WIXLIB

AWS Command Line InterfaceUser Guide for Version 2

AWS Command Line Interface User Guide for Version 2AWS Command Line Interface: User Guide for Version 2Copyright Amazon Web Services, Inc. and/or its affiliates. All rights reserved.Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.

AWS Command Line Interface User Guide for Version 2Table of Contents. viiAbout the AWS CLI . 1About AWS CLI version 2 . 1Maintenance and support for SDK major versions . 2About Amazon Web Services . 2Using the examples . 2Additional documentation and resources . 3AWS CLI documentation and resources . 3Other AWS SDKs . 3Getting started . 4Prerequisites . 4Step 1: Sign up to AWS . 4Step 2: Create an IAM user account . 4Step 3: Create an access key ID and secret access key . 5Next steps . 6Install/Update . 6Troubleshooting AWS CLI install and uninstall errors . 14Next steps . 15Past releases . 15Troubleshooting AWS CLI install and uninstall errors . 24Next steps . 24Docker . 24Prerequisites . 25Run the official Docker image . 25Notes on interfaces and backwards compatibility of Docker image . 26Use specific versions and tags . 26Update to the latest Docker image . 26Share host files, credentials, environment variables, and configuration . 27Shorten the Docker command . 29Quick setup . 30New configuration quick setup . 30Using existing configuration and credentials files . 31Configuring the AWS CLI . 32Configuration basics . 32Quick configuration with aws configure . 33Access key ID and secret access key . 33Region . 34Output format . 35Profiles . 35Configuration settings and precedence . 35Configuration and credential file settings . 36Where are configuration settings stored? . 36Set and view configuration settings . 37Supported config file settings . 39Named profiles . 48Creating named profiles . 48Using named profiles . 49AWS Single Sign-On . 50Configuring a named profile to use AWS SSO . 50Using an AWS SSO enabled named profile . 53Environment Variables . 55How to set environment variables . 55AWS CLI supported environment variables . 56Command line options . 60iii

AWS Command Line Interface User Guide for Version 2How to use command line options . 60AWS CLI supported global command line options . 61Common uses of command line options . 63Command completion . 64How it works . 64Configuring command completion on Linux or macOS . 65Configuring command completion on Windows . 67Retries . 68Available retry modes . 68Configuring a retry mode . 70Viewing logs of retry attempts . 71External credentials . 71Using credentials for Amazon EC2 instance metadata . 73Prerequisites . 73Configuring a profile for Amazon EC2 metadata . 73Using an HTTP proxy . 74Using the examples . 74Authenticating to a proxy . 75Using a proxy on Amazon EC2 instances . 75Using IAM roles . 76Prerequisites . 76Overview of using IAM roles . 76Configuring and using a role . 77Using MFA . 78Cross-account roles and external ID . 79Specifying a role session name for easier auditing . 80Assume role with web identity . 80Clearing cached credentials . 81Using the AWS CLI . 82Getting Help . 82The built-in AWS CLI help command . 82AWS CLI reference guide . 86API documentation . 86Additional help . 86Command Structure . 86Command structure . 87Wait commands . 87Specifying Parameter Values . 88Common Parameter Types . 89Quotes with Strings . 92Parameters from Files . 94Generating a CLI Skeleton Template . 96Shorthand Syntax . 104Auto-prompt . 105How it works . 106Auto-prompt features . 106Auto-prompt modes . 108Configure auto-prompt . 108Controlling Command Output . 109Output Format . 109Pagination . 115Filtering . 119Return Codes . 135Wizards . 136How it works . 136Aliases . 137Prerequisites . 137iv

AWS Command Line Interface User Guide for Version 2Step 1: Creating the alias file . 138Step 2: Creating an alias . 138Step 3: Calling an alias . 140Alias repository examples . 141Resources . 142Using the AWS CLI with AWS Services . 143DynamoDB . 143Prerequisites . 143Creating and using DynamoDB tables . 144Using DynamoDB Local . 145Resources . 145Amazon EC2 . 146Amazon EC2 Key Pairs . 146Amazon EC2 Security Groups . 148EC2 Instances . 153Change EC2 type using bash scripting . 159S3 Glacier . 161Prerequisites . 162Create an Amazon S3 Glacier vault . 162Prepare a file for uploading . 162Initiate a multipart upload and upload files . 163Complete the upload . 164Resources . 165IAM . 166Creating IAM users and groups . 166Attaching an IAM managed policy to an IAM user . 167Setting an initial password for an IAM user . 168Create an access key for an IAM user . 168Amazon S3 . 169High-level (s3) commands . 169API-level (s3 api) commands . 178Bucket lifecycle scripting example (s3api) . 180Amazon SNS . 182Create a topic . 182Subscribe to a topic . 183Publish to a topic . 183Unsubscribe from a topic . 183Delete a topic . 184Amazon SWF . 184List of Amazon SWF Commands . 184Working with Amazon SWF Domains . 187Security . 190Data Protection . 190Data encryption . 191Identity and Access Management . 191Compliance Validation . 192Enforcing TLS 1.2 . 192Troubleshooting errors . 193General troubleshooting to try first . 193Check your AWS CLI command formatting . 193Confirm that you're running a recent version of the AWS CLI . 194Use the --debug option . 194Confirm that your AWS CLI is configured . 198Command not found errors . 198The "aws --version" command returns a different version than you installed . 200The "aws --version" command returns a version after uninstalling the AWS CLI . 200Access denied errors . 201v

AWS Command Line Interface User Guide for Version 2Invalid credentials and key errors .Signature does not match errors .SSL certificate errors .Additional resources .Migration guide .New features and changes .AWS CLI version 2 new features .Breaking changes between AWS CLI version 1 and AWS CLI version 2 .Migration instructions .Replacing version 1 with version 2 .Side-by-side install .Uninstall .Troubleshooting AWS CLI install and uninstall errors .Document History .vi202203204204205205205206211212212213215216

AWS Command Line Interface User Guide for Version 2vii

AWS Command Line Interface User Guide for Version 2About AWS CLI version 2What is the AWS Command LineInterface?The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact withAWS services using commands in your command-line shell. With minimal configuration, the AWS CLIenables you to start running commands that implement functionality equivalent to that provided by thebrowser-based AWS Management Console from the command prompt in your terminal program: Linux shells – Use common shell programs such as bash, zsh, and tcsh to run commands in Linux ormacOS. Windows command line – On Windows, run commands at the Windows command prompt or inPowerShell. Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2) instances through aremote terminal program such as PuTTY or SSH, or with AWS Systems Manager.All IaaS (infrastructure as a service) AWS administration, management, and access functions in the AWSManagement Console are available in the AWS API and AWS CLI. New AWS IaaS features and servicesprovide full AWS Management Console functionality through the API and CLI at launch or within 180days of launch.The AWS CLI provides direct access to the public APIs of AWS services. You can explore a service'scapabilities with the AWS CLI, and develop shell scripts to manage your resources. In addition to thelow-level, API-equivalent commands, several AWS services provide customizations for the AWS CLI.Customizations can include higher-level commands that simplify using a service with a complex API.About AWS CLI version 2The AWS CLI version 2 is the most recent major version of the AWS CLI and supports all of the latestfeatures. Some features introduced in version 2 are not backported to version 1 and you must upgradeto access those features. There are some "breaking" changes from version 1 that might require you tochange your scripts. For a list of breaking changes in version 2, see Migrating from AWS CLI version 1 toversion 2 (p. 205).The AWS CLI version 2 is available to install only as a bundled installer. While you might find it inpackage managers, these are unsupported and unofficial packages that are not produced or managedby AWS. We recommend that you install the AWS CLI from only the official AWS distribution points, asdocumented in this guide.To install the AWS CLI version 2, see the section called “Install/Update” (p. 6).To check the currently installed version, use the following command: aws --versionaws-cli/2.4.5 Python/3.8.8 Linux/4.14.133-113.105.amzn2.x86 64 botocore/1.13For version history, see the AWS CLI version 2 Changelog on GitHub.1

AWS Command Line Interface User Guide for Version 2Maintenance and support for SDK major versionsMaintenance and support for SDK major versionsFor information about maintenance and support for SDK major versions and their underlyingdependencies, see the following in the AWS SDKs and Tools Reference Guide: AWS SDKs and tools maintenance policy AWS SDKs and tools version support matrixAbout Amazon Web ServicesAmazon Web Services (AWS) is a collection of digital infrastructure services that developers can leveragewhen developing their applications. The services include computing, storage, database, and applicationsynchronization (messaging and queuing). AWS uses a pay-as-you-go service model. You are chargedonly for the services that you—or your applications—use. Also, to make AWS more approachable as aplatform for prototyping and experimentation, AWS offers a free usage tier. On this tier, services are freebelow a certain level of usage. For more information about AWS costs and the Free Tier, see Test-DrivingAWS in the Free Usage Tier. To obtain an AWS account, open the AWS home page and then click Sign Up.Using the AWS CLI examplesThe AWS Command Line Interface (AWS CLI) examples in this guide are formatted using the followingconventions: Prompt – The command prompt uses the Linux prompt and is displayed as ( ). For commandsthat are Windows specific, C:\ is used as the prompt. Do not include the prompt when you typecommands. Directory – When commands must be executed from a specific directory, the directory name is shownbefore the prompt symbol. User input – Command text that you enter at the command line is formatted as user input. Replaceable text – Variable text, including names of resources that you choose, or IDs generated byAWS services that you must include in commands, is formatted as replaceable text. In multipleline commands or commands where specific keyboard input is required, keyboard commands can alsobe shown as replaceable text. Output – Output returned by AWS services is shown under user input, and is formatted as computeroutput.The following aws configure command example demonstrates user input, replaceable text, andoutput:1.Enter aws configure at the command line, and then press Enter.2.The AWS CLI outputs lines of text, prompting you to enter additional information.3.Enter each of your access keys in turn, and then press Enter.4.Then, enter an AWS Region name in the format shown, press Enter, and then press Enter a final timeto skip the output format setting.5.The final Enter command is shown as replaceable text because there is no user input for that line. aws configureAWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLEAWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYDefault region name [None]: us-west-22