Addteq’s Codefactori is a complete solution for software development teams, providing a hosted and managed software development solution centered around your tools. Given that our hosted Codefactori applications are in AWS, we use AWS’s Command Line Interface (CLI) to access and manage these systems. The AWS CLI is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Because we run multiple applications we use specific profiles to access specific regions and software. Likewise, we manage access by using the profile option within CLI commands. This keeps our access secure, ensuring each key is only used for a specific product or customer within Addteq.
Install AWS CLI
The first thing you will need to do is set up the AWS CLI. Amazon provides clear instructions on how to install the AWS CLI tool on each platform at the following link.
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Setup AWS CLI
Once AWS CLI is installed, you should be able to verify it by running the following command:
$ aws --version
aws-cli/1.21.12 Python/3.8.10 Linux/5.13.0-39-generic botocore/1.22.10
The next step will be to configure the CLI to access AWS through your access key.
$ aws configure
AWS Access Key ID [None]: AVCDDWJORMBFLFXZKANL
AWS Secret Access Key [None]: vUGWI5N6w0fm66Tjv82QN03fYVERlspeNg0gZLE3
Default region name [None]: us-east-1
Default output format [None]:
We can view our configurations by running the following command. This is helpful to identify where our configuration files are stored if we ever need to change or add other accounts to connect as.
$ aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************KANL shared-credentials-file
secret_key ****************ZLE3 shared-credentials-file
region us-east-1 config-file ~/.aws/config
Configuring Multiple Profiles
Because AWS allows us to create multiple access keys with different levels of permissions, we may need to manage multiple access keys. The following steps can be used to set up and use multiple profiles within the AWS CLI.
$ aws configure --profile test2
AWS Access Key ID [None]: IVZGIKLVGTMGGBVYOVXE
AWS Secret Access Key [None]: LgIXDMn7opDwesEkn1040dvQwb1Kl9p5D17HgAy9
Default region name [None]: us-west-1
Default output format [None]:
All configuration files for AWS CLI are stored in the same location and can be retrieved by using the `aws configure list` command seen above. We can look in the `~/.aws` directory at the config and credentials file.
~/.aws$ cat credentials
[default]
aws_access_key_id = AVCDDWJORMBFLFXZKANL
aws_secret_access_key = vUGWI5N6w0fm66Tjv82QN03fYVERlspeNg0gZLE3
[test2]
aws_access_key_id = IVZGIKLVGTMGGBVYOVXE
aws_secret_access_key = LgIXDMn7opDwesEkn1040dvQwb1Kl9p5D17HgAy9
Within the credentials file, are the 2 profiles we have configured. First is the default profile and second is the test2 profile we created too.
Using Multiple Profiles
With this setup, we can now run AWS CLI commands using 2 different sets of access keys.
The first key has access to s3, this is using our default profile.
$ aws s3 ls
2021-10-29 09:25:22 bucket1
2021-10-29 09:24:43 bucket2
2021-10-09 15:44:43 bucket3
2021-10-06 15:59:09 bucket4
The second command uses the profile test2 and it does not have access to ListBuckets operation for S3.
$ aws s3 ls --profile test2
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
By using the –profile we can change what access key we use within AWS CLI.
