Problem:
Need to configure access key Id and secret access key from AWS Command Line Inside an EC2 instance.
Solution Summary:
Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab to configure access key Id and secret access key.
Prerequisites:
Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab. You may have to install it manually in other AMIs. You can install AWS command line in our personal devices as Windows, Mac etc.
Solution Steps:
-
Create a new EC2 instance: Select Amazon Linux AMI, t2 micro, leave IAM role as none, tag as (Key: Name, Value:DemoEC2-NoRoles), use existing web dmz security group (or create one if needed), use existing EC2 key-pair(or create one if needed).
-
Got to IAM dashboard:
-
Got to users and Create a new user: Give any name (e.g. BuddyEC2User), download credentials.
-
Go to groups and create a new group: Give any name (e.g. BuddyS3Group), Attach following policies: AmazonS3FullAccess.
-
Go inside the group and add the user we had created to the group.
-
-
Connect to the EC2 instance through ssh and elevate privileges: sudo su
-
Run following aws command line command: aws S3 ls
-
You should get an error unable to locate credentials.
-
-
Run: aws configure
-
Provide access key id and secret access key (downloaded when we created new user), default region name (may refer to http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region), default output format as empty (just press enter).
-
-
Run again: aws s3 ls
-
It should list your S3 buckets.
-
-
Try running: aws s3 help
-
It should give a good description of this command with all available options.
-
Note that ‘s’ in s3 is small.
-
-
Verify the config location:
-
Run: cd ~
-
Run: cd .aws
-
Run: ls
-
Should see two folders: config, credentials.
-
-
Run: nano credentials
-
Should see access key and secret access keys.
-
-
-
Remove the EC2 instance.
-
Remove the user(s) created.
Exam Tip
-
The command ‘aws s3 ls’ will list buckets from all regions, irrespective of the configured default region, as s3 bucket namespaces are global.
-
It may not be safe to store the credentials within your EC2 instance (see step 8). This can be avoided by using roles.
Recent comments