AWS CLI and why you should want to.
We quickly cover installing AWS CLI, multi factor authentication and AWS user groups.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -WARNING: this blog is not complete, instructions below use root not a created AMI user with restricted permissions. Use with care until updated.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Why you should use AWS CLI ?
AWS CLI will enable automation of many tasks.
Automate anything that is tedious.
Use the official AWS CLI instructions to install.
The install procedure will look similar to this.
Now configure your key, secret and region.
aws
aws --version
aws configure
AWS Access Key’s need to be treated with care. to create or access your AWS access keys, some important reading is reccommended.
Open your AWS IAM Dashboard.
https://console.aws.amazon.com/iam/home#/home > Dashboard
— — — — — — — — — — — — — — — — — — — — — — — — — — — — -
WARNING: below instructions need modification to use IAM user wiht restricted access instead of root.
Working with root which is _VERY_ bad. This is first draft and needs review.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Generate new access Key. Store this carefully, not in your git repo, do not share :)
copy paste the “AWS Access Key ID” and “AWS SEcret Access Key” from the above page as requested.
Check your EC2 Instances page to verify the default region name matches the region the EC2 instance you are planning to work with is in.
Now we have awc cli installed, we can use it to start an ec2 instance.
From console > EC2 > select EC2 instance to start > copy ‘Instance ID’
aws ec2 start-instances --instance-ids <your EC2 instance ID>output from this will be similar to this.
So now we can convert this to a startup script for ease of use.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
SETUP MULTIFACTOR AUTHENTICATION!!!
https://console.aws.amazon.com/iam/home?#/home
Looking at the dashboard. by default, new accounts do not have Multi Factor Authentication configured. MFA should be configured for any production critical use. Heck, learn to use MFA for good security habits.
<Manage MFA>
Select ‘Virtual MFA device’
Short answer: use google authenticator(android). or the google authenticator ios version
Long answer > https://aws.amazon.com/iam/details/mfa/
<next step>
Usinging your newly installed google authenticator, scan the QR code.
If you have multiple accounts already using google authenticator, scroll to bottom to find the newly added account.
a 6 digit code will be visible (2 groups of 3 digits), enter authentication code 1, wait for the app timer pie chart to complete a cycle, then enter authentication code 2.
Now when logging into AWS you will need to use your Multi Factor Authentication app. It’s a little tedious, but good security practice. Much less hassle than having your AWS account compromised.
