Skip to main content

AWS CLI

Last update:

AWS CLI (AWS Command Line Interface) is a command line interface for working with AWS services that allows you to use Amazon CloudWatch API methods. Read more in the articles DescribeLogGroups, DescribeLogStreams, GetLogEvents and FilterLogEvents AWS documentation.

With AWS CLI you can work with logs: get events, event streams and log groups.

Before you begin , configure the AWS CLI.

Customize the AWS CLI

  1. Add a service user.
  2. Issue an S3 key to the user.
  3. Install the client.
  4. Configure the AWS CLI configuration.

1. Add a service user

Add a service user with authorization in the access area Projects and role:

  • member for access to read and write logs;
  • or reader to read logs only.

Users can be added by the Account Owner or users with the role of iam_admin.

2. Issue an S3 key to the user

Users with access to the control panel can issue themselves S3 keys but we recommend to create service users and issue S3 keys to them.

S3 keys can only be issued to other users by the Account Owner or a user with the role iam_admin. A service user cannot get an S3 key by himself, because he does not have access to the control panel - he must be issued a key by the Account Owner or iam_admin.

A separate key must be created for each project. Multiple keys can be issued for one project.

  1. In the control panel, on the top menu, click Account.

  2. Go to the section with the desired user type:

  3. Open the user page → Access tab.

  4. In the S3 keys block, click Add Key.

  5. Enter the name of the key.

  6. Select the project for which the key will work.

  7. Click Generate. Two values will be generated:

    • Access key - Access Key ID, key identifier;
    • Secret key - Secret Access Key, secret key.

  8. Click Copy and save the key - it cannot be viewed after the window is closed.

3. Install the client

Use the instructions Install or update to the latest version of the AWS CLI documentation from Amazon.

4. Configure AWS CLI configurations

  1. Open the CLI.

  2. Open the configuration mode:

    aws configure

  3. Enter the AWS Access Key ID, the value of the Access key field from the S3 key you issued to the user, and press Enter.

  4. Type AWS Secret Access Key - The value of the Secret key field from the S3 key you issued to the user and press Enter.

  5. Enter Default region name - the pool where the logs are located (for example, ru-9) and press Enter.

  6. Optional: Type Default output format or leave the value blank and press Enter. If you do not specify a value, the default output format is json.

  7. The settings will be saved in the configuration files:

    • credentials in .aws/credentials;
    • pool in ~/.aws/config.

  8. In the ~/.aws/config file, add the endpoint_url parameter after the region parameter:

    [default]
    endpoint_url = <log_endpoint>

    Specify <log_endpoint> - URL for accessing the Log service API in the required pool. The list of URLs can be found in the URL Lists instruction