AWS provides a comprehensive CLI that provides access to every service they offer. You can use this on remote machines to give them access to certain features of your account, or on your PC to help manage your infrastructure.
Installing Python and pip
The AWS CLI runs on Python, so you will need it installed together with the associated package manager, pip. There is a version for Python 2.6.5 and above and a separate version for Python 3.3 and above. You will probably want to install Python 3:
. If you don't have it, you can download or install the latest release for Windows from your package manager on Linux:
sudo apt install python3.7
On macOS, Python 3 is available via brew.
pip is probably installed alongside Python, but if not, you can download the install script:
curl https: / /bootstrap.pypa.io/get-pip.py -o get-pip.py python3 get-pip.py
Install the AWS CLI from pip
Once Python is installed you can download and install the AWS CLI from pip3:
pip3 install awscli --upgrade --user
Verify the installation was successful with:
If the command does not work, you may need to add the directory where Python is to your PATH:
ls -al $ (which python3)  Configure the AWS CLI with an IAM user
IAM users are the best way to manage account access in AWS. Instead of using your root account access key (which is dangerous, especially on remote servers), instead create a new "user account" with the rights to do the work it needs. For example, if you have a server that needs to upload content to S3, there is no reason to allow it to start new EC2 instances, so you would create a separate IAM user for that.
If You Just Install the AWS CLI on your PC, it's okay to give the IAM user full administrative access like you would anyway. AWS actually recommends using your root account for everything. However, keep in mind that if you have enabled two-factor authentication for your AWS account, anyone with your administrator IAM access key can bypass your keyfob. But these keys are locked on your PC, so it's not a big deal as long as you keep them safe.
Go to the IAM Management Console and click on the "Users" tab. From here, add a new user to use the CLI:
Give it a name and make sure you set the access type to "Programmatic Access" which gives you the access key ID and secret access key that the CLI needs to function.
Click Next and you will be asked to define the permissions for your IAM user. It is best to manage permissions with groups, so create a new group called "Administrator" and add the "Administrator Access" policy as permission:
 If you are setting If you are setting up the AWS CLI on a remote computer, instead you want to manually enable the permissions that program needs to perform its task. AWS offers a comprehensive list of permissions that govern access to each service, and you can create your own permissions that can be much more specific.
You will then be asked for tags. These are used to organize IAM users in larger organizations; you can skip this step or just write "admin" in one of them.
Click through to create your user and you will be brought to this screen with your access key ID and secret access key:
You can download it as a
.csvfile for safekeeping, but keep the tab open so you can configure the CLI with this key.  RELATED: Working with JSON on the Command Line
Link the CLI to Your Account
Once your access key is ready, run the following command:aws configure
You are asked for your access key ID and secret access key; paste it in.
You will also be asked for your default region name here - you will definitely want to set it here to avoid headaches with any command requesting a flag
region. Please note that your region contains only the location and one number (eg "
us-east-2") and no trailing letter in the availability zone ID (eg "
us- east- 2c"). Commands will fail if set incorrectly, but you can always run
aws configureagain to reset it in the future.
Once your account is linked, you are done and ready to use the AWS CLI Check that it is mounted correctly by listing your EC2 instances:aws describe ec2 instances
This should be a JSON array with a list of all the EC2 instances you use. The AWS CLI runs a lot JSON, so now would be a good time to install
jqand learn work with JSON on the command line.