AWS CLI Deep Dive — Decoding DevOps [06]

[Because the programmer loves CLI] The AWS Command Line Interface (AWS CLI) is a powerful tool for managing our AWS resources from the comfort of our terminal. This guide will walk us through the essential commands for various AWS services, empowering us to automate tasks and manage our infrastructure efficiently.

Working with AWS CLI

Part 1: Getting Started and Managing EC2 Instances

1. Setting Up Your Environment

• Prerequisites: Before you dive into AWS CLI commands, ensure you have an AWS account and an IAM user with the necessary permissions to manage the services you’ll be working with.
• Installing the AWS CLI: Install the AWS CLI on your machine using the following commands (for Linux):

sudo apt update
sudo apt install awscli -y

• Configuring AWS CLI: Use the aws configure command to provide your IAM credentials and specify your desired AWS region. You’ll be prompted for access key ID, secret access key, region, and output format.

aws configure

2. Working with EC2 Instances

2.1 Key Pairs

• Creating a Key Pair: Use the aws ec2 create-key-pair command to generate a key pair that you will use to securely connect to your EC2 instances.

aws ec2 create-key-pair --key-name <keypair-Name> --query 'KeyMaterial' --output text > <keypair-Name.pem>

• Deleting a Key Pair: Remove a key pair using the aws ec2 delete-key-pair command.

aws ec2 delete-key-pair --key-name <keypair-Name>

2.2 Security Groups

• Creating a Security Group: Define a security group to control inbound and outbound traffic for your EC2 instances using aws ec2 create-security-group.

aws ec2 create-security-group --group-name <security grp Name> --description "<Description>"

• Adding Inbound Rules: Allow specific traffic to your security group using aws ec2 authorize-security-group-ingress. You can specify protocols, ports, and source IP addresses.

aws ec2 authorize-security-group-ingress --group-id <security group Id> --protocol tcp --port <port Number> --cidr <ip address>

• Viewing Security Group Information: Retrieve details about a security group using aws ec2 describe-security-groups.

aws ec2 describe-security-groups --group-names <security grp Name>

• Deleting a Security Group: Remove a security group with aws ec2 delete-security-group.

aws ec2 delete-security-group --group-name <security grp Name>

2.3 Launching EC2 Instances

• Launching an Instance: Create a new EC2 instance using aws ec2 run-instances. You’ll need to provide the AMI ID, instance type, key pair name, and security group name.

aws ec2 run-instances --image-id <ami-Id> --count 1 --instance-type <type> --key-name <keypair-Name> --security-groups <security grp Name>

2.4 Managing EC2 Instances

• Adding Tags: Apply tags to your EC2 instance for organization and resource management.

aws ec2 create-tags --resources <Instance-Id> --tags Key=Name,Value=<value>

• Terminating an Instance: Remove an EC2 instance with aws ec2 terminate-instances.

aws ec2 terminate-instances --instance-ids <Instance-Id>

3. Working with Launch Templates

• Creating a Launch Template: Create a launch template to streamline the process of launching EC2 instances with consistent configurations.

aws ec2 create-launch-template --launch-template-name <Name>":[{"AssociatePublicIpAddress":true,"DeviceIndex":0,"Ipv6AddressCount":1,"SubnetId":"pe":"<Instance type","TagSpecifications":[{"ResourceType":"instance","Tags":[{"Key":"Name","Value":"<value>"}]}]}

• Deleting a Launch Template: Remove a launch template using aws ec2 delete-launch-template.

aws ec2 delete-launch-template --launch-template-id < template id>  --region <region>

4. Auto Scaling Groups

• Creating an Auto Scaling Group: Automate the scaling of your EC2 instances using aws autoscaling create-auto-scaling-group.

aws autoscaling create-auto-scaling-group --auto-scaling-group-name <Name>  --launch-LaunchTemplateId=<template – id > --min-size 2 --max-size 5 --vpc-zone-identifier "subnet1-id,subnet2-id,subnet3-id"

• Deleting an Auto Scaling Group: Remove an auto scaling group using aws autoscaling delete-auto-scaling-group.

aws autoscaling delete-auto-scaling-group --auto-scaling-group-name < Auto -Scaling group Name >

Part 2: Working with EBS, RDS, VPC and more

In Part 1, we covered the essentials for getting started and managing EC2 instances. Now, in Part 2, we’ll delve into the commands for working with key services like EBS volumes, Elastic Load Balancers (ELB), Relational Database Service (RDS), Simple Storage Service (S3), and Virtual Private Cloud (VPC).

5. Managing EBS Volumes

5.1 Creating EBS Volumes

• Creating a General Purpose SSD (gp2) Volume: Utilize aws ec2 create-volume to provision an empty gp2 volume.

aws ec2 create-volume --volume-type <volume type> --size <size in number> --availability-zone <zone>

• Creating an Encrypted Volume: Encrypt your EBS volume for enhanced security.

aws ec2 create-volume --volume-type <volume type> --size <size in number>  --encrypted --availability-zone <zone>

• Creating a Volume with Tags: Add tags to your EBS volume for organization.

aws ec2 create-tags --resources <volume-id> --tags Key=Name,Value=<value>

5.2 Deleting EBS Volumes

• Deleting a Volume: Remove an EBS volume using aws ec2 delete-volume.

aws ec2 delete-volume --volume-id <volume Id>

5.3 Working with Snapshots

• Creating a Snapshot: Create a snapshot of your EBS volume for backup or cloning using aws ec2 create-snapshot.

aws ec2 create-snapshot --volume-id <volume Id> --description "<Description>"

• Creating a Snapshot with Tags: Add tags to your snapshot for better organization.

aws ec2 create-snapshot --volume-id <volume Id> --description 'Prod backup' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=<value>},{Key=Database,Value=Mysql}]'

6. Elastic Load Balancers (ELB)

6.1 Creating Load Balancers

• Creating an Application Load Balancer: Use aws elbv2 create-load-balancer to create an Application Load Balancer (ALB) for distributing traffic across your EC2 instances.

aws elbv2 create-load-balancer --name <Load balancer Name>--type <type> --subnets <subnet-Id> <subnet-Id>

• Creating a Network Load Balancer: Provision a Network Load Balancer (NLB) with aws elbv2 create-load-balancer for Layer 4 load balancing.

aws elbv2 create-load-balancer --name <Load balancer Name>--type type --subnets <subnet-Id>

6.2 Managing Load Balancers

• Registering Instances with a Load Balancer: Associate your EC2 instances with a load balancer using aws elb register-instances-with-load-balancer.

aws elb register-instances-with-load-balancer --load-balancer-name <Load balancer Name> --instances <Instance-Id>

• Deleting a Load Balancer: Remove a load balancer with aws elbv2 delete-load-balancer.

aws elbv2 delete-load-balancer --load-balancer-arn <arn end point>

7. Relational Database Service (RDS)

7.1 Creating RDS Instances

• Creating a DB Instance: Create a new RDS instance for your database using aws rds create-db-instance.

aws rds create-db-instance --db-instance-identifier <db - Name> --db-instance-class <db.type> --engine <Database Engine>  --master-username <username> --master-user-password <password> --allocated-storage <storage in numbers>

7.2 Deleting RDS Instances

• Deleting a DB Instance: Remove an RDS instance with aws rds delete-db-instance.

aws rds delete-db-instance --db-instance-identifier <db - Name> --final-db-snapshot-identifier <db - Name>-final-snap

8. Simple Storage Service (S3)

8.1 Managing S3 Buckets and Objects

• Listing Buckets and Objects: View your S3 buckets, folders, or objects using aws s3 ls.

aws s3 ls
aws s3 ls s3://<bucket name>

• Creating a Bucket: Provision a new S3 bucket with aws s3 mb.

aws s3 mb s3:// <bucket name>

8.2 Working with S3 Objects

• Copying Objects: Copy objects between S3 buckets or from a local directory using aws s3 cp.

aws s3 cp sample.txt s3:// <bucket name>
aws s3 cp s3://<source bucket/file> s3://<destination-bucket>

• Moving Objects: Move objects between S3 buckets or from a local directory using aws s3 mv.

aws s3 mv <local file> s3:// <bucket name>
aws s3 mv s3:// <source bucket/file> s3://<destination-bucket>

• Syncing Objects: Synchronize objects between a local directory and an S3 bucket using aws s3 sync.

aws s3 sync . s3://<bucket name>

• Deleting Objects: Remove S3 objects using aws s3 rm.

aws s3 rm s3://<bucket name/file> --recursive

8.3 Managing S3 Buckets

• Emptying a Bucket: Remove all objects from a bucket with aws s3 rm.

aws s3 rm s3://<bucket name> --recursive

• Deleting a Bucket: Remove a bucket using aws s3 rb.

aws s3 rb s3://<bucket name>

9. Virtual Private Cloud (VPC)

9.1 Creating a VPC

• Creating a VPC and Subnets: Use the following commands to provision a VPC and subnets.

# Create VPC
aws ec2 create-vpc --cidr-block <Ip address> --query Vpc.VpcId --output text

# Create Subnet
aws ec2 create-subnet --vpc-id <vpc - Id>--cidr-block <Ip address>

9.2 Setting up Networking

• Creating an Internet Gateway: Provision an internet gateway with aws ec2 create-internet-gateway.

aws ec2 create-internet-gateway --query InternetGateway.InternetGatewayId --output text

• Attaching the Internet Gateway: Connect your internet gateway to your VPC using aws ec2 attach-internet-gateway.

aws ec2 attach-internet-gateway --vpc-id <vpc - Id>--internet-gateway-id <Igw - Id>

• Creating a Route Table: Create a route table for your VPC using aws ec2 create-route-table.

aws ec2 create-route-table --vpc-id <vpc - Id>--query RouteTable.RouteTableId --output text

• Creating a Route: Define a route in your route table to direct traffic using aws ec2 create-route.

aws ec2 create-route --route-table-id <route table - Id>--destination-cidr-block 0.0.0.0/0 --gateway-id <Igw - Id>

9.3 Associating Route Tables with Subnets

• Associating a Route Table with a Subnet: Connect your subnet to the route table using aws ec2 associate-route-table.

aws ec2 associate-route-table  --subnet-id <subnet-Id> --route-table-id <route table - Id>

9.4 Cleaning Up

• Deleting Subnets: Remove your subnets using aws ec2 delete-subnet.

aws ec2 delete-subnet --subnet-id <subnet-Id>

• Deleting a Route Table: Remove your route table using aws ec2 delete-route-table.

aws ec2 delete-route-table --route-table-id <route table - Id>

• Detaching the Internet Gateway: Disconnect your internet gateway from your VPC with aws ec2 detach-internet-gateway.

aws ec2 detach-internet-gateway --internet-gateway-id <Igw -Id> --vpc-id <vpc- Id>

• Deleting the Internet Gateway: Remove your internet gateway using aws ec2 delete-internet-gateway.

aws ec2 delete-internet-gateway --internet-gateway-id <Igw - Id>

• Deleting the VPC: Remove your VPC with aws ec2 delete-vpc.

aws ec2 delete-vpc --vpc-id <vpc- Id>

10. CloudWatch

10.1 Creating Alarms

• Creating an Alarm: Set up a CloudWatch alarm to monitor your AWS resources using aws cloudwatch put-metric-alarm.

aws cloudwatch put-metric-alarm --alarm-name <Alarm name> --alarm-description "<Description>" --metric-name <Metric> --namespace AWS/EC2 --statistic Average --period 300 --threshold <70> --comparison-operator <GreaterThanThreshold>  --dimensions "Name=InstanceId,Value=<Id>" --evaluation-periods 2 --alarm-actions <SNS – arn > --unit Percent

10.2 Managing Alarms

• Deleting an Alarm: Remove an alarm with aws cloudwatch delete-alarms.

aws cloudwatch delete-alarms --alarm-names <Alarm name>

• Disabling an Alarm: Disable an alarm using aws cloudwatch disable-alarm-actions.

aws cloudwatch disable-alarm-actions --alarm-names <Alarm name>

• Enabling an Alarm: Enable an alarm with aws cloudwatch enable-alarm-actions.

aws cloudwatch enable-alarm-actions --alarm-names <Alarm name>

Stay tuned for Part 3, where we’ll explore even more advanced AWS CLI commands, including working with IAM, Lambda, and other essential services!

Part 3: IAM, Lambda, and beyond!

11. Identity and Access Management (IAM)

IAM is crucial for securely controlling access to your AWS resources. Let’s explore its commands.

11.1 Managing IAM Users

• Creating a User: Use aws iam create-user to create a new IAM user.

aws iam create-user --user-name <user-name>

• Deleting a User: Remove an IAM user with aws iam delete-user.

aws iam delete-user --user-name <user-name>

• Listing Users: View your existing IAM users with aws iam list-users.

aws iam list-users

11.2 Managing IAM Access Keys

• Creating Access Keys: Generate access keys for an IAM user using aws iam create-access-key.

aws iam create-access-key --user-name <user-name>

• Deleting Access Keys: Remove access keys from an IAM user with aws iam delete-access-key.

aws iam delete-access-key --access-key-id <access-key-id> --user-name <user-name>

• Listing Access Keys: View access keys associated with an IAM user with aws iam list-access-keys.

aws iam list-access-keys --user-name <user-name>

11.3 Managing IAM Policies

• Creating a Policy: Define an IAM policy to grant specific permissions using aws iam create-policy.

aws iam create-policy --policy-name <policy-name> --policy-document file://<policy-document-file>

• Deleting a Policy: Remove an IAM policy with aws iam delete-policy.

aws iam delete-policy --policy-name <policy-name>

• Attaching a Policy: Associate a policy with an IAM user or role using aws iam attach-user-policy or aws iam attach-role-policy.

aws iam attach-user-policy --user-name <user-name> --policy-arn <policy-arn>
aws iam attach-role-policy --role-name <role-name> --policy-arn <policy-arn>

• Detaching a Policy: Remove a policy from an IAM user or role using aws iam detach-user-policy or aws iam detach-role-policy.

aws iam detach-user-policy --user-name <user-name> --policy-arn <policy-arn>
aws iam detach-role-policy --role-name <role-name> --policy-arn <policy-arn>

12. AWS Lambda

Lambda is a serverless compute service that lets you run code without provisioning or managing servers.

12.1 Managing Lambda Functions

• Creating a Lambda Function: Use aws lambda create-function to create a new Lambda function.

aws lambda create-function --function-name <function-name> --runtime <runtime> --handler <handler> --code S3Bucket=<bucket-name>,S3Key=<object-key> --role <role-arn>

• Deleting a Lambda Function: Remove a Lambda function with aws lambda delete-function.

aws lambda delete-function --function-name <function-name>

• Invoking a Lambda Function: Execute a Lambda function using aws lambda invoke.

aws lambda invoke --function-name <function-name> --payload file://<payload-file> --invocation-type RequestResponse --log-type Tail

12.2 Managing Lambda Layers

• Creating a Lambda Layer: Use aws lambda publish-layer-version to create a Lambda layer.

aws lambda publish-layer-version --layer-name <layer-name> --compatible-runtimes <runtime> --content S3Bucket=<bucket-name>,S3Key=<object-key>

• Deleting a Lambda Layer: Remove a Lambda layer with aws lambda delete-layer-version.

aws lambda delete-layer-version --layer-name <layer-name> --version-number <version-number>

13. Other Essential Services

Beyond IAM and Lambda, AWS offers many other services. Here are a few examples:

• Amazon SQS (Simple Queue Service):
• Sending Messages: Use aws sqs send-message to send messages to an SQS queue.
• Receiving Messages: Retrieve messages from an SQS queue with aws sqs receive-message.
• Amazon SNS (Simple Notification Service):
• Publishing Messages: Publish messages to an SNS topic with aws sns publish.
• Subscribing to Topics: Subscribe to an SNS topic using aws sns subscribe.
• Amazon DynamoDB:
• Creating a Table: Provision a DynamoDB table with aws dynamodb create-table.
• Putting Items: Add data to a DynamoDB table using aws dynamodb put-item.
• Getting Items: Retrieve data from a DynamoDB table using aws dynamodb get-item.

14. Advanced Techniques

• Using Profiles: Define multiple AWS CLI profiles for different IAM users or AWS accounts using the ~/.aws/credentials file.
• Using the AWS CLI for Scripting: Leverage the power of the AWS CLI for automating tasks and creating scripts.
• Using the AWS CLI with Third-Party Tools: Integrate the AWS CLI with tools like Terraform, CloudFormation, or Ansible for infrastructure management.