Setup and configure Amazon Web Service(AWS) Command Line Interface(CLI) on Linux Server
We'll go through how to install and configure the AWS CLI on a Linux server so you can access AWS resources on your deployed applications
The AWS Command Line Interface(CLI) allows you to access the AWS services via user policies and permissions instead of using standard tokens for access. This provides an extra layer of security where you can customise permissions and access for a specific user within AWS and then use that user and it’s custom permissions to access only the services required for your running application.
In this post we will go through how to install and connect to a pre-configured aws user account that has policies already applied to it.
Contents:
Prerequisites
AWS account, user and policies
This guide assumes that you have already created an AWS account, Policies and attached them to a User. If you haven’t done that yet, I have a short guide on the steps to create policies for a user and creating a new user to that group.
It does focus on AWS S3 storage access policies, but the concept for creating policies, groups and users is generally the same. you can find it below:
Online linux server setup
This guide also assumes that you have a linux server setup already to apply this to. This can be done on your own machine, in a docker container, or you can setup one quickly online for example through something like a Digitalocean Droplet.
I did a guide on setting up a droplet for a Microsoft SQL Server that would suffice for installing the aws cli to, you can find that below:
And if not, you can just go to Digitalocean and create a fresh Ubuntu Droplet, connect to it and follow along.
Login and connect to Digitalocean: https://www.digitalocean.com/
Go to Droplets
Select Create droplet
Leave most as default and make sure:
Choose an image - Ubuntu OS is selected
Droplet Type - Basic plan
CPU options - Regular is selected and the lowest cost
Choose Authentication Method - Select SSH Key and make sure you choose the key to use
Update the Hostname (optional)
Click Create Droplet
SSH into your server
The first thing you need to do is open a Terminal window and SSH into your server to access it as the root user so you have full admin privileges.
This depends on where your server is located and what SSH key (and yes, you should be using SSH keys and not passwords to connect via SSH) you use.
If you have the standard SSH key pair setup then you should be able to connect with the standard:
ssh root@{ip-address-of-server}
However if you use an SSH key that is different to the normal naming convention or is placed in a different location, then you need to specify the location of the key file:
ssh -i /path/to/key/on/your/machine root@{ip-address-of-server}
If you’re using a service like Digitalocean, then you can also just click on the Browser Console in the dashboard that they ave available.
Now this should start you in the server, and you can tell as the command line will be waiting for input but have.
Installing the AWS CLI
So now we’re in the CLI, we need to download the required dependencies and install them.
To get started, the aws cli is going to download as a zip file format, so if we don’t have anything that can unzip it installed already, we need to grab something for the unzip process… which we can use the package called unzip.
So, let’s install it:
sudo apt update
sudo apt install unzipThis will install unzip so we can use it for the aws zip file.
Now let;s get the zip file
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"This will get the file and download it to whichever folder location you’re currently in, if you haven’t changed out of the current directory and following this exactly, you’re most likely still within the ~/ or Home directory location.
Then we need to extract the contents of the zip file and run the installer:
unzip awscliv2.zip
sudo ./aws/installThis will unzip the contents and then run it, and now it’s installed we can clean up and delete those files with don’t need anymore:
rm -r aws
rm awscliv2.zipAnd to verify you have it installed you can run: aws —version
and it will display the version details of the aws cli:
aws-cli/2.15.38 Python/3.11.8 Linux/6.5.0-9-generic exe/x86_64.ubuntu.23 prompt/off… if it doesn’t then it has not been installed and you should try again or review any errors that pop up.
Configure AWS CLI
This is pretty straight forward, assuming you have attained the access key and the secret access key from the AWS User you are going to be using.
If you haven’t set this up yet, you can follow this guide that I mentioned in the Prerequisites:
Otherwise, if you have both keys AND the AWS Region that you’re using we can progress.
*NOTE: This configuration is user specific, so if you have another user on your server that is going to be used for interacting with AWS, then login to that user and then do the configuration… it’s recommended that you DO NOT use the root user for these services and use a non-sudo user for it
To setup the configuration setup, simply enter:
aws configureThis will open the prompts to enter:
AWS Access Key
AWS Secret Access Key
AWS Region
Default output format (can skip this for now - just enter past this)
This should now be configured with the user profile and it’s permissions for AWS and when using any aws cli commands in your application on the server as this user, it will be able to access AWS with these policies applied.
If you want to check the user or that it’s configured with a user, you can enter the command below in the CLI and it will output the current user profile:
aws sts get-caller-identityConclusion
Now we have successfully installed and configured the AWS CLI to run on your Linux based server with an attached User Profile. Hopefully you have it all configured with the correct policies within AWS to limit the access it has.
But now your applications on the server can interact with the AWS services via that profile.
Happy building and catch you next time :)