It's been a while since I installed the AWS CLI. I see that it is now at version 2.
Once you set it up, you don't have a chance to touch it and forget about it, so here is a memo on how to set it up for yourself.
Basic Structure
- Set profile with
~/.aws/config ~/.aws/credentialsto set the user's key and secret- Link profiles and users by making the profile name and user name the same
- CLI execution is done with the settings specified in the profile
setting (of a computer or file, etc.)
\~/.aws/config
[default] region = ap-northeast-1 output = json [profile user1] region = ap-northeast-1 output = json
*Profile name is "user1", not "profile user1
\~/.aws/credentials
[default] aws_access_key_id=xxxxxxxxxx aws_secret_access_key=xxxxxxxxxx [user1] aws_access_key_id=xxxxxxxxxx aws_secret_access_key=xxxxxxxxxx
execution
Optionally specify a profile and run
If omitted, the default profile is used
aws --profile <プロファイル名> <コマンド>
If a profile is set in an environment variable, that profile is used when the command is executed
If you want the profile to be default, set the value of the variable to default.
AWS_PROFILE=<プロファイル名>
Execute in role
- Create a profile of the role
- Specify the profile of the base that will be the user from the role's profile
\~/.aws/config
[profile <ロールのプロファイル名>] role_arn = arn:aws:iam::xxxxxxxxxx source_profile = <ベースとなるプロファイル名>
Other
Output is paged, so when using it from a script, turn it off in one of the following ways
\~/.aws/credentials
[default] cli_pager=
environment variable
AWS_PAGER=""
