AWS CLI is a tool that pulls all the AWS services together in one central console, giving you easy control of multiple AWS services with a single tool. The acronym stands for Amazon Web Services Command Line Interface because, as its name suggests, users operate it from the command line. With it, you can control services manually or automate them with powerful scripts.
How It Works
AWS is a secure cloud services platform that offers computing power, content delivery, database storage, and other infrastructure services for developers. Proponents point to its speed, flexible pricing, exemplary customer service, and a huge variety of services as benefits. The AWS CLI puts the icing on the cake by tying control of all those services together into one simple command line interface. It cuts out the user-friendly (but time-consuming, according to some) step of interacting with the system through a Graphical User Interface (GUI).
How to Install AWS CLI
You can install the tool by downloading it from the AWS CLI resource page at Amazon. The page has download options for Windows, Mac, and Linux installations. It also has a beginner's guide, a comprehensive reference manual, a user forum and a link to the GitHub project. Here are the install tools offered by Amazon:
- Windows 64-bit download
- Windows 32-bit download
- Chocolately: choco awscli
- Mac and Linux download (requires Python 2.6.5 or greater)
- Pip install link
- Getting started guide
- CLI Reference from Amazon
- GitHub project
- User forum
To install AWS CLI, users sign up for an AWS account, get an access key ID and secret access key, then pick a (very simple!) install method depending on their system and software.
Those with a pip/Python system can simply run:
$ pip install --upgrade - user awscli
Amazon's install documentation here also explains options to install Python/pip/CLI on Linux, and how to install AWS CLI on MS Windows, macOS, or in a virtual environment. There's also an option to install the tool with the Bundled Installer for Linux, Unix, or macOS. Overall, the install steps are as simple as downloading the archive, unpacking it, running the (short) install script and checking your work. There's a great example tutorial here.
The following examples show the interface in action performing various tasks and demonstrate how powerful it can be.
Deleting an S3 Bucket
The Amazon S3 service is Amazon's Simple Storage Device. It provides basic online data storage in a pay-for-what-you-use plan. The data are stored in buckets. When using the standard GUI, deleting a bucket with several files and folders can be somewhat time-consuming. By using the AWS CLI, you can perform this task in just a few seconds with a single command:
$ aws s3 rb s3://bucket-name --force
Creating EC2 Instances
Amazon Elastic Compute Cloud or EC2 is an Amazon web service that delivers simple web-scale cloud computing for developers. The example below shows how the command line tool makes it easy to start multiple EC2 instances.
$ aws ec2 start-instances --instance-ids i-4j3423ie i-32u89uf2
List All Stopped EC2 Instances and Show Why Each One Stopped
When you're managing several EC2 instances, listing instances that have stopped and showing reasons for each can be a little problematical with the standard GUI. The example below shows how to use AWS CLI (and jq) to do this easily:
aws ec2 describe-instances --filters Name=instance-state-name,Values=stopped --region eu-west-1 --output json | jq -r .Reservations.Instances .StateReason.Message
Benefits of AWS CLI
One of the main benefits is the ability to save substantial time. The savings comes in the form of easier installs, support of all services from one tool, moving beyond GUIs, and automating processes and commands with shell scripting.
- Easier to install. Installing previous toolkits like the old AWS EC2 API toolkit took several steps and forced the user to set up multiple environment variables. There were plenty of places to make a wrong move and bork the install. One huge benefit of AWS CLI is that installation is smooth, quick, simple, and standardized.
- Supports all Amazon Web Services. Previously, you needed a dedicated CLI tool for just the EC2 service. It worked well, but it didn't let users control other Amazon Web Services, like for instance the AWS RDS (Relational Database Service). The AWS CLI, by contrast, lets you control the services from one simple tool.
- Saves time. GUIs are great when you're just learning the ropes of a system. Once you get up and running, the user-friendly graphical interface tools start to stand in your way. Most users find it faster and easier to use the AWS CLI once they reach a certain level of proficiency.
- Scripting. The ability to automate control of all Amazon's web services with scripts is possibly the biggest benefit. Partial task automation can free developers from needing to log into the AWS Management Console. Shell scripts make it easy to fully automate cloud infrastructure.
Since the interface is a controller for all of Amazon's web services, best practices for using it well are largely the same as those for AWS as a whole. Amazon has produced an avalanche of good documentation on its best practices that could fill a mass market paperback. The list contains best practices for architecting, web app hosting, security, email, IAM, DynamoDB, EC2, and Trusted Advisor. Below is a list of the top five best practices from programmer analyst Michael Sheehy.
- Protect your credentials. With great power comes great responsibility. The command line interface makes everything easier for managing Amazon Web Services for hackers as well as white hat users. Never use root accounts for day to day interactions. Don't generate a root access key for your AWS root account.
- Secure your applications. Only allow app-layer access to your database layer. Allow outside-world connections only where it's absolutely necessary and deny all other internet traffic.
- Backup early, backup often. Use Amazon EBS snapshots to back up your instance regularly. Test recovery resources before an emergency happens. Here's Amazon's documentation on how to automate backups.
- Use the Trusted Advisor. Amazon calls Trusted Advisor "your customized cloud expert!" It actually analyzes your AWS environment, helping you to adhere to best practices. The Trusted Advisor looks for ways to save money, close security gaps, and improve system reliability and performance. You can access Trusted Advisor from the AWS command line interface to check service limits, for example.
- Understand the Shared Responsibility Model. Users manage things like their own data, operating system, and security. Amazon is responsible for infrastructure and services. This is true whether you're using the standard GUI or the simpler, faster command line interface.
Additional Resources and Tutorials
For additional info and help with the interface, see the short list of resources below.
The Amazon Web Services Command Line Interface is a powerful tool to help you manage powerful cloud services. But Amazon isn't the only cloud service around; if you're on the fence about cloud providers, check out our Azure vs. AWS comparison. In this post, we offer a few additional points to consider and make the case for not putting all your eggs in one basket.