Awscli:修订间差异

来自Gea-Suan Lin's Wiki
跳到导航 跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
 
(未显示同一用户的25个中间版本)
第1行: 第1行:
{{Lowercase}}
{{Lowercase}}
'''awscli'''是[[AWS]]官方提供的Command Line Interface(CLI)軟體。
'''awscli'''是[[AWS]]官方提供的Command Line Interface(CLI)軟體。
== 安裝 ==
可以透過pipx安裝,避免影響到目前環境內的套件,目前官方建議用v2,但沒有上到[[PyPI]]:
<syntaxhighlight lang="bash">
pipx install git+https://github.com/aws/aws-cli.git@v2
</syntaxhighlight>
或是裝舊的v1:
<syntaxhighlight lang="bash">
pipx install awscli
</syntaxhighlight>


== 常用指令 ==
== 常用指令 ==
 開管理員帳號(這邊 是AWS 已經有 預設 的<code>AdministratorAccess</code>):
 
<syntaxhighlight lang="shell-session">
=== EC2 ===
$ aws iam create-user --user-name ${MY_AWS_USERNAME}
 
$ aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}
分成兩段,先是設定的部分,可以針對不同的AWS帳號放到不同的檔案裡面用<code>source</code>拉出來執行:
 
<syntaxhighlight lang="bash">
export AWS_PROFILE=default IMAGE_ID=ami-xxxxxxxxxxxxxxxxx INSTANCE_TYPE=t4g.small KEY_NAME=key-ed25519 NAME=test-100 PRIVATE_IP_ADDRESS=10.1.0.100 REGION=us-east-1 SECURITY_GROUP_IDS=sg-xxxxxxxxxxxxxxxxx SUBNET_ID=subnet-xxxxxxxxxxxxxxxxx
</syntaxhighlight>
 
以及實際執行的部分:
 
<syntaxhighlight lang="bash">
aws ec2 run-instances \
   --block-device-mappings "DeviceName=/dev/sda1,Ebs={VolumeType=gp3}" \
   --credit-specification CpuCredits=standard \
   --image-id "${IMAGE_ID}" \
   --instance-type "${INSTANCE_TYPE}" \
   --key-name "${KEY_NAME}" \
   --network-interfaces "AssociatePublicIpAddress=true,DeviceIndex=0" \
   --private-ip-address "${PRIVATE_IP_ADDRESS}" \
   --region "${REGION}" \
   --security-group-ids "${SECURITY_GROUP_IDS}" \
   --subnet-id "${SUBNET_ID}" \
   --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]"
</syntaxhighlight>
 
=== IAM ===
 
 開管理員帳號(這邊 是使用AWS內 已經有的<code>AdministratorAccess</code>):
 
<syntaxhighlight lang="bash">
aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}
</syntaxhighlight>
</syntaxhighlight>


 生出access key,一個帳號最多兩把。其中的<code>AccessKeyId</code>與<code>SecretAccessKey</code>就是需要的設定,要注意<code>SecretAccessKey</code>之後不會再出現:
 生出access key,一個帳號最多兩把。其中的<code>AccessKeyId</code>與<code>SecretAccessKey</code>就是需要的設定,要注意<code>SecretAccessKey</code>之後不會再出現:
<syntaxhighlight lang="shell-session">
 
$ aws iam create-access-key --user-name ${MY_AWS_USERNAME}
<syntaxhighlight lang="bash">
aws iam create-access-key --user-name ${MY_AWS_USERNAME}
</syntaxhighlight>
</syntaxhighlight>


 超過兩把再呼叫會出現錯誤訊息:
 超過兩把再呼叫會出現錯誤訊息:
<pre>
<pre>
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2
</pre>
</pre>


 列出這個帳號所有的access key:
 列出這個帳號所有的access key (只會有<code>AccessKeyId</code>,不會有<code>SecretAccessKey</code>)
<syntaxhighlight lang="shell-session">
 
$ aws iam list-access-keys --user-name ${MY_AWS_USERNAME}
<syntaxhighlight lang="bash">
aws iam list-access-keys --user-name ${MY_AWS_USERNAME}
</syntaxhighlight>
 
=== S3 ===
 
* 建立一個S3 bucket,
* 建立對應的使用者(IAM),
* 掛上完整的權限,
* 產生對應的key:
 
<syntaxhighlight lang="bash">
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full
</syntaxhighlight>
 
如果是只能讀取的話,這邊列出比較常見的操作(<code>"s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"</code>這段):
 
<syntaxhighlight lang="bash">
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly
</syntaxhighlight>
</syntaxhighlight>


第27行: 第90行:
* {{Official|https://aws.amazon.com/cli/}}
* {{Official|https://aws.amazon.com/cli/}}


[[Category:指令]]
[[Category:軟體]]
[[Category:軟體]]

2024年6月11日 (二) 21:08的最新版本

awscliAWS官方提供的Command Line Interface(CLI)软件。

安装

可以透过pipx安装,避免影响到目前环境内的套件,目前官方建议用v2,但没有上到PyPI

pipx install git+https://github.com/aws/aws-cli.git@v2

或是装旧的v1: 

pipx install awscli

常用指令

EC2

分成两段,先是设定的部分,可以针对不同的AWS账号放到不同的档案里面用source拉出来执行: 

export AWS_PROFILE=default IMAGE_ID=ami-xxxxxxxxxxxxxxxxx INSTANCE_TYPE=t4g.small KEY_NAME=key-ed25519 NAME=test-100 PRIVATE_IP_ADDRESS=10.1.0.100 REGION=us-east-1 SECURITY_GROUP_IDS=sg-xxxxxxxxxxxxxxxxx SUBNET_ID=subnet-xxxxxxxxxxxxxxxxx

以及实际执行的部分: 

aws ec2 run-instances \
    --block-device-mappings "DeviceName=/dev/sda1,Ebs={VolumeType=gp3}" \
    --credit-specification CpuCredits=standard \
    --image-id "${IMAGE_ID}" \
    --instance-type "${INSTANCE_TYPE}" \
    --key-name "${KEY_NAME}" \
    --network-interfaces "AssociatePublicIpAddress=true,DeviceIndex=0" \
    --private-ip-address "${PRIVATE_IP_ADDRESS}" \
    --region "${REGION}" \
    --security-group-ids "${SECURITY_GROUP_IDS}" \
    --subnet-id "${SUBNET_ID}" \
    --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]"

IAM

开管理员账号(这边是使用AWS内已经有的AdministratorAccess): 

aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}

生出access key,一个账号最多两把。其中的AccessKeyIdSecretAccessKey就是需要的设定,要注意SecretAccessKey之后不会再出现: 

aws iam create-access-key --user-name ${MY_AWS_USERNAME}

超过两把再呼叫会出现错误讯息: 

An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2

列出这个账号所有的access key(只会有AccessKeyId,不会有SecretAccessKey): 

aws iam list-access-keys --user-name ${MY_AWS_USERNAME}

S3

  • 建立一个S3 bucket,
  • 建立对应的使用者(IAM),
  • 挂上完整的权限,
  • 产生对应的key:
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full

如果是只能读取的话,这边列出比较常见的操作("s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"这段): 

BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly

外部链接

取自“https://wiki.gslin.org/index.php?title=Awscli&oldid=5527