How to configure IAM user on your Linux machine to manage AWS accounts?
Planning to manage your AWS services from your Linux machine?
How to do that? Here you can manage your AWS services like EC2 instances, S3 buckets etc from your local machine by configuring your awscli with AWS IAM user with proper privileges.
Prerequisite – IAM user/s with proper privileges to manage the service which you want to manage from your machine.
After creating the IAM user with correct privilege, you can configure the awscli on your machine with that IAM user and simply manage services without logging into the AWS console.
How to configure IAM user on awscli?
You can simply configure awscli with IAM user privilege by executing the following command:
How to install AWS command line interface (awscli) on Linux?
Yeah, this should help you to manage many things from your Linux server or local machine. AWS supports command line interface tool. It’s package name is awscli. The package awscli is available in commonly using package manager like YUM, APT, APT-GET etc..
However, it’s not recommended to install using YUM or APT, because it is not guaranteed to be the latest version unless you get it from pip. Read more…
The above command prompt for four questions. AWS Access Key ID of that IAM user, AWS Secret Access Key of IAM user, Default region name and Default output format. See the sample output pasted below:
$ aws configure AWS Access Key ID [None]: AKIADFDGFGFGFGFGFGAMPLE AWS Secret Access Key [None]: DiCYEXAMPLEKEYFDFDFDFDFDFDF/FDFDFD Default region name [None]: us-west-2 Default output format [None]: json
The first two part is mandatory. You can find those details from AWS IAM user section. Steps are pasted below:
1. Open the IAM console.
2. In the navigation pane of the console, choose Users.
3. Choose your IAM user name.
4. Choose the Security credentials tab and then choose Create access key.
5. To see the new access key, choose Show. Your credentials will look something like this:
Access key ID: AKIADFDGFGFGFGFGFGAMPLE
Secret access key: DiCYEXAMPLEKEYFDFDFDFDFDFDF/FDFDFD
Is it possible to configure multiple IAM user on a single Linux machine?
Yeah, it’s possible. You can configure multiple IAM user on one single Linux machine.
How to configure multiple IAM user on single Linux machine?
This can be done by executing the same command “aws configure” with –profile option. You can configure many IAM users using the same command. Please see the sample pasted below:
aws configure --profile user2 AWS Access Key ID [None]: AKIADDDDDFFFFXAMPLE AWS Secret Access Key [None]: je7MSDSDSDS/2Zp9Utk/h3yCo8DMPLEKSDSDEY Default region name [None]: us-east-1 Default output format [None]: text
aws configure --profile user3 AWS Access Key ID [None]: AKDFGEWCDDFFFDGTRE AWS Secret Access Key [None]: je7MSDFDFGFGDSDS/2FGFGFGtk/h3yCFGFGFGKSDSDEY Default region name [None]: us-east-1 Default output format [None]: json
How to use different IAM user profile with awscli command?
The same option –profile can use along with awscli command to manage different AWS services. Please see the example pasted below:
aws s3 ls test1 test2 test3
aws s3 ls --profile user2 test4 test5 test6
The first command use the IAM profile one and list all the S3 buckets associated with that IAM user and the second command lists buckets of second IAM user.
Note: We consider those IAM users have permission to access S3 buckets of different AWS accounts.
How to check all the IAM user configured on your machine?
When you configure an IAM user on your machine, the details will be stored in the following location:
[root@ip-172-31-53-249 .aws]# ll total 8 -rw------- 1 root root 90 Feb 14 11:34 config -rw------- 1 root root 344 Feb 14 11:34 credentials
[root@ip-14-4-44 .aws]# cat config [default] region = ap-southeast-1 [profile user2] region = ap-southeast-1 [profile user3]
[root@ip-172-31-53-249 .aws]# cat credentials [default] aws_access_key_id = AKI1111111RSLOA aws_secret_access_key = Lf9IJW11111111111KToLTJKToPl [user2] aws_access_key_id = AKIA2222222RSLOA aws_secret_access_key = Lf9IJW+22222222222oLTJKToPl [user3] aws_access_key_id = AKIAI33333333DZBA aws_secret_access_key = FDVawY33333333333M17mvQ2HeX
The file credentials stores Access key and Secret key.
Try this and explore aws command line interface.