Addteq’s Codefactori is a complete solution for software development teams, providing a hosted and managed software development solution centered around your tools. Given that our hosted Codefactori applications are in AWS, we use AWS’s Command Line Interface (CLI) to access and manage these systems. The AWS CLI is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Because we run multiple applications we use specific profiles to access specific regions and software. Likewise, we manage access by using the profile option within CLI commands. This keeps our access secure, ensuring each key is only used for a specific product or customer within Addteq.
Install AWS CLI
The first thing you will need to do is set up the AWS CLI. Amazon provides clear instructions on how to install the AWS CLI tool on each platform at the following link.
Setup AWS CLI
Once AWS CLI is installed, you should be able to verify it by running the following command:
$ aws --version aws-cli/1.21.12 Python/3.8.10 Linux/5.13.0-39-generic botocore/1.22.10
The next step will be to configure the CLI to access AWS through your access key.
$ aws configure AWS Access Key ID [None]: AVCDDWJORMBFLFXZKANL AWS Secret Access Key [None]: vUGWI5N6w0fm66Tjv82QN03fYVERlspeNg0gZLE3 Default region name [None]: us-east-1 Default output format [None]:
We can view our configurations by running the following command. This is helpful to identify where our configuration files are stored if we ever need to change or add other accounts to connect as.
$ aws configure list Name Value Type Location ---- ----- ---- -------- profile None None access_key ****************KANL shared-credentials-file secret_key ****************ZLE3 shared-credentials-file region us-east-1 config-file ~/.aws/config
Configuring Multiple Profiles
Because AWS allows us to create multiple access keys with different levels of permissions, we may need to manage multiple access keys. The following steps can be used to set up and use multiple profiles within the AWS CLI.
$ aws configure --profile test2 AWS Access Key ID [None]: IVZGIKLVGTMGGBVYOVXE AWS Secret Access Key [None]: LgIXDMn7opDwesEkn1040dvQwb1Kl9p5D17HgAy9 Default region name [None]: us-west-1 Default output format [None]:
All configuration files for AWS CLI are stored in the same location and can be retrieved by using the `aws configure list` command seen above. We can look in the `~/.aws` directory at the config and credentials file.
~/.aws$ cat credentials [default] aws_access_key_id = AVCDDWJORMBFLFXZKANL aws_secret_access_key = vUGWI5N6w0fm66Tjv82QN03fYVERlspeNg0gZLE3 [test2] aws_access_key_id = IVZGIKLVGTMGGBVYOVXE aws_secret_access_key = LgIXDMn7opDwesEkn1040dvQwb1Kl9p5D17HgAy9
Within the credentials file, are the 2 profiles we have configured. First is the default profile and second is the test2 profile we created too.
Using Multiple Profiles
With this setup, we can now run AWS CLI commands using 2 different sets of access keys.
The first key has access to s3, this is using our default profile.
$ aws s3 ls 2021-10-29 09:25:22 bucket1 2021-10-29 09:24:43 bucket2 2021-10-09 15:44:43 bucket3 2021-10-06 15:59:09 bucket4
The second command uses the profile test2 and it does not have access to ListBuckets operation for S3.
$ aws s3 ls --profile test2 An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
By using the –profile we can change what access key we use within AWS CLI.