mauvehed.com / dotfiles
mauvehed's dotfiles for personal and work environments
fork atom
dotfiles / docs / aws-usage.md
at main 105 lines 3.7 kB view raw view rendered
1# AWS Usage 2 3This document provides an overview of using Amazon Web Services (AWS) tools, primarily the AWS Command Line Interface (CLI), within this dotfiles setup. 4 5## Overview 6 7The AWS CLI is a unified tool to manage your AWS services. This guide covers basic configuration and common commands. 8 9## Prerequisites 10 11* **AWS Account**: An active AWS account. 12* **AWS CLI Installed**: The AWS CLI is typically installed via Homebrew as part of the `chezmoi` setup if specified in your configurations. 13 ```sh 14 brew install awscli 15 ``` 16* **Configured Credentials**: AWS CLI needs credentials to interact with your AWS account. These are typically stored in `~/.aws/credentials` and `~/.aws/config`. 17 * **Security Note**: It is highly recommended to manage AWS credentials securely, for example, by storing them in 1Password and having `chezmoi` templates populate the AWS configuration files, or by using a tool like `aws-vault`. 18 19## Configuration 20 21AWS CLI configuration can be managed via `aws configure` or by directly editing the files: 22 23* `~/.aws/config`: Stores default region, output format, and named profiles. 24* `~/.aws/credentials`: Stores AWS access keys for different profiles. 25 26### Example `~/.aws/config`: 27```ini 28[default] 29region = us-east-1 30output = json 31 32[profile my-other-profile] 33region = us-west-2 34output = text 35``` 36 37### Example `~/.aws/credentials` (managed via 1Password/`chezmoi` or `aws-vault`): 38```ini 39[default] 40aws_access_key_id = YOUR_ACCESS_KEY_ID_DEFAULT 41aws_secret_access_key = YOUR_SECRET_ACCESS_KEY_DEFAULT 42 43[profile my-other-profile] 44aws_access_key_id = YOUR_ACCESS_KEY_ID_OTHER 45aws_secret_access_key = YOUR_SECRET_ACCESS_KEY_OTHER 46``` 47 48Refer to `docs/1password-usage.md` for guidance on storing these credentials in 1Password and using `chezmoi` templates. 49 50## `aws-vault` (Recommended for Enhanced Security) 51 52[aws-vault](https://github.com/99designs/aws-vault) is a tool to securely store and access AWS credentials in your operating system's keystore. It helps in avoiding storing AWS credentials in plaintext files. 53 54### Installation (if not managed by `chezmoi`): 55```sh 56brew install aws-vault 57``` 58 59### Basic Usage: 60 611. **Add credentials to `aws-vault`**: 62 ```sh 63 aws-vault add my-profile 64 ``` 65 (This will prompt for your access key ID and secret access key) 66 672. **Execute commands using a profile**: 68 ```sh 69 aws-vault exec my-profile -- aws s3 ls 70 ``` 71 72## Common AWS CLI Commands 73 74Replace `my-profile` with your desired AWS profile if not using `default`. 75 76* **List S3 Buckets**: 77 ```sh 78 aws s3 ls --profile my-profile 79 # Using aws-vault: 80 # aws-vault exec my-profile -- aws s3 ls 81 ``` 82 83* **List EC2 Instances**: 84 ```sh 85 aws ec2 describe-instances --profile my-profile 86 # Using aws-vault: 87 # aws-vault exec my-profile -- aws ec2 describe-instances 88 ``` 89 90* **Get Caller Identity (useful for verifying current credentials)**: 91 ```sh 92 aws sts get-caller-identity --profile my-profile 93 # Using aws-vault: 94 # aws-vault exec my-profile -- aws sts get-caller-identity 95 ``` 96 97## Resources 98 99* **Official AWS CLI Documentation**: 100 * [AWS CLI User Guide](https://docs.aws.amazon.com/cli/latest/userguide/) 101 * [AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html) 102* **`aws-vault` GitHub Repository**: [https://github.com/99designs/aws-vault](https://github.com/99designs/aws-vault) 103* **1Password Documentation**: Refer to `docs/1password-usage.md` for managing secrets. 104 105This document is a starting point. Please refer to the official documentation for comprehensive information.