AWS CLI Tips & Tricks
Connect with EC2 Instance, Configure AWS CLI, Dry Run, Decode Error Message, MFA with CLI
Hitesh Sahu
Connect with EC2 Instance
Ip address is public IP of EC2 Instance
-
chmod 0400 Hassium.pem
-
ssh -i Hassium.pem ec2-user@52.59.11.125
ssh -i Hassium.pem ec2-user@3.120.129.217
Configure AWS
aws configure --profile <profile -name>
- Access key ID : AKIAVT5FVBM5GQHNK2SH
- Secret access key: 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
- Region: eu-central-1
- out format: text
Dry Run( --dry-run)
run command without changing any AWS resource to check permission to access resource
-
supported by set of CLI commands
aws ec2 run-instances help aws ec2 run-instances --dry-run
STS Decode Error Messages
decode error messages from AWS on CLI
-
STS DecodeMessage permission must be given to EC2 IAM Policy before requesting decode
aws sts decode-authorization-message --encoded-message <message to decode>
MFA with CLI
Fetch & Store temporary credentials from STS into a config profile to access AWS resources
aws sts get-session-token -- serial-number <ARN of registered MFA Device> -- token-code <Code on the device>
CLI Cheat Sheet
| CMD | Usage |
|---|---|
aws configure |
setup account with access key |
aws configure --profile profile -name |
setup account & store config as a profile |
aws iam list-users |
list users |
aws sts decode-authorization-message --encoded-message message to decode |
Decode error blob on CLI |
aws command --dry-run |
to check permission to run a command |
aws sts get-session-token -- serial-number ARN of registered MFA Device -- token-code Code on the device |
Get Temporary Access Token |