配置 aws cli
How to get exactly the account and environment information you need to manage your AWS account using just the AWS CLI
如何仅使用AWS CLI准确获取管理AWS账户所需的账户和环境信息
Installing the AWS CLI is actually quite simple. The best way to get it done is to head over to the AWS installation guide and follow instructions for your OS.
实际上,安装AWS CLI非常简单。 最好的方法是转到AWS安装指南并按照您的操作系统的说明进行操作。
Right now they're pushing us towards version 2 of the CLI and I haven't seen any reason not to go along. I'm working with Linux so that's where I'd head next.
目前,他们正在将我们推向CLI的第二版,而且我还没有任何不接受的理由。 我正在使用Linux,所以接下来是我要去的地方。
To get it done, I'll paste the curl command from the Amazon page into my Linux shell that'll download the package and write it to a local zip file, which I'll then unzip. That'll create a new directory called aws that'll contain a install script, which I can run using sudo to get admin privileges. I'll run aws --version to confirm everything worked as it was supposed to.
为此,我将从Amazon页面粘贴curl命令到Linux外壳程序中,该外壳程序将下载该程序包并将其写入本地zip文件,然后将其解压缩。 这将创建一个名为aws的新目录,其中将包含一个安装脚本,我可以使用sudo运行该脚本以获取管理员权限。 我将运行aws --version来确认一切均按预期进行。
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
ls aws
sudo ./aws/install
aws --versionThe next step will require one quick trip to the management console. You see, to authenticate the CLI to your account you'll need a valid access key. Now, the CLI has a "create-access-key" command that'll generate a new key, but that's only possible once I've authenticated. I'm sure you understand the problem with that.
下一步将需要快速访问管理控制台。 您会看到,要通过CLI对您的帐户进行身份验证,您将需要一个有效的访问密钥。 现在,CLI具有一个“ create-access-key”命令,该命令将生成一个新密钥,但是只有在我通过身份验证后才可能。 我敢肯定,您了解问题所在。
You access the security credentials page from the drop-down account menu at the top of any page on the console. With your credentials in hand, you can run "aws configure." You'll be prompted to enter your access key ID and the secret key itself. If you like you can then choose a default AWS region and output format. The format won't be an issue so I'll leave it as default.
您可以从控制台任何页面顶部的下拉帐户菜单访问安全凭证页面。 有了凭据,您就可以运行“ aws configure”。 系统将提示您输入访问密钥ID和密钥本身。 如果愿意,可以选择默认的AWS区域和输出格式。 格式不会成为问题,因此我将其保留为默认格式。
aws configureThat's it. Just to confirm it all worked, I'll list all the S3 buckets in my account. With that, we'll all set to get down to work in the next clip.
而已。 为了确认一切正常,我将在帐户中列出所有S3存储桶。 这样,我们所有人都将开始在下一个剪辑中工作。
aws s3 lsYou may already know that Amazon's CloudFormation service exists to let you manage your application infrastructure by organising it into stacks of your AWS account resources.
您可能已经知道Amazon的CloudFormation服务已经存在,可以通过将其组织到AWS账户资源的堆栈中来管理应用程序基础架构。
The CloudFormation templates that define those stacks can be shared, edited, and launched anywhere, giving you predictable and reliable cloud application environments wherever and whenever you need them.
定义这些堆栈的CloudFormation模板可以在任何地方共享,编辑和启动,从而在需要它们的地方随时随地为您提供可预测和可靠的云应用程序环境。
You may also know that you can mange your CloudFormation stacks both through the AWS Management Console and, as I discuss in my new Pluralsight course, Create and Manage Stacks with AWS CloudFormation Using the Command Line Interface, using the AWS CLI.
您可能还知道,您既可以通过AWS管理控制台管理CloudFormation堆栈,也可以像我在新的Pluralsight课程中讨论的那样,使用AWS CLI 使用命令行界面通过AWS CloudFormation创建和管理堆栈 。
If you do choose to go with the AWS CLI – something I highly recommend – you'll need a way to gather key information about other account resources. But how you're expected to get that information through the CLI might, at first, not appear so obvious.
如果您确实选择使用AWS CLI(我强烈建议您这样做),则需要一种方法来收集有关其他账户资源的关键信息。 但是,起初,您期望如何通过CLI获取该信息似乎不太明显。
To show you what I mean, let's experiment with a more complex stack using a template that comes from the AWS documentation samples.
为了说明您的意思,让我们使用来自AWS文档样本的模板尝试更复杂的堆栈。
The Application Frameworks template set includes a template for auto scaled Linux servers that will come pre-provisioned with the Apache web server and the PHP scripting language, and a connection to a Multi-AZ RDS database instance running the MySQL database engine.
Application Frameworks模板集包括一个用于自动扩展Linux服务器的模板,该模板将随Apache Web服务器和PHP脚本语言预先配置,并连接到运行MySQL数据库引擎的Multi-AZ RDS数据库实例。
You can click View from that AWS documentation page and take a look at the template itself. There you'll see Parameters sections defining the VPC and subnets into which your instance will launch and the MySQL database name, user, and password.
您可以从该AWS文档页面单击查看,然后查看模板本身。 在这里,您会看到“参数”部分,这些部分定义了实例将启动到的VPC和子网以及MySQL数据库名称,用户和密码。
It's critical that all the right services know those details because, otherwise, they won't be able to talk to each other. We'll have to figure out a way to add those values. To get things going, you can simply click to view the template (which you can see here), and copy the contents, pasting it into a new JSON file on your local machine.
所有正确的服务都必须了解这些详细信息,这很关键,因为否则它们将无法相互通信。 我们必须找出一种添加这些值的方法。 为了使事情顺利进行,您只需单击以查看模板( 可以在此处看到 ),然后复制内容,并将其粘贴到本地计算机上的新JSON文件中。
You use the CLI to fire up a Cloudformation stack using the create-stack command. The command, however, takes a few arguments to pass important information. This minimal example shows you how to point CloudFormation to your JSON template file, a name to assign to your stack, and a valid SSH key so I'll be able to log into the instance it creates.
您可以使用CLI使用create-stack命令启动Cloudformation堆栈。 但是,该命令需要一些参数来传递重要信息。 这个最小的示例向您展示如何将CloudFormation指向您的JSON模板文件,一个要分配给您的堆栈的名称以及一个有效的SSH密钥,这样我就可以登录到它创建的实例。
aws cloudformation create-stack \--template-body file://lamp-as.json \--stack-name lamp \--parameters \ParameterKey=KeyName,ParameterValue=mykeyThe problem is that, if you were to run that command against the template in your JSON document, it would fail. That's because, as you'll no doubt remember from looking through the template, there are some extra parameters that need satisfying. Specifically, we'll need references to a VPC and to two subnets - and because this is a multi-availability-zone deployment, they'll need to be in different zones.
问题是,如果要对JSON文档中的模板运行该命令,它将失败。 这是因为,毫无疑问,从浏览模板的过程中,您还需要了解一些额外的参数。 具体来说,我们需要引用一个VPC和两个子网-由于这是一个多可用性区域部署,因此它们需要位于不同的区域中。
How will that work? It's the AWS CLI to the rescue. Need a VPC ID? Keeping in mind that VPCs are EC2 objects, you can run aws ec2 describe-vpcs and all the data you'll need - including the VPC ID - will magically appear. And subnets? Well more of the same, obviously. Just copy subnet IDs for any two of the subnets that will appear and you're in business.
那将如何工作? 这是要解救的AWS CLI。 需要一个VPC ID? 请记住,VPC是EC2对象,可以运行aws ec2 describe-vpcs,所有需要的数据-包括VPC ID-都会神奇地出现。 和子网? 显然,更多的相同。 只需复制将出现的任何两个子网的子网ID,即可开展业务。
aws ec2 describe-vpcs
aws ec2 describe-subnetsNow let's put all that information together into our new version of the create-stack command. You'll need to be careful with this as there are some nasty gotchas in the syntax.
现在,让我们将所有这些信息放到新版本的create-stack命令中。 您需要注意这一点,因为语法中有些讨厌的地方。
aws cloudformation create-stack \--template-body file://lamp-as.json \--stack-name lamp-as \--parameters \ParameterKey=KeyName,ParameterValue=mykey \ParameterKey=VpcId,ParameterValue=vpc-1ffbc964 \ParameterKey=Subnets,ParameterValue=\'subnet-0e170b31,subnet-52d6117c\' \ParameterKey=DBUser,ParameterValue=myadmin \ParameterKey=DBPassword,ParameterValue=mypass23The first new parameter is VPC-ID. But make sure you get the case right: using an uppercase D in Id will cause the whole thing to fail. I don't know why they make things so difficult to live with, but that's what we've got.
第一个新参数是VPC-ID。 但是,请确保您理解的正确:在ID中使用大写D会导致整个操作失败。 我不知道为什么他们让生活变得如此困难,但这就是我们所拥有的。
The next one is even more delicate. Since we need two subnets, we'll need to enter them on a single line separated by a comma - but no space. However, we'll also need to enclose the string within single apostrophes. But the CLI can't read apostrophes just like that, so we'll need to escape them using backslashes. Got that?
下一个更加精致。 由于我们需要两个子网,因此需要在由逗号分隔的一行中输入它们-但不能有空格。 但是,我们还需要将字符串括在单撇号内。 但是CLI不能像这样读取撇号,因此我们需要使用反斜杠对其进行转义。 了解?
I'll also add those two database parameters: DBUser and my ultra secret, super cryptic DBPassword. Will it work? You betcha. But don't tell anyone how many times I had to try this without you watching before I got it right. Remember: failure is your friend.
我还将添加这两个数据库参数:DBUser和我的超级秘密,超级神秘的DBPassword。 能行吗 完全正确。 但是,请不要告诉任何人在我理解正确之前我必须尝试几次却没有您的注意。 记住:失败是你的朋友。
When our stack is good and launched (which could take as long as half an hour), running describe-stacks will give us our website URL.
当我们的堆栈良好并启动时(可能需要半小时的时间),运行describe-stacks将为我们提供网站URL。
aws cloudformation describe-stacksBut that's not the whole story. I'm going to use another aws ec2 command - describe-instances this time - to get some information about the EC2 instances that were launched as part of this stack. This one will filter results, restricting output to only those instances that are currently running.
但这还不是全部。 我将使用另一个aws ec2命令-这次是describe-instances-获取有关作为该堆栈的一部分启动的EC2实例的一些信息。 这将过滤结果,将输出限制为仅当前正在运行的那些实例。
aws ec2 describe-instances \--filters Name=instance-state-name,Values=running \--query 'Reservations[*].Instances[*].{Instance:InstanceId,PublicIPAddress:PublicIpAddress}'I happen to have no other instances running in this region, so only the CloudFormation instances will show up. Now I use --query to further filter the output to give me only the Instance IDs and public IP addresses of those instances. There are, as you would expect, exactly two running.
我碰巧在该区域中没有其他实例在运行,因此只会显示CloudFormation实例。 现在,我使用--query进一步过滤输出,以仅为我提供这些实例的实例ID和公共IP地址。 如您所料,有两个正在运行。
Just a taste - and most of it related specifically to CloudFormation - but I think you get the idea of how information gathering works using the AWS CLI.
只是一种尝试-大多数都与CloudFormation有关-但是我认为您已经了解了如何使用AWS CLI进行信息收集。
There's much more administration goodness in the form of books, courses, and articles available at my bootstrap-it.com.
我的bootstrap-it.com上提供了书籍,课程和文章形式的管理优势。
翻译自: https://www.freecodecamp.org/news/aws-cli-tutorial-install-configure-understand-resource-environment/
配置 aws cli
