AWS EB CLI (elastic beanstalk) - amazon-web-services

I have deployed an application on EB with my own AWS account, and have done the same with another one.
I don't know how to switch out of my command line eb cli account. There are no eb CLI options to switch profiles like the normal AWS CLI...
Thanks!

Use named profiles via eb --profile x to use a specific profile from your AWS credentials file.
Or you can use multiple, distinct credentials files (see here) and change the AWS_CREDENTIAL_FILE environment variable to point to the relevant credentials file. You could even write a couple of shell scripts such as eb-project1 and eb-project2 that each export/set the relevant AWS_CREDENTIAL_FILE value and then simply execute eb so that you don't have to switch credentials manually - just run eb-project1 or eb-project2 as needed instead of running eb.

Related

Have to delete environment variables for aws cli to work without --profile flag

ok so I am baffled by this aws cli behavior. Basically what is going on is that when I set my AWS creds related in environment variable, AWS CLI forces me to pass --profile flag each time I use the CLI.
So basically when AWS_ACCESS_KEY_ID AND AWS_SECRET_ACCESS_KEY then I cannot run commands like aws s3 ls without passing --profile flag to it even though my profile is [default]
Also, jus to note the environment variable values and the values inside my /.aws/credentials
file is exactly same. Also, I tried to set both AWS_PROFILE and AWS_DEFAULT_PROFILE to default hoping that if all values such as keys,secret and profile are set in environment variable then I do not have to pass any --profile flag explicitly. Not having to pass this flag explicitly is very important for me at this point because if I am running an application which connects with aws and picks up default credentials, there is no easy way to pass profile information to that app.
my credentials file look like following:
[default]
aws_access_key_id = AKIA****
aws_secret_access_key = VpR***
My config file looks like following:
[default]
region = us-west-1
output = json
And my environment variables do have the same values for corresponding entries. for key, secret and profile at least.
Any idea on how to solve this issue?
The AWS CLI looks for credentials using a series of providers in a particular order. (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#config-settings-and-precedence)
Specifically:
Command line options – You can specify --region, --output, and --profile as parameters on the command line.
Environment variables – You can store values in the environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. If they are present, they are used.
CLI credentials file – This is one of the files that is updated when you run the command aws configure. The file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\USERNAME\.aws\credentials on Windows. This file can contain the credential details for the default profile and any named profiles.
CLI configuration file – This is another file that is updated when you run the command aws configure. The file is located at ~/.aws/config on Linux or macOS, or at C:\Users\USERNAME\.aws\config on Windows. This file contains the configuration settings for the default profile and any named profiles.
Container credentials – You can associate an IAM role with each of your Amazon Elastic Container Service (Amazon ECS) task definitions. Temporary credentials for that role are then available to that task's containers. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.
Instance profile credentials – You can associate an IAM role with each of your Amazon Elastic Compute Cloud (Amazon EC2) instances. Temporary credentials for that role are then available to code running in the instance. The credentials are delivered through the Amazon EC2 metadata service. For more information, see IAM Roles for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances and Using Instance Profiles in the IAM User Guide.
Another potential option for you would be to unset any colliding variables in your env and rely on the aws credentials file to provide the appropriate access credentials from the default entry.

When to use AWS CLI and EB CLI

For a month or so, I've been studying AWS services and now I have to accomplish some basic stuff on AWS elastic beanstalk via command line. As far as I understand there are the aws elasticbeanstalk [command] and the eb [command] CLI installed on the build instance.
When I run eb status inside application folder, I get response in the form:
Environment details for: app-name
Application name: app-name
Region: us-east-1
Deployed Version: app-version
Environment ID: env-name
Platform: 64bit Amazon Linux ........
Tier: WebServer-Standard
CNAME: app-name.elasticbeanstalk.com
Updated: 2016-07-14 .......
Status: Ready
Health: Green
That tells me eb init has been run for the application.
On the other hand if I run:
aws elasticbeanstalk describe-application-versions --application-name app-name --region us-east-1
I get the error:
Unable to locate credentials. You can configure credentials by running "aws configure".
In home folder of current user there is a .aws directory with a credential file containing a [profile] line and aws_access_key_id and
aws_secret_access_key lines all set up.
Beside the obvious problem with the credentials, what I really lack is understanding of the two cli. Why is EB cli not asking for credentials and AWS cli is? When do I use one or the other? Can I use only aws cli? Any clarification on the matter will be highly appreciated.
EDIT:
For anyone ending up here, having the same problem with "Unable to locate credentials". Adding --profile profile-name option solved the problem for me. profile-name can be found in ~/.aws/config (or credentials) file on [profile profile-name] line.
In order to verify that the AWS CLI is configured on your system run aws configure and provide it with all the details it requires. That should fix your credentials problem and checking the change in configuration will allow you to understand what's wrong with your current conf.
the eb cli and the aws cli have very similar capabilities, and I too am a bit confused as to why they both should exist. From my experience the main differences are that the cli is used to interact with your AWS account using simple requests while the eb cli creates connections between you and the eb envs and so allows for finer control over them.
For instance - I've just developed a CI/CD pipeline for our beanstalk apps. When I use the eb cli I can monitor the deployment of our apps and notify the developers when it's finished. aws cli does not offer that functionality, and the only to achieve that is to repeatedly query the service until you receive the desired result.
The AWS CLI is a general tool that works on all AWS resources. It's not tied to a specific software project, the type of machine you're on, the directory you're in, or anything like that. It only needs credentials, whether they've been put there manually if it's your own machine, or generated by AWS if it's an EC2 instance.
The EB CLI is a high level tool to wrangle your software project into place. It's tied to the directory you're in, it assumes that the stuff in your directory is your project, and it has short commands that do a lot of background work to magically put everything in the right place.

Deploying to separate accounts with aws cli

I have two aws accounts : production and staging. I'm using aws-cli v3 to deploy via GIT to my production environment using eb deploy
I want to be able to deploy to my staging environment regularly from my develop branch and when it comes to deploying a release I want to be able to deploy from my newly created release branch to my production environment.
I already have my ~/.aws/config file with my two account key sets (staging and production), and would like to be able to do something like:
eb deploy --profile staging
and
eb deploy --profile production
Is it necessary to have the two environments under the same account and use eb use production-env and eb use staging-env?
A similar question has already been answered here
Also it does look like the eb command does support profiles
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-cmd-commands.html
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-cmd-commands.html#eb3-cmd-options

AWS - Elastic Beanstalk CLI - how to list/change profiles

I have two AWS accounts, one for personal, one for work-related projects. I've previously created and deployed to my personal AWS account.
I want to create a work-related app on the work AWS account. I signed in with those credentials, and created a new application from within the console.
Then, in my work project folder, I eb init and eb create/deploy the work app. When I did eb create, it was asking to set up a an environment different than the one I had created in AWS. After creating it, I found that a new project had be created within my personal AWS account.
I was told I have to change profiles doing eb --profile but am not sure of my profile names. How can I list and change my profile from my personal to my work profile?
EDIT:
I was given an access key ID. I tried eb --profile MYKEYID. No message was displayed when I did this. I'm not sure which profile I'm on.
The EB CLI and the AWS CLI share the same credentials.
They are stored in either ~/.aws/config or ~/.aws/credentials.
You can list them using
aws configure list
Once you know what profile you want to use, you can set it permanently for that project by running
eb init --profile ProfileName
in the project directory.
You can see what settings the EB CLI has for your project by looking at the .elasticbeanstalk/config.yml file.

How do I change users in the EB CLI?

I deployed an application on EB with my own AWS account, but I need to do the same with another one. I have the user name, access key and secret access key for the AWS account I need to deploy from, but I don't even know how to switch out of my account to do it.
I've been able to sign into the AWS cli with those credentials, but I'm having trouble using the aws elasticbeanstalk cli, so help deploying my application through that would be helpful as well.
Thanks!
The AWS CLI credentials are set in credential file and can be overridden with enviroment variables.
To create differnent profiles can use the built in config tool:
aws configure --profile user2
Then when you use the aws to call elasticbeanstalk, you can specify this new profile to use
aws --profile user2 elasticbeanstalk ...blah...blah...blah...