AWS Usage#

This document provides an overview of using Amazon Web Services (AWS) tools, primarily the AWS Command Line Interface (CLI), within this dotfiles setup.

Overview#

The AWS CLI is a unified tool to manage your AWS services. This guide covers basic configuration and common commands.

Prerequisites#

• AWS Account: An active AWS account.
• AWS CLI Installed: The AWS CLI is typically installed via Homebrew as part of the chezmoi setup if specified in your configurations.

  brew install awscli
  

• Configured Credentials: AWS CLI needs credentials to interact with your AWS account. These are typically stored in ~/.aws/credentials and ~/.aws/config.
  • Security Note: It is highly recommended to manage AWS credentials securely, for example, by storing them in 1Password and having chezmoi templates populate the AWS configuration files, or by using a tool like aws-vault.

Configuration#

AWS CLI configuration can be managed via aws configure or by directly editing the files:

• ~/.aws/config: Stores default region, output format, and named profiles.
• ~/.aws/credentials: Stores AWS access keys for different profiles.

Example ~/.aws/config:#

[default]
region = us-east-1
output = json

[profile my-other-profile]
region = us-west-2
output = text

Example ~/.aws/credentials (managed via 1Password/chezmoi or aws-vault):#

[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID_DEFAULT
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY_DEFAULT

[profile my-other-profile]
aws_access_key_id = YOUR_ACCESS_KEY_ID_OTHER
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY_OTHER

Refer to docs/1password-usage.md for guidance on storing these credentials in 1Password and using chezmoi templates.

aws-vault (Recommended for Enhanced Security)#

aws-vault is a tool to securely store and access AWS credentials in your operating system's keystore. It helps in avoiding storing AWS credentials in plaintext files.

Installation (if not managed by chezmoi):#

brew install aws-vault

Basic Usage:#

1. Add credentials to aws-vault:

   aws-vault add my-profile
   

   (This will prompt for your access key ID and secret access key)

2. Execute commands using a profile:

   aws-vault exec my-profile -- aws s3 ls
   

Common AWS CLI Commands#

Replace my-profile with your desired AWS profile if not using default.

• List S3 Buckets:

  aws s3 ls --profile my-profile
  # Using aws-vault:
  # aws-vault exec my-profile -- aws s3 ls
  

• List EC2 Instances:

  aws ec2 describe-instances --profile my-profile
  # Using aws-vault:
  # aws-vault exec my-profile -- aws ec2 describe-instances
  

• Get Caller Identity (useful for verifying current credentials):

  aws sts get-caller-identity --profile my-profile
  # Using aws-vault:
  # aws-vault exec my-profile -- aws sts get-caller-identity
  

Resources#

• Official AWS CLI Documentation:
  • AWS CLI User Guide
  • AWS CLI Command Reference
• aws-vault GitHub Repository: https://github.com/99designs/aws-vault
• 1Password Documentation: Refer to docs/1password-usage.md for managing secrets.

This document is a starting point. Please refer to the official documentation for comprehensive information.