awscli

来自Gea-Suan Lin's Wiki
Gslin留言 | 贡献2024年6月9日 (日) 15:10的版本 →‎常用指令

awscliAWS官方提供的Command Line Interface(CLI)软体。

安装

可以透过pipx安装,避免影响到目前环境内的套件: 

pipx install git+https://github.com/aws/aws-cli.git@v2

或是装v1: 

pipx install awscli

常用指令

EC2

未完成,还有可以改进的地方: 

IMAGE_ID= INSTANCE_TYPE=t4g.small PRIVATE_IP_ADDRESS=10.256.256.256 SECURITY_GROUPS= SUBNET_ID= aws ec2 run-instances --credit-specification standard --image-id "${IMAGE_ID}" --instance-type "${INSTANCE_TYPE}" --private-ip-address "${PRIVATE_IP_ADDRESS}" --security-groups "${SECURITY_GROUPS}" --subnet-id "${SUBNET_ID}"

IAM

开管理员帐号(这边是使用AWS内已经有的AdministratorAccess): 

aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}

生出access key,一个帐号最多两把。其中的AccessKeyIdSecretAccessKey就是需要的设定,要注意SecretAccessKey之后不会再出现: 

aws iam create-access-key --user-name ${MY_AWS_USERNAME}

超过两把再呼叫会出现错误讯息: 

An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2

列出这个帐号所有的access key(只会有AccessKeyId,不会有SecretAccessKey): 

aws iam list-access-keys --user-name ${MY_AWS_USERNAME}

S3

  • 建立一个S3 bucket,
  • 建立对应的使用者(IAM),
  • 挂上完整的权限,
  • 产生对应的key:
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full

如果是只能读取的话,这边列出比较常见的操作("s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"这段): 

BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly

外部连结

取自“https://wiki.gslin.org/index.php?title=Awscli&oldid=5513