brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f56d5e18b007455b5f6dc72541a8b8f72ce1c1ff
oam/knowledge base/cloud computing/aws/cli.md
Michele Cereda 16d2affe05 feat(kb/awscli): integration with ssm
2024-02-19 21:26:23 +01:00

4.3 KiB
Raw Blame History

AWS CLI

Table of contents

  1. TL;DR
  2. Profiles
  3. Configuration
  4. Session Manager integration
  5. Further readings
    1. Sources

TL;DR

# Install the CLI.
brew install 'awscli'


# Configure profiles.
aws configure
aws configure --profile 'work'

# Use specific profiles for the rest of the shell session.
export AWS_PROFILE='work'


# Enable auto-prompt mode (like aws-shell).
aws configure set 'cli_auto_prompt' 'on-partial'
export AWS_CLI_AUTO_PROMPT='on'


# List all SageMaker EndpointConfigurations' names.
aws sagemaker list-endpoint-configs --output 'yaml-stream' | yq -r '.[].EndpointConfigs[].EndpointConfigName' -
aws sagemaker list-endpoint-configs --output 'yaml-stream' --query 'EndpointConfigs[].EndpointConfigName' | yq -r '.[].[]' -
aws sagemaker list-endpoint-configs --output 'json' --query 'EndpointConfigs[].EndpointConfigName' | jq -r '.[]' -

# Describe all SageMaker EndpointConfigurations.
aws sagemaker list-endpoint-configs … \
| xargs -n '1' aws sagemaker describe-endpoint-config --endpoint-config-name


# List secrets stored in Secret Manager.
aws secretsmanager list-secrets

# Get information about secrets stored in Secret Manager.
aws secretsmanager describe-secret --secret-id 'ecr-pullthroughcache/docker-hub'

# Get secrets from Secret Manager.
aws secretsmanager get-secret-value --secret-id 'ecr-pullthroughcache/github'


# Start sessions via Session Manager.
aws ssm start-session --target 'i-0123456789abcdef0'

Non listed subcommand:

Profiles

# Initialize the default profile.
# Not specifying a profile means to configure the default profile.
$ aws configure
AWS Access Key ID [None]: AKIA…
AWS Secret Access Key [None]: je7MtG…
Default region name [None]: us-east-1
Default output format [None]: text

# Initialize a specific profile.
$ aws configure --profile work
AWS Access Key ID [None]: AKIA…
AWS Secret Access Key [None]: LB88Mt…
Default region name [None]: us-west-1
Default output format [None]: json

# Use a specific profile for the rest of this session.
$ export AWS_PROFILE="work"

Configuration

File Description
~/.aws/config Configuration
~/.aws/credentials Credentials

See CLI config files for examples.

Session Manager integration

The instance's IAM role must have at least the required permissions to allow to login.
The bare minimum is for it to have the SSM Minimum role attached:

$ aws iam list-attached-role-policies --role-name 'whatevah'
AttachedPolicies:
  - PolicyName: SSMMinimum
    PolicyArn: arn:aws:iam::111122223333:policy/SSMMinimum

Install the Session Manager plugin:

# Install the signed package.
curl -O "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac_arm64/session-manager-plugin.pkg"
sudo installer -pkg 'session-manager-plugin.pkg' -target '/'

# Make the binary available to users.
# Pick one.
sudo ln -s '/usr/local/sessionmanagerplugin/bin/session-manager-plugin' '/usr/local/bin/session-manager-plugin'
ln -s '/usr/local/sessionmanagerplugin/bin/session-manager-plugin' "${HOME}/bin/session-manager-plugin"

# Verify it installed correctly.
session-manager-plugin

Then use it to get a session on the instance:

# Start sessions via Session Manager.
aws ssm start-session --target 'i-0123456789abcdef0'

Further readings

Sources