• Alias repository examples (p. 142)
• Resources (p. 142)
Prerequisites
To use alias commands, you need to complete the following:
• Install and configure the AWS CLI. For more information, see the section called “Install/Update” (p. 6) and Configuration basics (p. 33).
• Use a minimum AWS CLI version of 1.11.24 or 2.0.0.
• (Optional) To use AWS CLI alias bash scripts, you must use a bash-compatible terminal.
Step 1: Creating the alias file
To create the alias file, you can use your file navigation and a text editor, or use your preferred terminal by using the step-by-step procedure. To quickly create your alias file, use the following command block.
Linux and macOS
$ mkdir -p ~/.aws/cli
$ echo '[toplevel]' > ~/.aws/cli/alias Windows
C:\> md %USERPROFILE%\.aws\cli
C:\> echo [toplevel] > %USERPROFILE%/.aws/cli/alias
To create the alias file
1. Create a folder named cli in your AWS CLI configuration folder. By default the configuration folder is ~/.aws/ on Linux or macOS and %USERPROFILE%\.aws\ on Windows. You can create this through your file navigation or by using the following command.
Linux and macOS
$ mkdir -p ~/.aws/cli
Windows
C:\> md %USERPROFILE%\.aws\cli
The resulting cli folder default path is ~/.aws/cli/ on Linux or macOS and %USERPROFILE%
\.aws\cli on Windows.
2. In the cli folder, create a text file named alias with no extension and add [toplevel] to the first line. You can create this file through your preferred text editor or use the following command.
Linux and macOS
$ echo '[toplevel]' > ~/.aws/cli/alias Windows
$ echo [toplevel] > %USERPROFILE%/.aws/cli/alias
Step 2: Creating an alias
You can create an alias using basic commands or bash scripting.
Creating a basic command alias
You can create your alias by adding a command using the following syntax in the alias file you created in the previous step.
Syntax
aliasname = command [--options]
The aliasname is what you call your alias. The command is the command you want to call, which can include other aliases. You can include options or parameters in your alias, or add them when calling your alias.
The following example creates an alias named aws whoami using the aws sts get-caller-identity command. Since this alias calls an existing AWS CLI command, you can write the command without the aws prefix.
whoami = sts get-caller-identity
The following example takes the previous whoami example and adds the Account filter and text output options.
whoami2 = sts get-caller-identity --query AccountName --output text
Creating a bash scripting alias
Warning
To use AWS CLI alias bash scripts, you must use a bash-compatible terminal
You can create an alias using bash scripts for more advanced processes using the following syntax.
Syntax
aliasname = !f() {
script content }; f
The aliasname is what you call your alias and script content is the script you want to run when you call the alias.
The following example uses opendns to output your current IP address. Since you can use aliases in other aliases, the following myip alias is useful to allow or revoke access for your IP address from within other aliases.
myip = !f() {
dig +short myip.opendns.com @resolver1.opendns.com }; f
The following script example calls the previous aws myip alias to authorize your IP address for an Amazon EC2 security group ingress.
authorize-my-ip = !f() {
ip=$(aws myip)
aws ec2 authorize-security-group-ingress --group-id ${1} --cidr $ip/32 --protocol tcp --port 22
}; f
When you call aliases that use bash scripting, the variables are always passed in the order that you entered them. In bash scripting, the variable names are not taken into consideration, only the order they appear. In the following textalert alias example, the variable for the message option is first and --phone-number option is second.
textalert = !f() {
aws sns publish --message "${1}" --phone-number ${2}
}; f
Step 3: Calling an alias
To run the alias you created in your alias file use the following syntax. You can add additional options when you call your alias.
Syntax
$ aws aliasname
The following example uses the aws whoami alias.
$ aws whoami {
"UserId": "A12BCD34E5FGHI6JKLM", "Account": "1234567890987",
"Arn": "arn:aws:iam::1234567890987:user/userName"
}
The following example uses the aws whoami alias with additional options to only return the Account number in text output.
$ aws whoami --query Account --output text
1234567890987
Calling an alias using bash scripting variables
When you call aliases that use bash scripting, variables are passed in the order they are entered. In bash scripting, the name of the variables are not taken into consideration, only the order they appear. For example, in the following textalert alias, the variable for the option --message is first and --phone-number is second.
textalert = !f() {
aws sns publish --message "${1}" --phone-number ${2}
}; f
When you call the textalert alias, you need to pass variables in the same order as they are run in the alias. In the following example we use the variables $message and $phone. The $message variable is passed as ${1} for the --message option and the $phone variable is passed as ${2} for the --phone-number option. This results in successfully calling the textalert alias to send a message.
$ aws textalert $message $phone
{
"MessageId": "1ab2cd3e4-fg56-7h89-i01j-2klmn34567"
}
In the following example, the order is switched when calling the alias to $phone and $message. The
$phone variable is passed as ${1} for the --message option and the $message variable is passed as
${2} for the --phone-number option. Since the variables are out of order, the alias passes the variables incorrectly. This causes an error because the contents of $message do not match the phone number formatting requirements for the --phone-number option.
$ aws textalert $phone $message
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
Unknown options: text
Alias repository examples
The AWS CLI alias repository on GitHub contains AWS CLI alias examples created by the AWS CLI developer team and community. You can use the entire alias file example or take individual aliases for your own use.
Warning
Running the commands in this section deletes your existing alias file. To avoid overwriting your existing alias file, change your download location.
To use aliases from the repository
1. Install Git. For installation instructions, see Getting Started - Installing Git in the Git Documentation.
2. Install the jp command. The jp command is used in the tostring alias. For installation instructions, see the JMESPath (jp) README.md on GitHub.
3. Install the jq command. The jq command is used in the tostring-with-jq alias. For installation instructions, see the JSON processor (jq) on GitHub.
4. Download the alias file by doing one of the following:
• Run the following commands that downloads from the repository and copies the alias file to your configuration folder.
Linux and macOS
$ git clone https://github.com/awslabs/awscli-aliases.git
$ mkdir -p ~/.aws/cli
$ cp awscli-aliases/alias ~/.aws/cli/alias Windows
C:\> git clone https://github.com/awslabs/awscli-aliases.git C:\> md %USERPROFILE%\.aws\cli
C:\> copy awscli-aliases\alias %USERPROFILE%\.aws\cli
• Download directly from the repository and save to the cli folder in your AWS CLI configuration folder. By default the configuration folder is ~/.aws/ on Linux or macOS and %USERPROFILE%
\.aws\ on Windows.
5. To verify the aliases are working, run the following alias.
$ aws whoami
This displays the same response as the aws sts get-caller-identity command:
{ "Account": "012345678901",
"UserId": "AIUAINBADX2VEG2TC6HD6",
"Arn": "arn:aws:iam::012345678901:user/myuser"
}
Resources
• The AWS CLI alias repository on GitHub contains AWS CLI alias examples created by the AWS CLI developer team and the contribution of the AWS CLI community.
• The alias feature announcement from AWS re:Invent 2016: The Effective AWS CLI User on YouTube.
• aws sts get-caller-identity
• aws ec2 describe-instances
• aws sns publish
Using the AWS CLI to work with AWS Services
This section provides examples that show how to use the AWS Command Line Interface (AWS CLI) to access various AWS services.
NoteFor a complete reference of all the available commands for each service, see the AWS CLI version 2 reference guide, or use the built-in command line help. For more information, see Getting help with the AWS CLI (p. 82).
Services
• Using Amazon DynamoDB with the AWS CLI (p. 144)
• Using Amazon EC2 with the AWS CLI (p. 147)
• Using Amazon S3 Glacier with the AWS CLI (p. 162)
• Using AWS Identity and Access Management from the AWS CLI (p. 167)
• Using Amazon S3 with the AWS CLI (p. 170)
• Using Amazon SNS with the AWS CLI (p. 182)
• Using Amazon Simple Workflow Service with the AWS CLI (p. 184)
Using Amazon DynamoDB with the AWS CLI
An introduction to Amazon DynamoDB What is Amazon DynamoDB?
The AWS Command Line Interface (AWS CLI) provides support for all of the AWS database services, including Amazon DynamoDB. You can use the AWS CLI for impromptu operations, such as creating a table. You can also use it to embed DynamoDB operations within utility scripts.
For more information about using the AWS CLI with DynamoDB, see dynamodb in the AWS CLI Command Reference.
To list the AWS CLI commands for DynamoDB, use the following command.
$ aws dynamodb help
Topics
• Prerequisites (p. 144)
• Creating and using DynamoDB tables (p. 145)
• Using DynamoDB Local (p. 146)
• Resources (p. 146)
Prerequisites
To run the dynamodb commands, you need to:
• AWS CLI installed, see the section called “Install/Update” (p. 6) for more information.
• AWS CLI configured, see Configuration basics (p. 33) for more information. The profile that you use must have permissions that allow the AWS operations performed by the examples.
Creating and using DynamoDB tables
The command line format consists of an DynamoDB command name, followed by the parameters for that command. The AWS CLI supports the CLI shorthand syntax (p. 104) for the parameter values, and full JSON.
The following example creates a table named MusicCollection.
$ aws dynamodb create-table \ --table-name MusicCollection \
--attribute-definitions AttributeName=Artist,AttributeType=S AttributeName=SongTitle,AttributeType=S \
--key-schema AttributeName=Artist,KeyType=HASH AttributeName=SongTitle,KeyType=RANGE \ --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1
You can add new lines to the table with commands similar to those shown in the following example.
These examples use a combination of shorthand syntax and JSON.
$ aws dynamodb put-item \
--table-name MusicCollection \ --item '{
"Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Call Me Today"} , "AlbumTitle": {"S": "Somewhat Famous"}
}' \
--return-consumed-capacity TOTAL { "ConsumedCapacity": {
"CapacityUnits": 1.0,
"TableName": "MusicCollection"
} }
$ aws dynamodb put-item \
--table-name MusicCollection \ --item '{
"Artist": {"S": "Acme Band"}, "SongTitle": {"S": "Happy Day"} , "AlbumTitle": {"S": "Songs About Life"}
}' \
--return-consumed-capacity TOTAL {
"ConsumedCapacity": { "CapacityUnits": 1.0,
"TableName": "MusicCollection"
} }
It can be difficult to compose valid JSON in a single-line command. To make this easier, the AWS CLI can read JSON files. For example, consider the following JSON snippet, which is stored in a file named expression-attributes.json.
{ ":v1": {"S": "No One You Know"},
":v2": {"S": "Call Me Today"}
}
You can use that file to issue a query request using the AWS CLI. In the following example, the content of the expression-attributes.json file is used as the value for the --expression-attribute-values parameter.
$ aws dynamodb query --table-name MusicCollection \
--key-condition-expression "Artist = :v1 AND SongTitle = :v2" \ --expression-attribute-values file://expression-attributes.json { "Count": 1,
"Items": [ {
"AlbumTitle": {
"S": "Somewhat Famous"
},
"SongTitle": {
"S": "Call Me Today"
},
"Artist": {
"S": "No One You Know"
} } ],
"ScannedCount": 1, "ConsumedCapacity": null }
Using DynamoDB Local
In addition to DynamoDB, you can use the AWS CLI with DynamoDB Local. DynamoDB Local is a small client-side database and server that mimics the DynamoDB service. DynamoDB Local enables you to write applications that use the DynamoDB API, without manipulating any tables or data in the DynamoDB web service. Instead, all of the API actions are rerouted to a local database. This lets you save on provisioned throughput, data storage, and data transfer fees.
For more information about DynamoDB Local and how to use it with the AWS CLI, see the following sections of the Amazon DynamoDB Developer Guide:
• DynamoDB Local
• Using the AWS CLI with DynamoDB Local
Resources
AWS CLI reference:
• aws dynamodb
• aws dynamodb create-table
• aws dynamodb put-item
• aws dynamodb query
Service reference:
• DynamoDB Local in the Amazon DynamoDB Developer Guide
• Using the AWS CLI with DynamoDB Local in the Amazon DynamoDB Developer Guide
Using Amazon EC2 with the AWS CLI
An introduction to Amazon Elastic Compute Cloud
Introduction to Amazon EC2 - Elastic Cloud Server and Hosting with AWS
You can access the features of Amazon Elastic Compute Cloud (Amazon EC2) using the AWS Command Line Interface (AWS CLI). To list the AWS CLI commands for Amazon EC2, use the following command.
aws ec2 help
Before you run any commands, set your default credentials. For more information, see Configuring the AWS CLI (p. 33).
This topic shows short-form examples of AWS CLI commands that perform common tasks for Amazon EC2.
For long-form examples of AWS CLI commands, see AWS CLI code examples repository on GitHub.
Topics
• Creating, displaying, and deleting Amazon EC2 key pairs (p. 147)
• Creating, configuring, and deleting security groups for Amazon EC2 (p. 149)
• Launching, listing, and terminating Amazon EC2 instances (p. 154)
• Change an Amazon EC2 instance type using a bash script (p. 160)
Creating, displaying, and deleting Amazon EC2 key pairs
You can use the AWS Command Line Interface (AWS CLI) to create, display, and delete your key pairs for Amazon Elastic Compute Cloud (Amazon EC2). You use key pairs to connect to an Amazon EC2 instance.
You must provide the key pair to Amazon EC2 when you create the instance, and then use that key pair to authenticate when you connect to the instance.
NoteFor additional command examples, see the AWS CLI reference guide.
Topics
• Prerequisites (p. 147)
• Create a key pair (p. 148)
• Display your key pair (p. 148)
• Delete your key pair (p. 149)
• References (p. 149)
Prerequisites
To run the ec2 commands, you need to:
• Install and configure the AWS CLI. For more information, see the section called “Install/Update” (p. 6) and Configuration basics (p. 33).
• Set your IAM permissions to allow for Amazon EC2 access. For more information about IAM
permissions for Amazon EC2, see IAM policies for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.
Create a key pair
To create a key pair, use the aws ec2 create-key-pair command with the --query option, and the --output text option to pipe your private key directly into a file.
$ aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem
For PowerShell, the > file redirection defaults to UTF-8 encoding, which cannot be used with some SSH clients. So, you must convert the output by piping it to the out-file command and explicitly set the encoding to ascii.
PS C:\>aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text | out-file -encoding ascii -filepath MyKeyPair.pem
The resulting MyKeyPair.pem file looks similar to the following.
---BEGIN RSA PRIVATE KEY---EXAMPLEKEYKCAQEAy7WZhaDsrA1W3mRlQtvhwyORRX8gnxgDAfRt/gx42kWXsT4rXE/b5CpSgie/
vBoU7jLxx92pNHoFnByP+Dc21eyyz6CvjTmWA0JwfWiW5/akH7iO5dSrvC7dQkW2duV5QuUdE0QW Z/aNxMniGQE6XAgfwlnXVBwrerrQo+ZWQeqiUwwMkuEbLeJFLhMCvYURpUMSC1oehm449ilx9X1F G50TCFeOzfl8dqqCP6GzbPaIjiU19xX/azOR9V+tpUOzEL+wmXnZt3/nHPQ5xvD2OJH67km6SuPW oPzev/D8V+x4+bHthfSjR9Y7DvQFjfBVwHXigBdtZcU2/wei8D/HYwIDAQABAoIBAGZ1kaEvnrqu /uler7vgIn5m7lN5LKw4hJLAIW6tUT/fzvtcHK0SkbQCQXuriHmQ2MQyJX/0kn2NfjLV/ufGxbL1 mb5qwMGUnEpJaZD6QSSs3kICLwWUYUiGfc0uiSbmJoap/GTLU0W5Mfcv36PaBUNy5p53V6G7hXb2 bahyWyJNfjLe4M86yd2YK3V2CmK+X/BOsShnJ36+hjrXPPWmV3N9zEmCdJjA+K15DYmhm/tJWSD9 81oGk9TopEp7CkIfatEATyyZiVqoRq6k64iuM9JkA3OzdXzMQexXVJ1TLZVEH0E7bhlY9d8O1ozR oQs/FiZNAx2iijCWyv0lpjE73+kCgYEA9mZtyhkHkFDpwrSM1APaL8oNAbbjwEy7Z5Mqfql+lIp1 YkriL0DbLXlvRAH+yHPRit2hHOjtUNZh4Axv+cpg09qbUI3+43eEy24B7G/Uh+GTfbjsXsOxQx/x p9otyVwc7hsQ5TA5PZb+mvkJ5OBEKzet9XcKwONBYELGhnEPe7cCgYEA06Vgov6YHleHui9kHuws ayav0elc5zkxjF9nfHFJRry21R1trw2Vdpn+9g481URrpzWVOEihvm+xTtmaZlSp//lkq75XDwnU WA8gkn6O3QE3fq2yN98BURsAKdJfJ5RL1HvGQvTe10HLYYXpJnEkHv+Unl2ajLivWUt5pbBrKbUC gYBjbO+OZk0sCcpZ29sbzjYjpIddErySIyRX5gV2uNQwAjLdp9PfN295yQ+BxMBXiIycWVQiw0bH oMo7yykABY7Ozd5wQewBQ4AdSlWSX4nGDtsiFxWiI5sKuAAeOCbTosy1s8w8fxoJ5Tz1sdoxNeGs Arq6Wv/G16zQuAE9zK9vvwKBgF+09VI/1wJBirsDGz9whVWfFPrTkJNvJZzYt69qezxlsjgFKshy WBhd4xHZtmCqpBPlAymEjr/TOlbxyARmXMnIOWIAnNXMGB4KGSyl1mzSVAoQ+fqR+cJ3d0dyPl1j jjb0Ed/NY8frlNDxAVHE8BSkdsx2f6ELEyBKJSRr9snRAoGAMrTwYneXzvTskF/S5Fyu0iOegLDa NWUH38v/nDCgEpIXD5Hn3qAEcju1IjmbwlvtW+nY2jVhv7UGd8MjwUTNGItdb6nsYqM2asrnF3qS VRkAKKKYeGjkpUfVTrW0YFjXkfcrR/V+QFL5OndHAKJXjW7a4ejJLncTzmZSpYzwApc=
---END RSA PRIVATE KEY---Your private key isn't stored in AWS and can be retrieved only when it's created. You can't recover it later.
Instead, if you lose the private key, you must create a new key pair.
If you're connecting to your instance from a Linux computer, we recommend that you use the following command to set the permissions of your private key file so that only you can read it.
$ chmod 400 MyKeyPair.pem
Display your key pair
A "fingerprint" is generated from your key pair, and you can use it to verify that the private key that you have on your local machine matches the public key that's stored in AWS.
The fingerprint is an SHA1 hash taken from a DER-encoded copy of the private key. This value is captured when the key pair is created, and is stored in AWS with the public key. You can view the fingerprint in the Amazon EC2 console or by running the AWS CLI command aws ec2 describe-key-pairs.
The following example displays the fingerprint for MyKeyPair.
$ aws ec2 describe-key-pairs --key-name MyKeyPair {
"KeyPairs": [ {
"KeyName": "MyKeyPair",
"KeyFingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f"
} ] }
For more information about keys and fingerprints, see Amazon EC2 Key Pairs in the Amazon EC2 User Guide for Linux Instances.
Delete your key pair
To delete a key pair, run the aws ec2 delete-key-pair command, substituting MyKeyPair with the name of the pair to delete.
$ aws ec2 delete-key-pair --key-name MyKeyPair
References
AWS CLI reference:
• aws ec2
• aws ec2 create-key-pair
• aws ec2 delete-key-pair
• aws ec2 describe-key-pairs
Other reference:
• Amazon Elastic Compute Cloud Documentation
• To view and contribute to AWS SDK and AWS CLI code examples, see the AWS Code Examples Repository on GitHub.
Creating, configuring, and deleting security groups for Amazon EC2
Warning
This topic includes some examples for how to use EC2-Classic. AWS is retiring EC2-Classic on August 15, 2022. If you have not already, we recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon EC2 User Guide and the blog EC2-Classic Networking is Retiring – Here’s How to Prepare.
You can create a security group for your Amazon Elastic Compute Cloud (Amazon EC2) instances that essentially operates as a firewall, with rules that determine what network traffic can enter and leave.
You can create security groups to use in a virtual private cloud (VPC), or in the EC2-Classic shared flat network. For more information about the differences between EC2-Classic and EC2-VPC, see Supported Platforms in the Amazon EC2 User Guide for Linux Instances.
Use the AWS Command Line Interface (AWS CLI) to create a security group, add rules to existing security groups, and delete security groups.
NoteFor additional command examples, see the AWS CLI reference guide.
Topics
• Prerequisites (p. 150)
• Create a security group (p. 150)
• Add rules to your security group (p. 151)
• Delete your security group (p. 153)
• References (p. 154)
Prerequisites
To run the ec2 commands, you need to:
• Install and configure the AWS CLI. For more information, see the section called “Install/Update” (p. 6) and Configuration basics (p. 33).
• Set your IAM permissions to allow for Amazon EC2 access. For more information about IAM
• Set your IAM permissions to allow for Amazon EC2 access. For more information about IAM