Setting up AWS CLI on Windows 10

AWS provides a “Command Line Interface”, which they usually refer to as the “CLI”. The supported commands appear to be consistent across operating systems, but the installation procedure is different on the various platforms. I’m using Windows 10 at the moment, so that’s the only platform I’m interested in.

Installing AWS CLI on Windows 10

There are multiple options for installing the Command Line Interface on Windows. The recommended cross-platform process requires Python and the ‘pip’ package manager for Python. The other option is to download the “AWS CLI MSI installer for Windows”. I’m going with the MSI installer because it’s easier, and I don’t care about AWS CLI updates at the moment. If frequent updates are an actual problem in the future, then I’ll revisit the Python-based update method.

REFERENCE:

http://docs.aws.amazon.com/cli/latest/userguide/awscli-install-windows.html#install-msi-on-windows

I downloaded the MSI installer, ran it, and everything seems good. The following command in PowerShell will display the version details of the installed CLI:

aws --version

DOAWS-screenshot-016

So far, so good. The CLI seems to work in PowerShell without any special configuration steps. Now I need to configure it to have access to my AWS account.

Configuring the AWS CLI

The link below contains all the information you’ll need to configure your local CLI to access your AWS account.

REFERENCE:

http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

Creating an IAM user

If you’re new to AWS, you might not be familiar with the term “IAM user”. When you create a new AWS account, your AWS username is considered to be the “root” user (and owner) of your AWS account and everything in it. This is synonymous to the root user on a Linux server. Using the root user account for development tasks is discouraged. AWS provides a system of users, roles, privileges, etc., that are associated with your AWS account. That’s what IAM is. It is an acronym for “Identity and Access Management”.

Log in to your AWS account and go to the console. Click on the “Services” option.

DOAWS-screenshot-017

Find the “IAM” option somewhere in the services list and click on it.

DOAWS-screenshot-018

The IAM Management Console will probably look something like this when you log in for the first time:

DOAWS-screenshot-019

You should address all the various warnings, but the first thing you should do to configure the CLI is to create a new IAM user.

DOAWS-screenshot-020
Adding a new IAM user in the AWS console

I’ll name my user “dev-cli-user”. I only want this user to have programmatic access, so I leave the “AWS Management Console access” box unchecked.

DOAWS-screenshot-021

I click the “Next: Permissions” button

DOAWS-screenshot-022

The console prompts me to create a Group for my new user, since no groups currently exist for my account. I click “Create group”.

DOAWS-screenshot-023

I’ll create a group named “dev-cli-group”, and associate it with the SystemAdministrator, AmazonEC2ContainerRegistryFullAccess, and AmazonECS_FullAccess policies (not seen in screenshot). If those policies don’t provide all the access that I need, then I can always come back later and edit the rights for this group.

DOAWS-screenshot-024

I check the box for my new group, and then click the “Next: Review” button

DOAWS-screenshot-025

Everything looks good, so I’ll click “Create user”

DOAWS-screenshot-026

The user has been created. Note the highlighted message at the top. I clicked the “Download .csv” button and saved the CSV file somewhere safe. The CSV contains the information needed to set up the newly created IAM user to work with the AWS Command Line Interface.

Associating the IAM user with the CLI

Use the following command in PowerShell

aws configure

When prompted, you’ll need to copy the credentials for your IAM user. Set the region name to the AWS region that you use. I like to use ‘json’ as the output format, but there are other options, such as ‘text’.

DOAWS-screenshot-027

At this point, my AWS CLI is set to use the credentials for my new ‘dev-cli-user’ IAM user by default. I’ll run a simple CLI command to test that everything is working.

aws iam list-groups

DOAWS-screenshot-028

Looks good. The CLI command returned a sane-looking response in JSON format.

That’s it. You’re done!

Other References

AWS CLI commands reference page

http://docs.aws.amazon.com/cli/latest/reference/


 

Leave a Reply