「Awscli」:修訂間差異
| 第23行: | 第23行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
IMAGE_ID= INSTANCE_TYPE=t4g.small KEY_NAME= PRIVATE_IP_ADDRESS=10. | AWS_PROFILE=default IMAGE_ID=ami-xxxxxxxxxxxxxxxxx INSTANCE_TYPE=t4g.small KEY_NAME=key-ed25519 NAME=test-100 PRIVATE_IP_ADDRESS=10.1.0.100 SECURITY_GROUP_IDS=sg-xxxxxxxxxxxxxxxxx SUBNET_ID=subnet-xxxxxxxxxxxxxxxxx \ | ||
aws ec2 run-instances \ | bash -c 'aws ec2 run-instances \ | ||
--credit-specification standard \ | --block-device-mappings "DeviceName=/dev/sda1,Ebs={VolumeType=gp3}" \ | ||
--credit-specification CpuCredits=standard \ | |||
--image-id "${IMAGE_ID}" \ | --image-id "${IMAGE_ID}" \ | ||
--instance-type "${INSTANCE_TYPE}" \ | --instance-type "${INSTANCE_TYPE}" \ | ||
--key-name "${KEY_NAME}" \ | --key-name "${KEY_NAME}" \ | ||
--network-interfaces "AssociatePublicIpAddress=true,DeviceIndex=0" \ | |||
--private-ip-address "${PRIVATE_IP_ADDRESS}" \ | --private-ip-address "${PRIVATE_IP_ADDRESS}" \ | ||
--security- | --security-group-ids "${SECURITY_GROUP_IDS}" \ | ||
--subnet-id "${SUBNET_ID}" | --subnet-id "${SUBNET_ID}" \ | ||
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]"' | |||
</syntaxhighlight> | </syntaxhighlight> | ||
於 2024年6月10日 (一) 11:07 的修訂
awscli是AWS官方提供的Command Line Interface(CLI)軟體。
安裝
可以透過pipx安裝,避免影響到目前環境內的套件:
pipx install git+https://github.com/aws/aws-cli.git@v2
或是裝v1:
pipx install awscli
常用指令
EC2
未完成,還有可以改進的地方:
AWS_PROFILE=default IMAGE_ID=ami-xxxxxxxxxxxxxxxxx INSTANCE_TYPE=t4g.small KEY_NAME=key-ed25519 NAME=test-100 PRIVATE_IP_ADDRESS=10.1.0.100 SECURITY_GROUP_IDS=sg-xxxxxxxxxxxxxxxxx SUBNET_ID=subnet-xxxxxxxxxxxxxxxxx \
bash -c 'aws ec2 run-instances \
--block-device-mappings "DeviceName=/dev/sda1,Ebs={VolumeType=gp3}" \
--credit-specification CpuCredits=standard \
--image-id "${IMAGE_ID}" \
--instance-type "${INSTANCE_TYPE}" \
--key-name "${KEY_NAME}" \
--network-interfaces "AssociatePublicIpAddress=true,DeviceIndex=0" \
--private-ip-address "${PRIVATE_IP_ADDRESS}" \
--security-group-ids "${SECURITY_GROUP_IDS}" \
--subnet-id "${SUBNET_ID}" \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]"'
IAM
開管理員帳號(這邊是使用AWS內已經有的AdministratorAccess):
aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}
生出access key,一個帳號最多兩把。其中的AccessKeyId與SecretAccessKey就是需要的設定,要注意SecretAccessKey之後不會再出現:
aws iam create-access-key --user-name ${MY_AWS_USERNAME}
超過兩把再呼叫會出現錯誤訊息:
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2
列出這個帳號所有的access key(只會有AccessKeyId,不會有SecretAccessKey):
aws iam list-access-keys --user-name ${MY_AWS_USERNAME}
S3
- 建立一個S3 bucket,
- 建立對應的使用者(IAM),
- 掛上完整的權限,
- 產生對應的key:
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full
如果是只能讀取的話,這邊列出比較常見的操作("s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"這段):
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly