CODEWITHSUNDEEP
aws-cli
prajitgandhi
prajitgandhi

Reputation: 493

How to setup awscli without setting up access key & secret access key?

I tried to find set aws-cli locally using IAM role & without using access key/secret access key. But unable to get information from meta url[http://169.256.169.256/latest/meta-data].

I am running Ec2 instance with Ubuntu Server 16.04 LTS (HVM), SSD Volume Type - ami-f3e5aa9c.I have tried to configure aws-cli on that instance.I am not sure what type of role/policy/user needed to get aws-cli configured in my Ec2 instance.

Please provide me step by step guide to achieve that.I just need direction.So useful link also appreciated.

Upvotes: 2

Views: 20899

Answers (2)

strongjz
strongjz

Reputation: 4491

AWS Documentation on how to setup an IAM role for EC2

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Upvotes: 1

sudheerchamarthi
sudheerchamarthi

Reputation: 1241

To read Instance Metadata, you dont need to configure the AWS CLI. The problem in your case, is you are using a wrong URL to read the Instance Metadata. The correct URL to use is http://169.254.169.254/ . For example, if you want to read the AMI id of the Instance, you can use the follow command.

curl http://169.254.169.254/latest/meta-data/ami-id

However, if you would like to configure the AWS cli without using the Access/Secret Keys. Follow the below steps.

  1. Create an IAM instance profile and Attach it to the EC2 instance

    • Open the IAM console at https://console.aws.amazon.com/iam/.
    • In the navigation pane, choose Roles, Create role.
    • On the Select role type page, choose EC2 and the EC2 use case. Choose Next: Permissions.
    • On the Attach permissions policy page, select an AWS managed policy that grants your instances access to the resources that they need.
    • On the Review page, type a name for the role and choose Create role.

  2. Install the AWS CLI(Ubuntu).

    • Install pip if it is not installed already.

      `sudo apt-get install python-pip`

    • Install AWS CLI.

      `pip install awscli --upgrade --user`

  3. Configure the AWS CLI. Leave AWS Access Key ID and AWS Secret Access Key as blank as we want to use a Role.

          $ aws configure 
      AWS Access Key ID [None]: 
      AWS Secret Access Key [None]: 
      Default region name [None]: us-west-2 
      Default output format [None]: json

    Modify the Region and Output Format values if required.

I hope this Helps you!

Upvotes: 3

Related Questions