Computer scienceSystem administration and DevOpsAmazon Web ServicesAWS Basics

AWS Power Tools: CLI & SDKs

Provided by: JetBrains Academy
9 minutes read

AWS offers several tools you can use for managing your cloud services. You already know about the console and have explored its easy-to-use interface. As you deal with more complex tasks, you'll often use the CLI and SDKs. These power tools let you access AWS services using text commands, which simplifies interaction with AWS and allows for automation. Plus, it's easier to integrate your applications with cloud services. But before you can use these tools, you need to set them up.

Installing the CLI

The AWS CLI allows you to interact with AWS services using text commands. These text commands can be executed using the AWS CloudShell from the console, or you can install it on your computer. Whether you are using Windows, Linux, or macOS, you can install and use the CLI. Let's see how you can install it on these OSes.

The steps vary based on your operating system. On Windows, you can download the installer, run it, and follow the instructions to set up the CLI. Alternatively, run the following command in Windows Command Prompt or PowerShell: msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi. Follow the instructions to complete the installation or add a /qn flag in the command to install in the background.

For Linux, you need to run these commands in a terminal:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Make sure you have curl and unzip installed before running these commands. Use sudo apt-get install curl unzip to install them.

On macOS, an easy way to install the CLI is by using the terminal with these commands:

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg ./AWSCLIV2.pkg -target /

After installation, you can start using AWS commands to manage services. To check if the CLI is installed, run aws --version in your shell. You should see something like this:

$ aws --version
aws-cli/2.13.32 Python/3.11.6 Windows/10 exe/AMD64 prompt/off #Windows
aws-cli/2.13.32 Python/3.11.6 Linux/6.1.0-17-amd64 exe/x86_64.debian.12 prompt/off #Linux (Debian)

If you find it hard to install the CLI, look at the documentation for other ways to do it.

AWS SDKs

The AWS Software Development Kit (SDK) lets developers interact with AWS services programmatically from their chosen programming environment. It works with many programming languages like Java, Python (Boto3), Javascript, Node.js, .NET, Go, C++, and more. This makes it easy for programmers to integrate AWS services into their apps. In fact, the AWS CLI uses Boto3, the AWS SDK for Python!

To start, you install the SDK that matches the programming language you use. For example, to install the Python SDK (boto3), you would use Python's package managers: pip or conda. On Windows, you can run python -m pip install boto3 to install it. You need to have Python installed for this to work. Since each SDK has a different setup, look at the AWS documentation for how to install the SDK you want.

Using SDKs usually involves setting up a client or resource object to work with AWS services. For example, you can list all S3 buckets in your account with these commands using boto3:

import boto3
s3 = boto3.resource('s3')

for bucket in s3.buckets.all():
    print(bucket.name)

It is very important to test your code well to make sure it works as expected. Developers often use mock libraries and environments (like Python's Moto library and Localstack) to simulate the AWS environment. This allows them to try out their commands in a safe place and ensure everything works before using it in their actual AWS account.

Configuring credentials

Now that you have installed the CLI and SDKs, you must be authenticated and authorized to access AWS services. AWS provides various authentication methods:

  • Using access keys for IAM users;
  • Using AWS IAM roles with EC2 instance profiles;
  • Using short-term tokens from AWS IAM Identity Center;

The easiest way to set up is to use access keys for an IAM user who has the permissions you need. After you generate access keys for that user, make sure you copy the access key ID and the secret access key. Keep in mind that you can only see the secret access key when you create the access key. Then, go to your command prompt, PowerShell, or terminal and run aws configure. You'll be prompted to enter the access key ID, the secret access key, the default region, and the output format:

$ aws configure
AWS Access Key ID: your access key ID
AWS Secret Access Key: your secret access key
Default region name: an AWS region like us-east-1
Default output format: either table, json, text, or yaml

Once you finish these steps, your credentials and configuration will be saved in two local files at these locations:

  • ~/.aws/credentials and ~/.aws/config on Linux and macOS;
  • %UserProfile%\.aws\credentials and %UserProfile%\.aws\config on Windows;

You can also use these environment variables to pass credentials to your code: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and if needed, AWS_SESSION_TOKEN for temporary credentials. For safety, you should manage these variables in a secure storage system like AWS Secrets Manager or as secrets on GitHub. This emits the need to embed credentials in code or store them unencrypted in local files.

Furthermore, you can store several named profiles for different users with different permissions. You can either directly change the credentials file with a text editor or use the aws configure command with the --profile option to create a named profile:

aws configure --profile hyperprofile

To use a named profile, specify it by adding --profile <profilename> to your commands. Check if your credentials work with the following command:

$ aws sts get-caller-identity --profile hyperprofile

If your credentials are wrong, you will receive an error. Otherwise, the command returns your user's details:

{
    "UserId": "ASIARWU888MM7EXAMPLE",
    "Account": "123456789012",
    "Arn": "arn:aws:sts::123456789012:federated-user/Hyperuser"
}

However, keeping credentials on your local machine can be risky. To enhance security, it's a good idea to:

  • Delete and create new access keys often, and rerun aws configure with the new keys;
  • Use IAM roles with EC2 instance profiles;
  • Pass credentials as environment variables rather than embedding them directly in the code;
  • Use the IAM Identity Center service, which will automatically update authentication tokens for you during a session; you can check the AWS documentation to learn more about this setup;
  • Enforce the principle of least privilege and use MFA;

Remember that the account whose credentials you're using must have the right permissions for what you intend to do!

Pros and cons

You get many benefits from using these power tools. They allow fast and scriptable actions that are much quicker than the console. Through the CLI and SDKs, developers and administrators can:

  • Automate tasks like backups, starting or stopping instances, and managing resources;
  • Bring the power of AWS to their apps by integrating AWS services;
  • Create, configure, and delete resources in bulk thus saving time, increasing consistency, and reducing errors;
  • Write code that triggers AWS Lambda functions in response to events and perform various actions;
  • Port and reuse the same commands across different platforms, projects, or teams;

There are downsides too:

  • Learning to use them can be challenging, especially for those unfamiliar with command-line interfaces or programming;
  • Errors could cause big problems, like deleting important resources by mistake;
  • SDKs might make an application's code more complex with additional dependencies and the need for error handling;

Conclusion

Mastering the AWS Command Line Interface (CLI) and Software Development Kits (SDKs) can make you more productive in AWS. They help you do things faster by automating tasks, integrating cloud features into your apps, and handling many jobs at the same time. To start using these tools, you need to install them and set up your credentials. It may take some time to learn how to use them, but once you do, you can tackle complex tasks with just a few commands or lines of code.

However, you should be careful while using these tools. Even a small mistake can lead to big issues. So, make sure you understand the AWS commands and SDKs you are using and check your work carefully. Testing your code well is crucial to ensure it works as expected and to find problems early. You can use mock libraries and environments to prevent affecting your actual AWS setup.

Also, following security best practices in managing your credentials is essential. This helps prevent others from accessing your resources, which could cause serious damage. You can pass your credentials as environment variables managed by a secure secrets management system. When used correctly and securely, these power tools can be very helpful in managing your cloud resources.

5 learners liked this piece of theory. 0 didn't like it. What about you?
Report a typo