Getting started with AWS-CLI — Part-1 (Basic)

Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. It is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis.

Mainly, there are three ways by means of which we can access AWS services, viz, AWS Web console, AWS CLI(Command Line Interface), and Automations tools like Terraform. This article will be purely concentrated on how to access AWS services using the AWS-CLI(Command Line Interface).

In this article, we will learn how to launch the EC2 instance on the AWS cloud using the command line along with creating a new security group(firewall) and new KeyPair and storing that key pair to our local machine. Finally, we will create an EBS volume and attach it to the instance we had launched.

Pre-requisites:

To perform this practical, we will require an AWS-CLI program to be installed that will provide us the capability to access and use AWS services from the command line. For installing the AWS-CLI program, refer to this.

Check if the AWS-CLI is installed successfully using the following command.

$ aws --version

If we get the output as a version of the AWS-CLI program then we are good to go.

Note: If you want to get help to find the commands and options for AWS-CLI, the simple way to get that is to run `$ aws help` command and entire manual of the AWS-CLI will come infront of you.

$ aws help

Step 1: Configuring the AWS command

For configuring the AWS command, we will require the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. After that, run the following command and provide the AWS access key id and AWS secret access key to it. Specify the preferred region and output format and hit the enter.

$ aws configure

Step 2: Create a Security Group

Let’s start by creating a security group. The security group is similar to that of the firewall. It will determine who can go outside and who can come inside the instance(simply OS).

$ aws ec2 create-security-group --group-name SECURITY_GROUP_NAME --description DESCRIPTION

Replace the SECURITY_GROUP_NAME with the name you want to give to the security group and DESCRIPTION with the description of your security group.

The above command will create a security group. The — group-name option is used to name the security group as “mySecGrp1” and — description option is used to give a description of the security group. In this case, I had given the description as Demo but you can use this option to write some meaningful information about the security group for future reference.

The security group created has no rules by default.

This means that in this security group every service is by default denied. As we want to login to the instance(OS) to which this security group is attached, we have to create the ingress rule that will allow us to do so. To log in to the Linux OS we use SSH protocol, so let us add a rule to allow SSH from any IP address.

$ aws ec2 authorize-security-group-ingress --group-name mySecGrp1 --protocol tcp --port 22 --cidr 0.0.0.0/0

This command will add the ingress rule that will allow access to the port 22(SSH default port number) over TCP protocol from the IP from range 0.0.0.0/0(this means all IPs are allowed) from the security group named mySecGrp1.

Step 3: Create KeyPair and Save it to the local machine

To log in to the remote machine, we will require either a key pair or Username and password. As we are using the AWS-CLI program to access AWS services, we will use the private key to log in to the remote instance. For AWS, the extension of this private key should be .pem.

$ aws ec2 create-key-pair --key-name myDemoKey --output text > myDemoKey.pem

The create-key-pair command above will create the key pair and output the text to the command line. But we are taking this text output which is the private key and storing this output in the file named myDemoKey.pem file. This will be our private key file and in the future, we will use this key file to log in to the remote instances.

Step 4: Launch EC2 instance using the Security group and KeyPair we had created.

$ aws ec2 run-instances --image-id AMI_IMAGE_ID --instance-type INSTANCE_TYPE --count COUNT --subnet-id SUBNET_ID --security-group-ids SECURITY_GROUP_IDS --tag-specifications 'ResourceType=instance,Tags=[{Key=KEY,Value=VALUE}]' --key-name YOUR_KEY_NAME

Replace the AMI_IMAGE_ID, INSTANCE_TYPE, COUNT, SUBNET_ID, SECURITY_GROUP_IDS with AMI image ID, instance type, subnet id, and security group ids, respectively. To tag the instance, replace KEY and VALUE with the key and value you want, and finally, replace YOUR_KEY_NAME with the name of the key that we had created earlier.

You can check the launched instance by using the aws ec2 describe-instances command as follows:

Or simply go to the web console of the AWS and you will see an instance launched with the tag name you had given. In my case, the tag name is aws-cli.

Step 5: Create EBS volume

Now, we will create an EBS volume. This will serve as a external persistent storage. You can relate this storage with the Pendrive.

Command to create EBS volume:

$ aws ec2 create-volume --availability-zone ap-south-1a --volume-type gp2 --size 1 --tag-specifications 'ResourceType=volume,Tags=[{Key=Name,Value=pendrive}]'

The command above will create an EBS volume of the type gp2 in the ap-south-1a availability zone of the size 1GiB.

The volume that we had created is available but not attached to any instance. Let’s connect this volume to the instance that we had launched earlier.

Step 6: Attach the EBS volume to the instance

Using the following command we can attach the EBS volume to the EC2 instance.

$ aws ec2 attach-volume --device=DEVICE --instance-id=INSTANCE_ID --volume-id=VOLUME_ID

Replace the DEVICE, INSTANCE_ID, VOLUME_ID with the device name, instance id, and the volume id respectively.

Now, if we log in to the EC2 instance, we can see that the new device named /dev/xvdh had come up.

That it for this article!

For any help or suggestions connect with me on Twitter at @cankush625 or find me on LinkedIn.

Tech blogger, researcher and integrator