配置 aws cli

How to get exactly the account and environment information you need to manage your AWS account using just the AWS CLI

如何僅使用AWS CLI準確獲取管理AWS賬戶所需的賬戶和環境信息

Installing the AWS CLI is actually quite simple. The best way to get it done is to head over to the AWS installation guide and follow instructions for your OS.

實際上，安裝AWS CLI非常簡單。 最好的方法是轉到AWS安裝指南并按照您的操作系統的說明進行操作。

Right now they're pushing us towards version 2 of the CLI and I haven't seen any reason not to go along. I'm working with Linux so that's where I'd head next.

目前，他們正在將我們推向CLI的第二版，而且我還沒有任何不接受的理由。 我正在使用Linux，所以接下來是我要去的地方。

To get it done, I'll paste the curl command from the Amazon page into my Linux shell that'll download the package and write it to a local zip file, which I'll then unzip. That'll create a new directory called aws that'll contain a install script, which I can run using sudo to get admin privileges. I'll run aws --version to confirm everything worked as it was supposed to.

為此，我將從Amazon頁面粘貼curl命令到Linux外殼程序中，該外殼程序將下載該程序包并將其寫入本地zip文件，然后將其解壓縮。 這將創建一個名為aws的新目錄，其中將包含一個安裝腳本，我可以使用sudo運行該腳本以獲取管理員權限。 我將運行aws --version來確認一切均按預期進行。

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
ls aws
sudo ./aws/install
aws --version

The next step will require one quick trip to the management console. You see, to authenticate the CLI to your account you'll need a valid access key. Now, the CLI has a "create-access-key" command that'll generate a new key, but that's only possible once I've authenticated. I'm sure you understand the problem with that.

下一步將需要快速訪問管理控制臺。 您會看到，要通過CLI對您的帳戶進行身份驗證，您將需要一個有效的訪問密鑰。 現在，CLI具有一個“ create-access-key”命令，該命令將生成一個新密鑰，但是只有在我通過身份驗證后才可能。 我敢肯定，您了解問題所在。

You access the security credentials page from the drop-down account menu at the top of any page on the console. With your credentials in hand, you can run "aws configure." You'll be prompted to enter your access key ID and the secret key itself. If you like you can then choose a default AWS region and output format. The format won't be an issue so I'll leave it as default.

您可以從控制臺任何頁面頂部的下拉帳戶菜單訪問安全憑證頁面。 有了憑據，您就可以運行“ aws configure”。 系統將提示您輸入訪問密鑰ID和密鑰本身。 如果愿意，可以選擇默認的AWS區域和輸出格式。 格式不會成為問題，因此我將其保留為默認格式。

aws configure

That's it. Just to confirm it all worked, I'll list all the S3 buckets in my account. With that, we'll all set to get down to work in the next clip.

而已。 為了確認一切正常，我將在帳戶中列出所有S3存儲桶。 這樣，我們所有人都將開始在下一個剪輯中工作。

aws s3 ls

You may already know that Amazon's CloudFormation service exists to let you manage your application infrastructure by organising it into stacks of your AWS account resources.

您可能已經知道Amazon的CloudFormation服務已經存在，可以通過將其組織到AWS賬戶資源的堆棧中來管理應用程序基礎架構。

The CloudFormation templates that define those stacks can be shared, edited, and launched anywhere, giving you predictable and reliable cloud application environments wherever and whenever you need them.

定義這些堆棧的CloudFormation模板可以在任何地方共享，編輯和啟動，從而在需要它們的地方隨時隨地為您提供可預測和可靠的云應用程序環境。

You may also know that you can mange your CloudFormation stacks both through the AWS Management Console and, as I discuss in my new Pluralsight course, Create and Manage Stacks with AWS CloudFormation Using the Command Line Interface, using the AWS CLI.

您可能還知道，您既可以通過AWS管理控制臺管理CloudFormation堆棧，也可以像我在新的Pluralsight課程中討論的那樣，使用AWS CLI 使用命令行界面通過AWS CloudFormation創建和管理堆棧 。

If you do choose to go with the AWS CLI – something I highly recommend – you'll need a way to gather key information about other account resources. But how you're expected to get that information through the CLI might, at first, not appear so obvious.

如果您確實選擇使用AWS CLI(我強烈建議您這樣做)，則需要一種方法來收集有關其他賬戶資源的關鍵信息。 但是，起初，您期望如何通過CLI獲取該信息似乎不太明顯。

To show you what I mean, let's experiment with a more complex stack using a template that comes from the AWS documentation samples.

為了說明您的意思，讓我們使用來自AWS文檔樣本的模板嘗試更復雜的堆棧。

The Application Frameworks template set includes a template for auto scaled Linux servers that will come pre-provisioned with the Apache web server and the PHP scripting language, and a connection to a Multi-AZ RDS database instance running the MySQL database engine.

Application Frameworks模板集包括一個用于自動擴展Linux服務器的模板，該模板將隨Apache Web服務器和PHP腳本語言預先配置，并連接到運行MySQL數據庫引擎的Multi-AZ RDS數據庫實例。

You can click View from that AWS documentation page and take a look at the template itself. There you'll see Parameters sections defining the VPC and subnets into which your instance will launch and the MySQL database name, user, and password.

您可以從該AWS文檔頁面單擊查看，然后查看模板本身。 在這里，您會看到“參數”部分，這些部分定義了實例將啟動到的VP??C和子網以及MySQL數據庫名稱，用戶和密碼。

It's critical that all the right services know those details because, otherwise, they won't be able to talk to each other. We'll have to figure out a way to add those values. To get things going, you can simply click to view the template (which you can see here), and copy the contents, pasting it into a new JSON file on your local machine.

所有正確的服務都必須了解這些詳細信息，這很關鍵，因為否則它們將無法相互通信。 我們必須找出一種添加這些值的方法。 為了使事情順利進行，您只需單擊以查看模板( 可以在此處看到 )，然后復制內容，并將其粘貼到本地計算機上的新JSON文件中。

You use the CLI to fire up a Cloudformation stack using the create-stack command. The command, however, takes a few arguments to pass important information. This minimal example shows you how to point CloudFormation to your JSON template file, a name to assign to your stack, and a valid SSH key so I'll be able to log into the instance it creates.

您可以使用CLI使用create-stack命令啟動Cloudformation堆棧。 但是，該命令需要一些參數來傳遞重要信息。 這個最小的示例向您展示如何將CloudFormation指向您的JSON模板文件，一個要分配給您的堆棧的名稱以及一個有效的SSH密鑰，這樣我就可以登錄到它創建的實例。

aws cloudformation create-stack \--template-body file://lamp-as.json \--stack-name lamp \--parameters \ParameterKey=KeyName,ParameterValue=mykey

The problem is that, if you were to run that command against the template in your JSON document, it would fail. That's because, as you'll no doubt remember from looking through the template, there are some extra parameters that need satisfying. Specifically, we'll need references to a VPC and to two subnets - and because this is a multi-availability-zone deployment, they'll need to be in different zones.

問題是，如果要對JSON文檔中的模板運行該命令，它將失敗。 這是因為，毫無疑問，從瀏覽模板的過程中，您還需要了解一些額外的參數。 具體來說，我們需要引用一個VPC和兩個子網-由于這是一個多可用性區域部署，因此它們需要位于不同的區域中。

How will that work? It's the AWS CLI to the rescue. Need a VPC ID? Keeping in mind that VPCs are EC2 objects, you can run aws ec2 describe-vpcs and all the data you'll need - including the VPC ID - will magically appear. And subnets? Well more of the same, obviously. Just copy subnet IDs for any two of the subnets that will appear and you're in business.

那將如何工作？ 這是要解救的AWS CLI。 需要一個VPC ID？ 請記住，VPC是EC2對象，可以運行aws ec2 describe-vpcs，所有需要的數據-包括VPC ID-都會神奇地出現。 和子網？ 顯然，更多的相同。 只需復制將出現的任何兩個子網的子網ID，即可開展業務。

aws ec2 describe-vpcs
aws ec2 describe-subnets

Now let's put all that information together into our new version of the create-stack command. You'll need to be careful with this as there are some nasty gotchas in the syntax.

現在，讓我們將所有這些信息放到新版本的create-stack命令中。 您需要注意這一點，因為語法中有些討厭的地方。

aws cloudformation create-stack \--template-body file://lamp-as.json \--stack-name lamp-as \--parameters \ParameterKey=KeyName,ParameterValue=mykey \ParameterKey=VpcId,ParameterValue=vpc-1ffbc964 \ParameterKey=Subnets,ParameterValue=\'subnet-0e170b31,subnet-52d6117c\' \ParameterKey=DBUser,ParameterValue=myadmin \ParameterKey=DBPassword,ParameterValue=mypass23

The first new parameter is VPC-ID. But make sure you get the case right: using an uppercase D in Id will cause the whole thing to fail. I don't know why they make things so difficult to live with, but that's what we've got.

第一個新參數是VPC-ID。 但是，請確保您理解的正確：在ID中使用大寫D會導致整個操作失敗。 我不知道為什么他們讓生活變得如此困難，但這就是我們所擁有的。

The next one is even more delicate. Since we need two subnets, we'll need to enter them on a single line separated by a comma - but no space. However, we'll also need to enclose the string within single apostrophes. But the CLI can't read apostrophes just like that, so we'll need to escape them using backslashes. Got that?

下一個更加精致。 由于我們需要兩個子網，因此需要在由逗號分隔的一行中輸入它們-但不能有空格。 但是，我們還需要將字符串括在單撇號內。 但是CLI不能像這樣讀取撇號，因此我們需要使用反斜杠對其進行轉義。 了解？

I'll also add those two database parameters: DBUser and my ultra secret, super cryptic DBPassword. Will it work? You betcha. But don't tell anyone how many times I had to try this without you watching before I got it right. Remember: failure is your friend.

我還將添加這兩個數據庫參數：DBUser和我的超級秘密，超級神秘的DBPassword。 能行嗎 完全正確。 但是，請不要告訴任何人在我理解正確之前我必須嘗試幾次卻沒有您的注意。 記住：失敗是你的朋友。

When our stack is good and launched (which could take as long as half an hour), running describe-stacks will give us our website URL.

當我們的堆棧良好并啟動時(可能需要半小時的時間)，運行describe-stacks將為我們提供網站URL。

aws cloudformation describe-stacks

But that's not the whole story. ?I'm going to use another aws ec2 command - describe-instances this time - to get some information about the EC2 instances that were launched as part of this stack. This one will filter results, restricting output to only those instances that are currently running.

但這還不是全部。 我將使用另一個aws ec2命令-這次是describe-instances-獲取有關作為該堆棧的一部分啟動的EC2實例的一些信息。 這將過濾結果，將輸出限制為僅當前正在運行的那些實例。

aws ec2 describe-instances \--filters Name=instance-state-name,Values=running \--query 'Reservations[*].Instances[*].{Instance:InstanceId,PublicIPAddress:PublicIpAddress}'

I happen to have no other instances running in this region, so only the CloudFormation instances will show up. Now I use --query to further filter the output to give me only the Instance IDs and public IP addresses of those instances. There are, as you would expect, exactly two running.

我碰巧在該區域中沒有其他實例在運行，因此只會顯示CloudFormation實例。 現在，我使用--query進一步過濾輸出，以僅為我提供這些實例的實例ID和公共IP地址。 如您所料，有兩個正在運行。

Just a taste - and most of it related specifically to CloudFormation - but I think you get the idea of how information gathering works using the AWS CLI.

只是一種嘗試-大多數都與CloudFormation有關-但是我認為您已經了解了如何使用AWS CLI進行信息收集。

There's much more administration goodness in the form of books, courses, and articles available at my bootstrap-it.com.

我的bootstrap-it.com上提供了書籍，課程和文章形式的管理優勢。

翻譯自: https://www.freecodecamp.org/news/aws-cli-tutorial-install-configure-understand-resource-environment/

配置 aws cli