Mar 30, 2018 - Easy guide to install AWS CLI on Linux systems. AWS CLI is command line interface used for administration of Amazon Web Services.
You can install the AWS Command Line Interface (AWS CLI) and its dependencies on most Linux distributions by using pip
, a package manager for Python.
Important
The awscli
package is available in repositories for other package managers such as apt
and yum
, but you're not assured of getting the latest version unless you get it from pip
or use the bundled installer.
If you already have pip
, follow the instructions in the main installation topic. Run pip --version
to see if your version of Linux already includes Python and pip
. We recommend that if you have Python version 3+ installed, that you use the pip3
command.
If you don't already have pip
installed, check which version of Python is installed.
or
If you don't already have Python 2 version 2.6.5+ or Python 3 version 3.3+, you must first install Python. If you do have Python installed, proceed to installing pip
and the AWS CLI.
Sections
pip
If you don't already have pip
installed, you can install it by using the script that the Python Packaging Authority provides.
To install pip
Use the curl
command to download the installation script.
Run the script with Python to download and install the latest version of pip
and other required support packages.
or
When you include the --user
switch, the script installs pip
to the path ~/.local/bin
.
Ensure the folder that contains pip
is part of your PATH
variable.
Find your shell's profile script in your user folder. If you're not sure which shell you have, run echo $SHELL
.
Bash – .bash_profile
, .profile
, or .bash_login
Zsh – .zshrc
Tcsh – .tcshrc
, .cshrc
or .login
Add an export command at the end of your profile script that's similar to the following example.
This command inserts the path, ~/.local/bin
in this example, at the front of the existing PATH
variable.
Reload the profile into your current session to put those changes into effect.
Now you can test to verify that pip
is installed correctly.
pip
Use pip
to install the AWS CLI.
When you use the --user
switch, pip
installs the AWS CLI to ~/.local/bin
.
Verify that the AWS CLI installed correctly.
If you get an error, see Troubleshooting AWS CLI Errors.
To upgrade to the latest version, run the installation command again.
After installing with pip
, you might need to add the aws
executable to your operating system' PATH
environment variable.
You can verify which folder pip
installed the AWS CLI to by running the following command.
You can reference this as ~/.local/bin/
because /home/username
corresponds to ~
in Linux.
If you omitted the --user
switch and so didn't install in user mode, the executable might be in the bin
folder of your Python installation. If you don't know where Python is installed, run this command.
The output might be the path to a symlink, not to the actual executable. Run ls -al
to see where it points.
If this is the same folder you added to the path in step 3 in Install pip, you're done. Otherwise, perform those same steps 3a–3c again, adding this additional folder to the path.
This package provides a unified command line interface to Amazon Web Services.
The aws-cli package works on Python versions:
Attention!
We recommend that all customers regularly monitor theAmazon Web Services Security Bulletins website for any important security bulletins related toaws-cli.
The easiest way to install aws-cli is to use pip in a virtualenv
:
or, if you are not installing in a virtualenv
, to install globally:
or for your user:
If you have the aws-cli installed and want to upgrade to the latest versionyou can run:
Note
On OS X, if you see an error regarding the version of six that came withdistutils in El Capitan, use the --ignore-installed
option:
This will install the aws-cli package as well as all dependencies. You canalso just download the tarball. Once you have theawscli directory structure on your workstation, you can just run:
If you want to run the develop
branch of the CLI, see the'CLI Dev Version' section below.
The release notes for the AWS CLI can be found here.
The aws-cli package includes a very useful command completion feature.This feature is not automatically installed so you need to configure it manually.To enable tab completion for bash either use the built-in command complete
:
Or add bin/aws_bash_completer
file under /etc/bash_completion.d
,/usr/local/etc/bash_completion.d
or any other bash_completion.d
location.
For tcsh:
You should add this to your startup scripts to enable it for future sessions.
For zsh please refer to bin/aws_zsh_completer.sh
. Source that file, e.g.from your ~/.zshrc
, and make sure you run compinit
before:
For now the bash compatibility auto completion (bashcompinit
) is used.For further details please refer to the top of bin/aws_zsh_completer.sh
.
Before using aws-cli, you need to tell it about your AWS credentials. Youcan do this in several ways:
The quickest way to get started is to run the aws configure
command:
To use environment variables, do the following:
To use the shared credentials file, create an INI formatted file like this:
and place it in ~/.aws/credentials
(or in%UserProfile%.aws/credentials
on Windows). If you wish to place theshared credentials file in a different location than the one specified above,you need to tell aws-cli where to find it. Do this by settingthe appropriate environment variable:
To use a config file, create a configuration file like this:
and place it in ~/.aws/config
(or in %UserProfile%.awsconfig
on Windows). If you wish to place the config file in a different location than the onespecified above, you need to tell aws-cli where to find it. Do this by settingthe appropriate environment variable:
As you can see, you can have multiple profiles
defined in both the sharedcredentials file and the configuration file. You can then specify whichprofile to use by using the --profile
option. If no profile is specifiedthe default
profile is used.
In the config file, except for the default profile, youmust prefix each config section of a profile group with profile
.For example, if you have a profile named 'testing' the section header wouldbe [profile testing]
.
The final option for credentials is highly recommended if you areusing aws-cli on an EC2 instance. IAM Roles area great way to have credentials installed automatically on yourinstance. If you are using IAM Roles, aws-cli will find them and usethem automatically.
In addition to credentials, a number of other variables can beconfigured either with environment variables, configuration fileentries or both. The following table documents these.
Variable | Option | Config Entry | Environment Variable | Description |
---|---|---|---|---|
profile | --profile | profile | AWS_PROFILE | Default profile name |
region | --region | region | AWS_DEFAULT_REGION | Default AWS Region |
config_file | AWS_CONFIG_FILE | Alternate location of config | ||
credentials_file | AWS_SHARED_CREDENTIALS_FILE | Alternate location of credentials | ||
output | --output | output | AWS_DEFAULT_OUTPUT | Default output style |
ca_bundle | --ca-bundle | ca_bundle | AWS_CA_BUNDLE | CA Certificate Bundle |
access_key | aws_access_key_id | AWS_ACCESS_KEY_ID | AWS Access Key | |
secret_key | aws_secret_access_key | AWS_SECRET_ACCESS_KEY | AWS Secret Key | |
token | aws_session_token | AWS_SESSION_TOKEN | AWS Token (temp credentials) | |
cli_timestamp_format | cli_timestamp_format | Output format of timestamps | ||
metadata_service_timeout | metadata_service_timeout | AWS_METADATA_SERVICE_TIMEOUT | EC2 metadata timeout | |
metadata_service_num_attempts | metadata_service_num_attempts | AWS_METADATA_SERVICE_NUM_ATTEMPTS | EC2 metadata retry count | |
parameter_validation | parameter_validation | Toggles local parameter validation |
If you get tired of specifying a --region
option on the command lineall of the time, you can specify a default region to use whenever noexplicit --region
option is included using the region
variable.To specify this using an environment variable:
To include it in your config file:
Similarly, the profile
variable can be used to specify which profile to useif one is not explicitly specified on the command line via the--profile
option. To set this via environment variable:
The profile
variable can not be specified in the configuration filesince it would have to be associated with a profile and would defeat thepurpose.
For more information about configuration options, please refer theAWS CLI Configuration Variables topic. You can access this topicfrom the CLI as well by running aws help config-vars
.
Some services, such as AWS Identity and Access Management (IAM)have a single, global endpoint rather than different endpoints foreach region.
To make access to these services simpler, aws-cli will automaticallyuse the global endpoint unless you explicitly supply a region (usingthe --region
option) or a profile (using the --profile
option).Therefore, the following:
will automatically use the global endpoint for the IAM serviceregardless of the value of the AWS_DEFAULT_REGION
environmentvariable or the region
variable specified in your profile.
Many options that need to be provided are simple string or numericvalues. However, some operations require JSON data structuresas input parameters either on the command line or in files.
For example, consider the command to authorize access to an EC2security group. In this case, we will add ingress access to port 22for all IP addresses:
Some parameter values are so large or so complex that it would be easierto place the parameter value in a file and refer to that file rather thanentering the value directly on the command line.
Let's use the authorize-security-group-ingress
command shown above.Rather than provide the value of the --ip-permissions
parameter directlyin the command, you could first store the values in a file. Let's callthe file ip_perms.json
:
Then, we could make the same call as above like this:
The file://
prefix on the parameter value signals that the parameter valueis actually a reference to a file that contains the actual parameter value.aws-cli will open the file, read the value and use that value as theparameter value.
This is also useful when the parameter is really referring to file-baseddata. For example, the --user-data
option of the aws ec2 run-instances
command or the --public-key-material
parameter of theaws ec2 import-key-pair
command.
Similar to the file-based input described above, aws-cli also includes away to use data from a URI as the value of a parameter. The idea is exactlythe same except the prefix used is https://
or http://
:
The default output for commands is currently JSON. You can use the--query
option to extract the output elements from this JSON document.For more information on the expression language used for the --query
argument, you can read theJMESPath Tutorial.
Get a list of IAM user names:
Get a list of key names and their sizes in an S3 bucket:
Get a list of all EC2 instances and include their Instance ID, State Name,and their Name (if they've been tagged with a Name):
You may also find the jq tool useful inprocessing the JSON output for other uses.
There is also an ASCII table format available. You can select this style withthe --output table
option or you can make this style your default outputstyle via environment variable or config file entry as described above.Try adding --output table
to the above commands.
If you are just interested in using the latest released version of the AWS CLI,please see the Installation section above. This section is for anyone whowants to install the development version of the CLI. You normally would notneed to do this unless:
The latest changes to the CLI are in the develop
branch on github. This isthe default branch when you clone the git repository.
Additionally, there are several other packages that are developed in lockstepwith the CLI. This includes:
If you just want to install a snapshot of the latest development version ofthe CLI, you can use the requirements.txt
file included in this repo.This file points to the development version of the above packages:
However, to keep up to date, you will continually have to run thepip install -r requirements.txt
file to pull in the latest changesfrom the develop branches of botocore, jmespath, etc.
You can optionally clone each of those repositories and run 'pip install -e .'for each repository:
We use GitHub issues for tracking bugs and feature requests and have limitedbandwidth to address them. Please use these community resources for gettinghelp: