Skip to main content

AWS CLI

Last update:

AWS CLI (AWS Command Line Interface) is a command line interface for working with AWS services.

Customize AWS CLI

  1. Configure access to S3.
  2. Install the client.
  3. Create an AWS CLI configuration.
  4. Install the certificate.

1. Set up access to S3

Access can be configured by the Account Owner or a user with the role of iam_admin.

  1. Create a service user with the role with access to S3.If you use a service user with the role object_storage_user or s3.bucket.user you must have a bucket policy configured in the bucket..
  2. Issue an S3 key to the user.

2. Install the client

Use the Install or update to the latest version of the AWS CLI documentation from Amazon.

3. Create an AWS CLI configuration

  1. Open the terminal.

  2. Open the configuration mode:

    aws configure

  3. Enter the AWS Access Key ID, which is the value of the Access key field from the S3 key.

  4. Enter AWS Secret Access Key — the value of the Secret key field from the S3 key.

  5. Enter Default region name — the pool in which S3 is located (for example, ru-1).

  6. Enter Default output format or leave blank.

  7. The settings will be saved in the configuration files:

    • credentials in .aws/credentials:

      [default]
      aws_access_key_id = <access_key>
      aws_secret_access_key = <secret_key>

    • default pool in .aws/config:

      [default]
         region = <pool>

  8. In the .aws/config file, add the endpoint_url parameter:

    [default]
        region = <pool>
        endpoint_url = https://<s3_domain>

    Specify <s3_domain> — the S3 API domain for the desired pool.

4. Install the certificate

  1. Create a folder ~/.selectels3/:

    mkdir -p ~/.selectels3/

  2. Download the certificate and place it in the ~/.selectels3/ folder:

    wget https://secure.globalsign.net/cacert/root-r6.crt -O ~/.selectels3/root.crt
    openssl x509 -inform der -in ~/.selectels3/root.crt -out ~/.selectels3/root.crt
    chmod 600 ~/.selectels3/root.crt

  3. In the .aws/config configuration file, add a parameter:

    ca_bundle = ~/.selectels3/root.crt

Working with AWS CLI

For the command syntax, see the AWS instructions in Amazon's AWS documentation.

To work with S3 through the AWS CLI, use:

  • s3api — commands corresponding to operations in the REST API;
  • s3 — additional commands that simplify work with a large number of objects.

Output the list of buckets

  1. Open the CLI.

  2. Bring up a list of buckets:

    aws s3 ls

Create a bucket

  1. Open the CLI.

  2. Create a bucket:

    aws s3 mb s3://<bucket_name>

    Specify <bucket_name> is the name of the new bucket.

View list of objects

  1. Open the CLI.

  2. Check out the list of facilities:

    aws s3 ls --recursive s3://<bucket_name>

    Specify <bucket_name> is the name of the bucket.

Load object

  1. Open the CLI.

  2. Upload the files to the repository:

    aws s3 cp <object_name> s3://<bucket_name>/

    Specify:

    • <object_name> — object name;
    • <bucket_name> — bucket name.

You can get a link to an object in a public or private backend via a Presigned URL.For more information about Presigned URLs, see Sharing objects with presigned URL s in the AWS documentation.

  1. Open the CLI.

  2. Get the link:

    aws s3 presign s3://<bucket_name>/<path_to_object> --expires-in <time>

    Specify:

    • <bucket_name> — bucket name;
    • <path_to_object> — path to the object in the baket;
    • optional: --expires-in <time> — link expiration, where <time>- time in seconds after which the link will stop working. If you don't add --expires-in <time>, the link will work for one hour.

Delete object

  1. Open the CLI.

  2. Delete the object:

    aws s3 rm s3://<bucket_name>/<object_name>

    Specify:

    • <bucket_name> — bucket name;
    • <object_name> — object name.