Smriti's blog

Day 42 - IAM Programmatic access and AWS CLI

Smriti Sharma's photo
Smriti Sharma
·

5 min read

Day 42 - IAM Programmatic access and AWS CLI

Table of contents

IAM Programmatic Access

Programmatic access in the context of AWS (Amazon Web Services) refers to the ability for software, applications, or scripts to interact with AWS services and resources using AWS Identity and Access Management (IAM) credentials. IAM is a service that allows you to control access to AWS resources securely.

When you enable programmatic access for an IAM user or role, you provide them with access keys (access key ID and secret access key) that they can use to make API requests to AWS services.

  1. Create an IAM User or Role: You start by creating an IAM user or role within your AWS account. IAM users represent individual people or applications, while roles are assumed by AWS services or other trusted entities.

  2. Assign Permissions: You then attach policies to the IAM user or role. These policies define what actions and resources the user or role can access. AWS provides pre-defined policies for common use cases, and you can also create custom policies.

  3. Generate Access Keys (for Users): If you are setting up programmatic access for an IAM user, you can generate access keys for that user. These access keys consist of an access key ID and a secret access key. The secret access key should be kept secure, as it's used to sign API requests.

  4. Access Configuration (for Roles): If you are setting up programmatic access for an IAM role, you define how and where the role can be assumed. For example, you might specify that an EC2 instance can assume the role when it starts.

  5. Use Access Keys or Assume Roles: Programmatic access can be established using either access keys (for users) or by assuming roles (for roles). Access keys are used directly in API requests, while roles can be assumed by AWS services, applications, or even other AWS accounts.

  6. Implement Security Best Practices: To maintain security, it's crucial to follow AWS security best practices, such as regularly rotating access keys, restricting permissions to the minimum necessary, and monitoring and auditing API activity.

AWS CLI

The AWS Command Line Interface (AWS CLI) is a command-line tool provided by Amazon Web Services (AWS) that allows users to interact with AWS services and manage their AWS resources from a terminal or command prompt. It provides a convenient and scriptable way to perform various AWS tasks, including:

  1. Resource Management: You can create, modify, and delete AWS resources such as EC2 instances, S3 buckets, RDS databases, and more.

  2. Configuration and Credentials: AWS CLI allows you to configure your AWS credentials, region settings, and other configuration options.

  3. Service Integration: It provides access to a wide range of AWS services, allowing you to interact with services like AWS Lambda, AWS CloudFormation, AWS IAM, AWS S3, and many others.

  4. Scripting and Automation: AWS CLI is often used in scripts and automation workflows, making it a valuable tool for DevOps and Infrastructure as Code (IaC) practices.

  5. Querying and Output Formatting: You can use AWS CLI to filter and format the output of AWS commands to suit your needs. It supports various output formats, including JSON, text, and table.

  6. Access to AWS APIs: AWS CLI interacts with AWS services via AWS APIs, so it provides a programmatic way to work with AWS without using the AWS Management Console.

To get started with AWS CLI, you'll need to install it on your local machine and configure it with your AWS access keys and preferred region. Here are the basic steps to set up AWS CLI:

  1. Install AWS CLI: You can download and install AWS CLI on various operating systems, including Windows, macOS, and Linux. Installation instructions can be found on the AWS documentation.

  2. Configure AWS CLI: After installation, you'll need to run the aws configure command to set up your AWS credentials (access key ID and secret access key), default region, and output format.

  3. Start Using AWS CLI: Once configured, you can start using AWS CLI commands to manage your AWS resources and interact with AWS services. For example, you can use aws ec2 describe-instances to list EC2 instances in your AWS account.

Tasks

Task 1: Create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console.

Step 1: Login to AWS Console.

Step 2: On the right top corner, Click on your profile name > Select Security Credentials.

Step 3: You will see the below page.

Step 4: Scroll down to Access Keys > Select Create Access Key.

Step 5: Click on I understand checkbox.

Step 6: Click on "Create Access Key".

Step 7: Make sure you download the access key file and store it securely with you.

Task 2 : Setup and install AWS CLI and configure your account credentials

Here is the official documentation for installing AWS CLI in different OS.

Step 1: Login to AWS Console. Connect to the instance.

Step 2: Install AWS CLI in your Linux machine using the below steps

sudo apt-get update


sudo apt install unzip


curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"


unzip awscliv2.zip


sudo ./aws/install

Step 3: To check the version & installation, try running the commands:

aws --version

Step 4: Configure your account credentials by using the below: -

  1. Pass the Access Key ID

  2. Pass the Secret Access Key

  3. Give the Region Name

  4. Default output format you need through the terminal : json

Don’t worry, by the time you read this blog I would have deleted these access keys, so I am safe.😎😝

Step 5: Let’s check if the AWS CLI is working or not. To check the S3 bucket details:

aws ec2 describe-instances

Like this, we can use more of AWS CLI.

Conclusion

In conclusion, Programmatic access allows automated interaction with AWS services, enabling the use of APIs and scripts to manage resources.

The AWS CLI, a command-line tool, facilitates efficient and flexible interaction with AWS services through commands.

In this blog we have seen to create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console and how to Setup and install AWS CLI and configure your account credentials.

Hope you find it helpful🤞 So I encourage you to try this on your own and let me know in the comment section👇 about your learning experience.✨

👆The information presented above is based on my interpretation. Suggestions are always welcome.😊

~Smriti Sharma✌

DevopsTrainWithShubham#shubhamLondheaws cliIAM,MFA,Access key ID,Secret access keyAWS#90daysofdevops