Here are the steps for installing the AWS command line tools that are currently available as Ubuntu packages. These include:
- EC2 API tools
- EC2 AMI tools
- IAM - Identity and Access Management
- RDS - Relational Database Service
- CloudWatch
- Auto Scaling
- ElastiCache
Starting with Ubuntu 12.04 LTS Precise, these are also available:
- CloudFormation
- ELB - Elastic Load Balancer
Install Packages
Enable the multiverse repository. This can be done through the Ubuntu Update Manager or by editing /etc/apt/sources.list Here are some commands that will enable multiverse on a new installation:
# 12.04 LTS Precise, 11.10 Oneiric
sudo perl -pi.orig -e 'next if /-backports/; s/^# (deb .* multiverse)$/$1/' /etc/apt/sources.list
# 10.04 LTS Lucid
sudo perl -pi.orig -e 's/^(deb .* universe)$/$1 multiverse/' /etc/apt/sources.list
Enable the awstools PPA and update the apt package index:
sudo apt-add-repository ppa:awstools-dev/awstools
sudo apt-get update
Install available AWS command line tool packages:
sudo apt-get install ec2-api-tools ec2-ami-tools iamcli rdscli moncli ascli elasticache
# Also available on Ubuntu 12.04 LTS Precise
sudo apt-get install aws-cloudformation-cli elbcli
Some of these tools support passing in credentials on the command line, but for regular use, you will want to store the AWS credentials in files.
Set up AWS Credentials
Create a place to store the AWS credentials:
mkdir -m 0700 $HOME/.aws/
Copy your AWS X.509 certificate and private key to this subdirectory. These files will have names that look something like this:
$HOME/.aws/cert-7KX4CVWWQ52YM2SUCIGGHTPDNDZQMVEF.pem
$HOME/.aws/pk-7KX4CVWWQ52YM2SUCIGGHTPDNDZQMVEF.pem
Create the file $HOME/.aws/aws-credential-file.txt with your AWS
access key id and secret access key in the following
format:
AWSAccessKeyId=YOURACCESSKEYIDHERE
AWSSecretKey=YOURPRIVATEACCESSKEYHERE
Add the following lines to your $HOME/.bashrc file so that the AWS
command line tools know where to find the above files:
# AWS credentials
export EC2_PRIVATE_KEY=$(echo $HOME/.aws/pk-*.pem)
export EC2_CERT=$(echo $HOME/.aws/cert-*.pem)
export AWS_CREDENTIAL_FILE=$HOME/.aws/aws-credential-file.txt
Make sure these are set in your current shell(s):
source $HOME/.bashrc
Test
Make sure that the command line tools are installed and have credentials set up correctly. These commands should not return errors:
ec2-describe-regions
ec2-ami-tools-version
iam-accountgetsummary
rds-describe-db-engine-versions
mon-version
as-version
# Ubuntu 12.04 LTS Precise and higher
cfn-list-stacks
elb-describe-lb-policies
AWS Command Line Tools
The table below shows some of the various AWS products, whether Amazon publishes command line tools, and whether these are available in key Ubuntu releases. Some of the packages are available in the standard apt repositories, some require adding multiverse, and some are published in the awstools PPA. The awstools PPA also has newer versions of some of the packages released by Amazon after the official Ubuntu release.
As you can see, there are a number of command line tools that are not (yet) packaged in Ubuntu. These can be downloaded directly from Amazon and installed manually.
There are also a number of AWS services that do not have command line tools available from Amazon, though some third parties have provided helpful alternatives.
[Update 2012-09-03: Added links to command line tools for S3, SNS]
[Update 2013-03-10: Added CloudWatch, Auto Scaling, ElastiCache]
Follow Eric Hammond on Twitter
Hi Eric,
Great post. Just a note to know that we created a package of most popular Amazon command line tools and SDK: BitNami Cloud Tools. We created it for internal use but we think it could be useful for other users. It packages the Amazon Web Services command line tools together with preconfigured Java, Ruby and Perl language runtimes.
Beltran:
Thanks for sharing the pointer. I generally recommend using standard Ubuntu packages and Ubuntu distribution mechanisms whenever possible to reduce conflicts, maintenance tasks, and risk of falling behind in security patches. You might consider publishing your software on a PPA (personal package archive) in Lauchpad.net with standard dependencies on other Ubuntupackages for Java, Ruby, Perl. Users of your software will then get updates through the standard Ubuntu package upgrade process without having to go to your web site to download new versions.
Very useful How-to, saved me some headaches!! I was following instructions here https://help.ubuntu.com/community/EC2StartersGuide and it wouldn't work.
Thanks and keep up the good work...
jm.minu:
Hm, I wonder what went wrong for you following the instructions on help.ubuntu.com. The great thing about that site is that when you identify problems, you can simply edit the page to correct it for future readers.
CloudWatch tools seem to be available for Ubuntu 12.04 in a package called "moncli":
I'm pretty new to Ubuntu but not aware of enabling any custom repositories, so this should be in the standard repository.
Hello, im posting this on 2012-01-20 and noticed at the ppa site that the last update on those packages was in 2012-06. Hope this dont keep stale like this, some tools got improved meanwhile
polaco:
Yes, the aws-tools PPA is going to lag behind the downloadable AWS command line tools and I doubt there is any official policy to update it regularly. It is a PPA after all and not part of the standard Ubuntu release.
If you want the latest tools from AWS, I have provided instructions on how to install them directly fro.m the downloads: http://alestic.com/2012/09/aws-command-line-tools
Thanks for the thorough tutorial. I really appreciate it. However I have one concern: is it secure to store your access and private keys in an instance? If not, what is the work-around? Thanks in advance!
savas.vedova:
In most cases, you'll be installing the command line tools on your laptop or desktop, though there might be some situations you'll also want them on an EC2 instance. In either case, you'll need to have AWS credentials available to the tools so that they can hit the AWS APIs.
I always recommend creating dedicated credentials with IAM and only allowing the actions that need to be performed by the users in question. For example, here's an article that describes how to set up IAM credentials so that an instance can create EBS snapshots in a cron job:
http://alestic.com/2010/09/aws-iam
AItOawl0AptrLSawOB3phwBstEVOQ-mhII29JyI:
Thanks. I've added CloudWatch, AutoScaling, ElastiCache.
savas.vedova:
The AWS command line tools often do not need to be installed to EC2 instances. The most common practice is to install them to your local workstation/laptop, where security is still important.
Wherever you install the command line tools, the recommended practice is to create an IAM (Identity and Access Management) user with only the privileges you need. Use the AWS credentials for that IAM user with the command line tools.
Here's an example I wrote using an IAM user: http://alestic.com/2010/09/aws-iam
With the command line tools on your local system, you may not know in advance what permissions you need. You may create an IAM user with complete access.