOT the default branch when you clone the git repository, so you’ll need to make sure you git checkout v2.

If you just want to install a snapshot of the latest development version of the CLI, you can use the requirements.txt file included in this repo. This file points to the development version of our dependencies:

$ cd <path_to_awscli> && git checkout v2
$ pip install -r requirements.txt
$ pip install -e .

Verify that the AWS CLI is correctly installed. Note that the word source should appear in the output:

$ aws --version
aws-cli/2.2.30 Python/3.8.11 Darwin/20.4.0 source/x86_64 prompt/off

Generate the autocompletion index:

$ ./scripts/gen-ac-index --include-builtin-index

Verify the autocompletion index is generated by entering auto-prompt mode:

$ aws --cli-auto-prompt

Getting Help

The best way to interact with our team is through GitHub. You can open an issue and choose from one of our templates for guidance, bug reports, or feature requests.

You may find help from the community on Stack Overflow with the tag aws-cli or on the AWS Discussion Forum for CLI. If you have a support plan with AWS Premium Support, you can also create a new support case.

Please check for open similar issues before opening another one.

The AWS CLI implements AWS service APIs. For general issues regarding the services or their limitations, you may find the Amazon Web Services Discussion Forums helpful.

More Resources

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cpgaws-2.15.19.tar.gz (14.8 MB view details)

Uploaded Source

Built Distribution

cpgaws-2.15.19-py3-none-any.whl (15.0 MB view details)

Uploaded Python 3

File details

Details for the file cpgaws-2.15.19.tar.gz.

File metadata

  • Download URL: cpgaws-2.15.19.tar.gz
  • Upload date:
  • Size: 14.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.31.0

File hashes

Hashes for cpgaws-2.15.19.tar.gz
Algorithm Hash digest
SHA256 6957e5d1cb32a0bfe340f7dfb0bb44bc89de76759aafeea5337c46aab56896f8
MD5 9b8b0fbcc9571b16661d06585fe2437c
BLAKE2b-256 cab91a3dd14189bee57cccbc8526f7d24c9040ed047d4f537996baf39e72d3ff

See more details on using hashes here.

File details

Details for the file cpgaws-2.15.19-py3-none-any.whl.

File metadata

  • Download URL: cpgaws-2.15.19-py3-none-any.whl
  • Upload date:
  • Size: 15.0 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.31.0

File hashes

Hashes for cpgaws-2.15.19-py3-none-any.whl
Algorithm Hash digest
SHA256 28ee5954f995d8370c4abd1c5a1710d45809a7ae71e4c5ad4c2023959b7e0680
MD5 f31dd279369e211e92921fb9eb808a0f
BLAKE2b-256 c78e6ebabeb91ea6d29d437d8a6ce8ac0775b94d3633aadce5332f1f9ad7da66

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page