AWS - Elastic Beanstalk CLI - how to list/change profiles - amazon-web-services

I have two AWS accounts, one for personal, one for work-related projects. I've previously created and deployed to my personal AWS account.
I want to create a work-related app on the work AWS account. I signed in with those credentials, and created a new application from within the console.
Then, in my work project folder, I eb init and eb create/deploy the work app. When I did eb create, it was asking to set up a an environment different than the one I had created in AWS. After creating it, I found that a new project had be created within my personal AWS account.
I was told I have to change profiles doing eb --profile but am not sure of my profile names. How can I list and change my profile from my personal to my work profile?
EDIT:
I was given an access key ID. I tried eb --profile MYKEYID. No message was displayed when I did this. I'm not sure which profile I'm on.

The EB CLI and the AWS CLI share the same credentials.
They are stored in either ~/.aws/config or ~/.aws/credentials.
You can list them using
aws configure list
Once you know what profile you want to use, you can set it permanently for that project by running
eb init --profile ProfileName
in the project directory.
You can see what settings the EB CLI has for your project by looking at the .elasticbeanstalk/config.yml file.

Related

AWS cli switching between accounts

I had an AWS account configured to work with the CLI. The free tier expired so I setup another account. I created an IAM user ran aws configure and put in the credentials for that user. I have the default profile setup with that users credentials as well.
From the cli if I run the command aws s3 ls it will always show the buckets from the old account. If I specify the profile using aws s3 ls --profile GrantM then it lists the buckets from the correct account and IAM user.
The environment variables are set to the new user also. Can someone explain this and how to switch it to use my new account?
create or edit this file:
% vim ~/.aws/credentials
list as many key pairs as you like:
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
set a local variable to select the pair of keys you want to use:
% export AWS_PROFILE=user1
do what you like:
aws s3api list-buckets # any aws cli command now using user1 pair of keys
more details:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
When you use aws configure without any additional arguments it should allow you to amend the default profile, which is the one that is being accessed when you specify no profile. By amending this you will not need to specify the --profile flag.
If you would also like to amend over named profiles you would simply use aws configure --profile $PROFILE_NAME, where you can just as above replace the credentials currently stored in the configuration.
Alternatively for Linux/MacOS you can access your credentials in ~/.aws/credentials or for Windows in %USERPROFILE%\.aws\credentials. You can modify these files to replace any values.
More information is available on the Named profiles documentation page.
I would not mix environment variables and credentials profiles, you'll just get confused.
Remove the environment variables, ensure that the default profile in your ~/.aws/credentials file (or %USERPROFILE%\.aws\credentials on Windows) is set to the new credentials, then run aws s3 ls. If it's not what you expected, then run aws s3 ls --debug to work out what you did wrong.
According to Credentials — Boto 3 Docs documentation, the Environment Variables will be used in preference to the configuration files.
Therefore, I suggest you remove the credentials from your Environment Variables, and just use the configuration files.
Depending upon your operating system, you could use unset, or remove them from where ever you put them in the Environment Variables.
run on terminal where you be running the cli commands
export AWS_PROFILE='PROFILE_NAME'
move this the bashrc/zshrc file to make this permanent or just add a default section to the .aws/config and .aws/configure. Run following command and input the credentials you want.
aws configure
works on mac and windows.

AWS EB CLI (elastic beanstalk)

I have deployed an application on EB with my own AWS account, and have done the same with another one.
I don't know how to switch out of my command line eb cli account. There are no eb CLI options to switch profiles like the normal AWS CLI...
Thanks!
Use named profiles via eb --profile x to use a specific profile from your AWS credentials file.
Or you can use multiple, distinct credentials files (see here) and change the AWS_CREDENTIAL_FILE environment variable to point to the relevant credentials file. You could even write a couple of shell scripts such as eb-project1 and eb-project2 that each export/set the relevant AWS_CREDENTIAL_FILE value and then simply execute eb so that you don't have to switch credentials manually - just run eb-project1 or eb-project2 as needed instead of running eb.

When to use AWS CLI and EB CLI

For a month or so, I've been studying AWS services and now I have to accomplish some basic stuff on AWS elastic beanstalk via command line. As far as I understand there are the aws elasticbeanstalk [command] and the eb [command] CLI installed on the build instance.
When I run eb status inside application folder, I get response in the form:
Environment details for: app-name
Application name: app-name
Region: us-east-1
Deployed Version: app-version
Environment ID: env-name
Platform: 64bit Amazon Linux ........
Tier: WebServer-Standard
CNAME: app-name.elasticbeanstalk.com
Updated: 2016-07-14 .......
Status: Ready
Health: Green
That tells me eb init has been run for the application.
On the other hand if I run:
aws elasticbeanstalk describe-application-versions --application-name app-name --region us-east-1
I get the error:
Unable to locate credentials. You can configure credentials by running "aws configure".
In home folder of current user there is a .aws directory with a credential file containing a [profile] line and aws_access_key_id and
aws_secret_access_key lines all set up.
Beside the obvious problem with the credentials, what I really lack is understanding of the two cli. Why is EB cli not asking for credentials and AWS cli is? When do I use one or the other? Can I use only aws cli? Any clarification on the matter will be highly appreciated.
EDIT:
For anyone ending up here, having the same problem with "Unable to locate credentials". Adding --profile profile-name option solved the problem for me. profile-name can be found in ~/.aws/config (or credentials) file on [profile profile-name] line.
In order to verify that the AWS CLI is configured on your system run aws configure and provide it with all the details it requires. That should fix your credentials problem and checking the change in configuration will allow you to understand what's wrong with your current conf.
the eb cli and the aws cli have very similar capabilities, and I too am a bit confused as to why they both should exist. From my experience the main differences are that the cli is used to interact with your AWS account using simple requests while the eb cli creates connections between you and the eb envs and so allows for finer control over them.
For instance - I've just developed a CI/CD pipeline for our beanstalk apps. When I use the eb cli I can monitor the deployment of our apps and notify the developers when it's finished. aws cli does not offer that functionality, and the only to achieve that is to repeatedly query the service until you receive the desired result.
The AWS CLI is a general tool that works on all AWS resources. It's not tied to a specific software project, the type of machine you're on, the directory you're in, or anything like that. It only needs credentials, whether they've been put there manually if it's your own machine, or generated by AWS if it's an EC2 instance.
The EB CLI is a high level tool to wrangle your software project into place. It's tied to the directory you're in, it assumes that the stuff in your directory is your project, and it has short commands that do a lot of background work to magically put everything in the right place.

Deploying to separate accounts with aws cli

I have two aws accounts : production and staging. I'm using aws-cli v3 to deploy via GIT to my production environment using eb deploy
I want to be able to deploy to my staging environment regularly from my develop branch and when it comes to deploying a release I want to be able to deploy from my newly created release branch to my production environment.
I already have my ~/.aws/config file with my two account key sets (staging and production), and would like to be able to do something like:
eb deploy --profile staging
and
eb deploy --profile production
Is it necessary to have the two environments under the same account and use eb use production-env and eb use staging-env?
A similar question has already been answered here
Also it does look like the eb command does support profiles
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-cmd-commands.html
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-cmd-commands.html#eb3-cmd-options

How do I change users in the EB CLI?

I deployed an application on EB with my own AWS account, but I need to do the same with another one. I have the user name, access key and secret access key for the AWS account I need to deploy from, but I don't even know how to switch out of my account to do it.
I've been able to sign into the AWS cli with those credentials, but I'm having trouble using the aws elasticbeanstalk cli, so help deploying my application through that would be helpful as well.
Thanks!
The AWS CLI credentials are set in credential file and can be overridden with enviroment variables.
To create differnent profiles can use the built in config tool:
aws configure --profile user2
Then when you use the aws to call elasticbeanstalk, you can specify this new profile to use
aws --profile user2 elasticbeanstalk ...blah...blah...blah...