AWS s3 create folder using batch script - amazon-web-services

I have created a batch script using the aws cmdline in windows however it doesn't seems to be running from my machine. IT does run from one of the server in our infra. IF i just run the aws s3api command from my machine it runs fine.
aws configure set AWS_ACCESS_KEY_ID <Access_key>
aws configure set AWS_SECRET_ACCESS_KEY <secret_key>
aws configure set default.region us-east-1
set /p key="Enter key:"
aws s3api put-object --bucket <bucket_name> --key %key%

If you are on your local machine you can go to ~/.aws/credentials in your terminal and see there are your configured profiles. Typically you have a profile that is name [default] in which by default all of your aws calls etc will get ran with those keys and their respective permissions.
If your aws configure is not being set properly then your aws commands will try and execute under that [default] profile.

Related

AWS CDK deploy from circleCi fails with credential error but other aws services do not

I am running a cdk deploy build on circleCi, and when the step CDK deploy comes it gives me "Need to perform AWS calls for account ************, but no credentials have been configured".
But for the troubleshooting i tried other commands as well like
aws s3 ls
aws aws cloudformation list-stacks
These above commands we working fine, also able to run command to create a cloudformation with same config but not able to run cdk deploy. the access key and secret i am using has Admin access.
Set the creds with a profile name using aws-cli Orb in CircleCI and
try using the below command to deploy with CDK
cdk deploy --all --profile cdkprofile
For reference, in CircleCI
orbs:
aws-cli: circleci/aws-cli#2.0.3
commands:
env-setup:
description: AWS Env Setup
steps:
- aws-cli/setup:
profile-name: cdkprofile
aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
And assumption is AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set as CircleCI env variables
As a starting note: The best way to troubleshoot is with cdk [command] --verbose (see CLI ref)
CDK has an internal mechanism for finding credentials not directly using AWS CLI (AWS CLI is not a requirement for CDK to run)
In a similar situation with a CI tool, the issue was simply that the ~/.aws/credentials file did not exist (not that you need it with AWS CLI, but in the situation for CDK, it was required)
Credit to this issue reporting: https://github.com/aws/aws-cdk/issues/6947#issue-586402006
Solution tested for above:
For an EC2 running CI tool, with EC2 IAM role
Where ~/.aws/config exists and defined profile(s) with:
credential_source = Ec2InstanceMetadata
role_arn = arn:aws:iam:::role/role-to-assume-in-acctId
Create empty ~/.aws/credentials file
Example error for the problem solved above (from verbose output)
Resolving default credentials
Notices refreshed
Unable to determine the default AWS account: ProcessCredentialsProviderFailure: Profile myprofile did not include credential process
Other causes found in other issues/comments could relate to:
Duplicate profiles
Having credential_process in the profile, set to empty
Needing --profile parameter to be added

How can i switch AWS credentials easily in the terminal?

I have a few different projects I work on. I use AWS and I use Kubernetes. I have a number of AWS credentials stored in my ~/.aws/credentials each with a label like
[account-1]
aws_access_key = x
aws_secret_access_key = y
[account-2]
aws_access_key = x
aws_secret_access_key = y
How can i toggle between them and easily set my config?
Currently I type aws configure in the terminal and manually paste the key/secret/regionn every time i want to switch between them.
When you hit the aws configure command, every time a new profile will be created in the ~/.aws/credentials. You can generate all the required profiles single time and then set environment variable based on the project you're working.
For example,
while working on project 1, set the environment variable
export AWS_PROFILE=account-1
and while working on project 2, set the environment variable
export AWS_PROFILE=account-2
If you are using zsh and oh-my-zsh with the aws plugin, you have the asp command.
asp account-1
and if your theme is set up nicely, your commandline prompt will tell you what account you're in.
In addition to #Gunjan answer you can also pass the profile name like this
$ aws ecr get-login-password --region us-east-1 --profile account-1
If you want to connect to multiple eks clusters
$ aws eks --region us-east-1 update-kubeconfig --name account-1-eks --region eu-west-1 --profile account-1
You need to have proper IAM permissions to run this command
This command will generate a kube config file in ~/.kube
move that file to some another location and add alias in your bash_profile or .zshrc like this line
account-1-eks='export KUBECONFIG=:/path/to/the/account-1-eks.config
Now reload your shell and you can switch using the alias like account-1-eks
You can repeat the steps for multiple accounts

Setting up AWS credentials

I am having problems configuring my AWS credentials on Serverless using my terminal. Once I place:
serverless config credentials --provider aws --key xx --secret xxx --profile serverless-admin2
After that the system responds "setting up aws..." and doesn't do anything else. Am I doing something wrong?
The command just only creates a new entry in your ~/.aws/credentials file. Thus to check if it worked, inspect ~/.aws/credentials and see if [serverless-admin2] profile was created with your aws keys.
If not, you can add the profile yourself there.

Aws configure is not saving configuration data in credentials and config files on windows 10

I am trying to configure AWS CONFIGURE via AWS CLI on my laptop having Windows 10 professional. This is not the first time I am configuring AWS CONFIGURE. I already have many profiles settings.
I have enough free system memory and storage and have sufficient rights to run aws configure. I am using Python 3.6
Here is the detail, how I am trying to setup AWS CONFIGURE.
When I run this command again, it asks all the values again.
Even if I run an AWS CLI command using this new profile; to create a lambda function ( aws lambda create-function xxxxxxxxx --profile lambdaprofile ).
It gives below error.
The config profile (lambdaprofile) could not be found.
Please help me.
Some times this issue happens and AWS CLI is unable to set new profile and settings in config file.
Here is a fix of this issue.
Run below command from windows console.
notepad %USERPROFILE%\.aws\credentials
You will see last line of credentials file with overlapping line.
e.g in your particular case, it would be showing like below.
region = us-east-1[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Similar issue would be in config file, which can be checked by opening this file.
notepad %USERPROFILE%\.aws\config
To fix this issue set [lambdaprofile] to new line, preferably add another empty line before [lambdaprofile]. It should look like below.
region = us-east-1
[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Also do the same fix in config file. After fixing it, if you will run aws configure --profile lambdaprofile it should show the previously saved values in credentials and config files.
You may also check if values are saved or not with below command.
aws configure list --profile lambdaprofile
Alternately to the fix detail mentioned above, you can also set new profile directly with AWS CONFIGURE SET
e.g in your particular case.
aws configure --profile lambdaprofile set aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure --profile lambdaprofile set aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure --profile lambdaprofile set region use-east-1
or
aws configure set profile.lambdaprofile.aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure set profile.lambdaprofile.aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure set profile.lambdaprofile.region use-east-1

How to run aws configure on Amazon AWS EC2 automatically without interaction without prompt?

I'm trying to set up Amazon AWS EC2 instance to talk to s3. The basic command is
aws configure
then follow the prompt to enter
AWS Access Key ID [None]: my-20-digit-id
AWS Secret Access Key [None]: my-40-digit-secret-key
Default region name [None]: us-east-1
Default output format [None]: text
However, what I really want is to have the command
aws configure
automatically without interaction, i.e., no prompt and wait for input
I know there are files at
~.aws/credentials
~.aws/config
where I put those 4 key=value pairs. And the "credentials" file looks like
[default]
aws_secret_access_key = my-40-digit-secret-key
aws_access_key_id = my-20-digit-id
while the "config" file looks like
[default]
region = us-east-1
output = text
However, with those file at ~/.aws/, I get into ~/.aws/, and at the command line, I type and enter command
aws configure
I still got the prompt to ask me
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
If I don't enter valid values at prompt, I won't be able to connect to s3, for example via command
aws s3 ls s3://mybucket
I turned help to amazon aws documentation pages. At this page, it mentions this option
"Command line options – region, output format and profile can be specified as command options to override default settings."
as the first option for aws configure
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
However, it didn't mention how to use the command line options. I tried something like this
aws configure --region us-east-1
but I still got
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
exactly like I have no option of "--region us-east-1"
If I try to
aws configure --aws_access_key_id my-20-digit-id --aws_secret_access_key my-40-digit-secret-key --region us-east-1
I get this
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument subcommand: Invalid choice, valid choices are:
How I can run the command
aws configure
automatically, no prompt, no interaction.
Please help! TIA
Edit and response to helloV, as the format in main post is much clearer than comment.
I tried the command helloV mentioned, but I got error
aws configure set aws_access_key_id my-20-digit-id
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument subcommand: Invalid choice, valid choices are:
Thanks though.
Continue on "aws configure set"
On another EC2 instance where I've already set connection to s3, I enter
aws configure set region us-east-1
runs and returns to command prompt ">"
aws configure set aws_access_key_id my-20-digit-id
runs and returns to command prompt ">"
aws configure set aws_secret_access_key my-40-digit-secret-key
runs and returns to command prompt ">"
aws configure
runs but comes with prompts and waits for interaction
AWS Access Key ID [****************ABCD]:
AWS Secret Access Key [****************1234]:
Default region name [us-east-1]:
Default output format [text]:
helloV:
here is my screen looks like
ubuntu#ip-11111:~/.aws$ more config
[default]
region = us-east-1
output = text
ubuntu#ip-11111:~/.aws$ more credentials
[default]
aws_secret_access_key = my-40-digit-secret-key
aws_access_key_id = my-20-digit-id
ubuntu#ip-11111:~/.aws$ aws s3 ls s3://
I got this
Unable to locate credentials. You can configure credentials by running "aws configure".
After this, I run
aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region us-east-1 config_file ~/.aws/config
Looks like it does not check ~/.aws/credentials file, but ~/.aws/config file is in the list.
These commands worked for me. If this doesn't works for you. Try do the first time using the interaction mode aws configure
aws --profile default configure set aws_access_key_id "my-20-digit-id"
aws --profile default configure set aws_secret_access_key "my-40-digit-secret-key"
I figured out, finally. Use export such as
export AWS_ACCESS_KEY_ID=my-20-digit-id
export AWS_SECRET_ACCESS_KEY=my-40-digit-secret-key
export AWS_DEFAULT_REGION=us-east-1
then run
aws s3 ls s3://
would work. Don't run "aws configure" as others mentioned.
Thank you all.
You describe the file very well. Why not just create a file and put it in the right place? I just tried... it's exactly the same as running aws configure
UPDATE: You mention that you want to access S3 from EC2 instance. In this case you shouldn't be using credentials at all. You should user Roles instead
The solution is that you actually don't have to run aws configure! After you run it for the 1st time and established the credentials (~/.aws/credentials) and config (~/.aws/config), going forward you simply have to run the required aws command. I tested this with a cron job and did a "aws s3 ls" command and it worked without having to provide a configure command before it.
Follow this command
$aws configure set aws_access_key_id default_access_key
$ aws configure set aws_secret_access_key default_secret_key
$ aws configure set default.region us-west-2
or
aws configure set aws_access_key_id <key_id> && aws configure set aws_secret_access_key <key> && aws configure set default.region us-east-1
For more details use this link
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/set.html
I use something like this:
aws configure --profile my-profile-name <<-EOF > /dev/null 2>&1
${AWS_ACCESS_KEY_ID}
${AWS_SECRET_ACCESS_KEY}
${AWS_REGION}
text
EOF
also to cleanup after automated process, and not remove `~/.aws/ directory (since some other credentials might be stored there) I run:
aws configure --profile my-profile-name <<-EOF > /dev/null 2>&1
null
null
null
text
EOF