반응형
블로그 이미지
개발자로서 현장에서 일하면서 새로 접하는 기술들이나 알게된 정보 등을 정리하기 위한 블로그입니다. 운 좋게 미국에서 큰 회사들의 프로젝트에서 컬설턴트로 일하고 있어서 새로운 기술들을 접할 기회가 많이 있습니다. 미국의 IT 프로젝트에서 사용되는 툴들에 대해 많은 분들과 정보를 공유하고 싶습니다.
솔웅

최근에 받은 트랙백

글 보관함

[AWS Certificate] Developer - AWS CLI memo

2017. 10. 11. 17:19 | Posted by 솔웅



AWS Command Line Interface



- Getting Started

- CLI Reference

- GitHub Project

- Community Forum






* Terminate Instance from Terminal


1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ ssh ec2-user@IP Address -i EC2KeyPair.pem.txt 

The authenticity of host 'IP address (IP address)' can't be established.

ECDSA key fingerprint is SHA256:..........

Are you sure you want to continue connecting (yes/no)? yes 

Warning: Permanently added '54.175.217.183' (ECDSA) to the list of known hosts.


       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|


https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/

No packages needed for security; 1 packages available

Run "sudo yum update" to apply all updates.

[ec2-user@ip-172-31-89-170 ~]$ sudo su

[root@ip-172-31-89-170 ec2-user]# aws s3 ls

Unable to locate credentials. You can configure credentials by running "aws configure".


==> can't access to s3. 


[root@ip-172-31-89-170 ec2-user]# aws configure

AWS Access Key ID [None]: 


==> Open CSV file you downloaded and enter AWS Access Key ID and AWS Secret.

==> Enter region name


==> type aws s3 ls ==> will display list

==> aws s3 help ==> display all commands



cd ~ -> home directory

ls

cd .aws

ls

nano credentials ==> Access_key_id , secret_access_key



aws ec2 describe-instances ==> display all instances in JSON format


copy instance id of running instance


aws ec2 terminate-instances --instance-ids 'instance id'


==> terminated


When access_key_id and secret_access_key is accidently open to public -> Resolution is Delete the user and re-create it





* Using Role instead of Access Key



------ Identity Access Management Roles Lab -------



- IAM - Create a Role   with S3 full access policy

*** All Roles are for Global (*******) - No need to select Region


- Create EC2 Instance : Assign above role to this instance

==> You can replace Role of existing instance

: Actions - Instance Settings - Attach/Replace IAM role


now was s3 ls works


[root@ip-172-31-81-181 ec2-user]# aws s3 ls

[root@ip-172-31-81-181 ec2-user]#


CLI Commands - Developer Associate Exam


[ec2-user@ip-172-31-81-181 ~]$ sudo su

[root@ip-172-31-81-181 ec2-user]# aws s3 ls

[root@ip-172-31-81-181 ec2-user]# cd ~

[root@ip-172-31-81-181 ~]# ls

[root@ip-172-31-81-181 ~]# cd .aws

bash: cd: .aws: No such file or directory

[root@ip-172-31-81-181 ~]# aws configure

AWS Access Key ID [None]: 

AWS Secret Access Key [None]: 

Default region name [None]: us-east-1

Default output format [None]: 

[root@ip-172-31-81-181 ~]# cd .aws

[root@ip-172-31-81-181 .aws]# ls

config

[root@ip-172-31-81-181 .aws]# cat config

[default]

region = us-east-1

[root@ip-172-31-81-181 .aws]# 


==> can access aws without Access Key ID

Terminate the instance from Terminal

[root@ip-172-31-81-181 .aws]# aws ec2 terminate-instances --instance-ids i-0575b748b9ec9e3fa

{

    "TerminatingInstances": [

        {

            "InstanceId": "i-0575b748b9ec9e3fa", 

            "CurrentState": {

                "Code": 32, 

                "Name": "shutting-down"

            }, 

            "PreviousState": {

                "Code": 16, 

                "Name": "running"

            }

        }

    ]

}

[root@ip-172-31-81-181 .aws]# 

Broadcast message from root@ip-172-31-81-181

(unknown) at 0:02 ...


The system is going down for power off NOW!

Connection to 52.70.118.204 closed by remote host.

Connection to 52.70.118.204 closed.

1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ 





==> Shutting down the instance in AWS console





============ CLI Commands For The Developer Exam


IAM - Create a Role - MyEC2Role - administrator access

Launch new instance - assign the role


ssh ec2-user.......

sudo su

aws configure (enter region only)


docs.aws.amazon.com/cli/latest/reference/ec2/index.html


(*****)

aws ec2 describe-instances

aws ec2 describe-images  - enter image id

aws ec2 run-instances

was ec2 start-instances

(*****)



Do not confuse START-INSTANCES with RUN-INSTANCES

START-INSTANCES - START AND STOP INSTANCE

RUN-INSTANCES - CREATE A NEW INSTANCE


========================

-----S3 CLI & REGIONS


Launch new instance

Create S3 buckets (3 buckets)


Upload a file to one of above bucket

go to another bucket and upload other file.

go to another bucket and upload other file.


IAM - Create a new Role (S3 full access)


EC2 - public IP address


terminal

ssh ec2-user@....

sudo su

aws s3 ls - will not work

attach the role to the EC2 instance

attach/replace IAM role (WEB)

go back to terminal

aws s3 ls -> will display


aws s3 cp --recursive s3://bucket1_name /home/bucket2_name

ls


copy file to bucket





반응형

Comment