It's been a while since I installed the AWS CLI. I see that it is now at version 2.
Once you set it up, you don't have a chance to touch it and forget about it, so here is a memo on how to set it up for yourself.
Basic Structure
- Set profile with
~/.aws/config
~/.aws/credentials
to set the user's key and secret- Link profiles and users by making the profile name and user name the same
- CLI execution is done with the settings specified in the profile
setting (of a computer or file, etc.)
\~/.aws/config
[default] region = ap-northeast-1 output = json [profile user1] region = ap-northeast-1 output = json
*Profile name is "user1", not "profile user1
\~/.aws/credentials
[default] aws_access_key_id=xxxxxxxxxx aws_secret_access_key=xxxxxxxxxx [user1] aws_access_key_id=xxxxxxxxxx aws_secret_access_key=xxxxxxxxxx
execution
Optionally specify a profile and run
If omitted, the default
profile is used
aws --profile <プロファイル名> <コマンド>
If a profile is set in an environment variable, that profile is used when the command is executed
If you want the profile to be default
, set the value of the variable to default
.
AWS_PROFILE=<プロファイル名>
Execute in role
- Create a profile of the role
- Specify the profile of the base that will be the user from the role's profile
\~/.aws/config
[profile <ロールのプロファイル名>] role_arn = arn:aws:iam::xxxxxxxxxx source_profile = <ベースとなるプロファイル名>
Other
Output is paged, so when using it from a script, turn it off in one of the following ways
\~/.aws/credentials
[default] cli_pager=
environment variable
AWS_PAGER=""