Installing AWS Command Line Tools Using Ubuntu Packages

| 11 Comments

See also: Installing AWS Command Line Tools from Amazon Downloads

Here are the steps for installing the AWS command line tools that are currently available as Ubuntu packages. These include:

  • EC2 API tools
  • EC2 AMI tools
  • IAM - Identity and Access Management
  • RDS - Relational Database Service
  • CloudWatch
  • Auto Scaling
  • ElastiCache

Starting with Ubuntu 12.04 LTS Precise, these are also available:

  • CloudFormation
  • ELB - Elastic Load Balancer

Install Packages

Enable the multiverse repository. This can be done through the Ubuntu Update Manager or by editing /etc/apt/sources.list Here are some commands that will enable multiverse on a new installation:

# 12.04 LTS Precise, 11.10 Oneiric
sudo perl -pi.orig -e   'next if /-backports/; s/^# (deb .* multiverse)$/$1/'   /etc/apt/sources.list

# 10.04 LTS Lucid
sudo perl -pi.orig -e   's/^(deb .* universe)$/$1 multiverse/'   /etc/apt/sources.list

Enable the awstools PPA and update the apt package index:

sudo apt-add-repository ppa:awstools-dev/awstools
sudo apt-get update

Install available AWS command line tool packages:

sudo apt-get install ec2-api-tools ec2-ami-tools iamcli rdscli moncli ascli elasticache

# Also available on Ubuntu 12.04 LTS Precise
sudo apt-get install aws-cloudformation-cli elbcli

Some of these tools support passing in credentials on the command line, but for regular use, you will want to store the AWS credentials in files.

Set up AWS Credentials

Create a place to store the AWS credentials:

mkdir -m 0700 $HOME/.aws/

Copy your AWS X.509 certificate and private key to this subdirectory. These files will have names that look something like this:

$HOME/.aws/cert-7KX4CVWWQ52YM2SUCIGGHTPDNDZQMVEF.pem
$HOME/.aws/pk-7KX4CVWWQ52YM2SUCIGGHTPDNDZQMVEF.pem

Create the file $HOME/.aws/aws-credential-file.txt with your AWS access key id and secret access key in the following format:

AWSAccessKeyId=YOURACCESSKEYIDHERE
AWSSecretKey=YOURPRIVATEACCESSKEYHERE

Add the following lines to your $HOME/.bashrc file so that the AWS command line tools know where to find the above files:

# AWS credentials
export EC2_PRIVATE_KEY=$(echo $HOME/.aws/pk-*.pem)
export EC2_CERT=$(echo $HOME/.aws/cert-*.pem)
export AWS_CREDENTIAL_FILE=$HOME/.aws/aws-credential-file.txt

Make sure these are set in your current shell(s):

source $HOME/.bashrc

Test

Make sure that the command line tools are installed and have credentials set up correctly. These commands should not return errors:

ec2-describe-regions 
ec2-ami-tools-version
iam-accountgetsummary
rds-describe-db-engine-versions
mon-version
as-version

# Ubuntu 12.04 LTS Precise and higher
cfn-list-stacks
elb-describe-lb-policies

AWS Command Line Tools

The table below shows some of the various AWS products, whether Amazon publishes command line tools, and whether these are available in key Ubuntu releases. Some of the packages are available in the standard apt repositories, some require adding multiverse, and some are published in the awstools PPA. The awstools PPA also has newer versions of some of the packages released by Amazon after the official Ubuntu release.

AWS Service Amazon Command Line Tools Ubuntu 12.04 LTS Precise Ubuntu 11.10 Oneiric Ubuntu 10.04 LTS Lucid
EC2 API Tools AWS CLI multiverse multiverse
PPA updates
multiverse
PPA updates
EC2 AMI Tools AWS CLI multiverse multiverse
PPA updates
multiverse
PPA updates
IAM - Identity and Access Management AWS CLI main main PPA
RDS - Relational Database Service AWS CLI main main PPA
CloudWatch AWS CLI PPA PPA PPA
Auto Scaling AWS CLI PPA PPA PPA
ElastiCache AWS CLI PPA PPA PPA
ELB - Elastic Load Balancing AWS CLI PPA - -
AWS CloudFormation AWS CLI PPA - -
AWS Import/Export AWS CLI - - -
CloudFront AWS CLI - - -
CloudSearch AWS CLI - - -
Elastic Beanstalk AWS CLI - - -
SNS - Simple Notification Service AWS CLI - - -
EMR - Elastic MapReduce AWS CLI - - -
Route 53 AWS CLI - - -
S3 - Simple Storage Service AWS CLI - - -
SES - Simple Email Service - - -
Direct Connect - - - -
DynamoDB - - - -
SimpleDB - - - -
SQS - Simple Queue Service - - - -
Storage Gateway - - - -
SWF (Simple Workflow Service) - - - -
VPC (Virtual Private Cloud) - - - -

As you can see, there are a number of command line tools that are not (yet) packaged in Ubuntu. These can be downloaded directly from Amazon and installed manually.

There are also a number of AWS services that do not have command line tools available from Amazon, though some third parties have provided helpful alternatives.

[Update 2012-09-03: Added links to command line tools for S3, SNS]
[Update 2013-03-10: Added CloudWatch, Auto Scaling, ElastiCache]

11 Comments

Hi Eric,

Great post. Just a note to know that we created a package of most popular Amazon command line tools and SDK: BitNami Cloud Tools. We created it for internal use but we think it could be useful for other users. It packages the Amazon Web Services command line tools together with preconfigured Java, Ruby and Perl language runtimes.

Beltran:

Thanks for sharing the pointer. I generally recommend using standard Ubuntu packages and Ubuntu distribution mechanisms whenever possible to reduce conflicts, maintenance tasks, and risk of falling behind in security patches. You might consider publishing your software on a PPA (personal package archive) in Lauchpad.net with standard dependencies on other Ubuntupackages for Java, Ruby, Perl. Users of your software will then get updates through the standard Ubuntu package upgrade process without having to go to your web site to download new versions.

Very useful How-to, saved me some headaches!! I was following instructions here https://help.ubuntu.com/community/EC2StartersGuide and it wouldn't work.
Thanks and keep up the good work...

jm.minu:

Hm, I wonder what went wrong for you following the instructions on help.ubuntu.com. The great thing about that site is that when you identify problems, you can simply edit the page to correct it for future readers.

CloudWatch tools seem to be available for Ubuntu 12.04 in a package called "moncli":

sudo apt-get install moncli

I'm pretty new to Ubuntu but not aware of enabling any custom repositories, so this should be in the standard repository.

Hello, im posting this on 2012-01-20 and noticed at the ppa site that the last update on those packages was in 2012-06. Hope this dont keep stale like this, some tools got improved meanwhile

polaco:

Yes, the aws-tools PPA is going to lag behind the downloadable AWS command line tools and I doubt there is any official policy to update it regularly. It is a PPA after all and not part of the standard Ubuntu release.

If you want the latest tools from AWS, I have provided instructions on how to install them directly fro.m the downloads: http://alestic.com/2012/09/aws-command-line-tools

Thanks for the thorough tutorial. I really appreciate it. However I have one concern: is it secure to store your access and private keys in an instance? If not, what is the work-around? Thanks in advance!

savas.vedova:

In most cases, you'll be installing the command line tools on your laptop or desktop, though there might be some situations you'll also want them on an EC2 instance. In either case, you'll need to have AWS credentials available to the tools so that they can hit the AWS APIs.

I always recommend creating dedicated credentials with IAM and only allowing the actions that need to be performed by the users in question. For example, here's an article that describes how to set up IAM credentials so that an instance can create EBS snapshots in a cron job:

http://alestic.com/2010/09/aws-iam

AItOawl0AptrLSawOB3phwBstEVOQ-mhII29JyI:

Thanks. I've added CloudWatch, AutoScaling, ElastiCache.

savas.vedova:

The AWS command line tools often do not need to be installed to EC2 instances. The most common practice is to install them to your local workstation/laptop, where security is still important.

Wherever you install the command line tools, the recommended practice is to create an IAM (Identity and Access Management) user with only the privileges you need. Use the AWS credentials for that IAM user with the command line tools.

Here's an example I wrote using an IAM user: http://alestic.com/2010/09/aws-iam

With the command line tools on your local system, you may not know in advance what permissions you need. You may create an IAM user with complete access.

Leave a comment

Ubuntu AMIs

Ubuntu AMIs for EC2:


More Entries

EBS-SSD Boot AMIs For Ubuntu On Amazon EC2
With Amazon’s announcement that SSD is now available for EBS volumes, they have also declared this the recommended EBS volume type. The good folks at Canonical are now building Ubuntu…
EC2 create-image Does Not Fully "Stop" The Instance
The EC2 create-image API/command/console action is a convenient trigger to create an AMI from a running (or stopped) EBS boot instance. It takes a snapshot of the instance’s EBS volume(s)…
Finding the Region for an AWS Resource ID
use concurrent AWS command line requests to search the world for your instance, image, volume, snapshot, … Background Amazon EC2 and many other AWS services are divided up into various…
Changing The Default "ubuntu" Username On New EC2 Instances
configure your own ssh username in user-data The official Ubuntu AMIs create a default user with the username ubuntu which is used for the initial ssh access, i.e.: ssh ubuntu@<HOST>…
Default ssh Usernames For Connecting To EC2 Instances
Each AMI publisher on EC2 decides what user (or users) should have ssh access enabled by default and what ssh credentials should allow you to gain access as that user.…
New c3.* Instance Types on Amazon EC2 - Nice!
Worth switching. Amazon shared that the new c3.* instance types have been in high demand on EC2 since they were released. I finally had a minute to take a look…
Query EC2 Account Limits with AWS API
Here’s a useful tip mentioned in one of the sessions at AWS re:Invent this year. There is a little known API call that lets you query some of the EC2…
Using aws-cli --query Option To Simplify Output
My favorite session at AWS re:Invent was James Saryerwinnie’s clear, concise, and informative tour of the aws-cli (command line interface), which according to GitHub logs he is enhancing like crazy.…
Reset S3 Object Timestamp for Bucket Lifecycle Expiration
use aws-cli to extend expiration and restart the delete or archive countdown on objects in an S3 bucket Background S3 buckets allow you to specify lifecycle rules that tell AWS…
Installing aws-cli, the New AWS Command Line Tool
consistent control over more AWS services with aws-cli, a single, powerful command line tool from Amazon Readers of this tech blog know that I am a fan of the power…
Using An AWS CloudFormation Stack To Allow "-" Instead Of "+" In Gmail Email Addresses
Launch a CloudFormation template to set up a stack of AWS resources to fill a simple need: Supporting Gmail addresses with “-” instead of “+” separating the user name from…
New Options In ec2-expire-snapshots v0.11
The ec2-expire-snapshots program can be used to expire EBS snapshots in Amazon EC2 on a regular schedule that you define. It can be used as a companion to ec2-consistent-snapshot or…
Replacing a CloudFront Distribution to "Invalidate" All Objects
I was chatting with Kevin Boyd (aka Beryllium) on the ##aws Freenode IRC channel about the challenge of invalidating a large number of CloudFront objects (35,000) due to a problem…
Email Alerts for AWS Billing Alarms
using CloudWatch and SNS to send yourself email messages when AWS costs accrue past limits you define The Amazon documentation describes how to use the AWS console to monitor your…
Cost of Transitioning S3 Objects to Glacier
how I was surprised by a large AWS charge and how to calculate the break-even point Glacier Archival of S3 Objects Amazon recently introduced a fantastic new feature where S3…
Running Ubuntu on Amazon EC2 in Sydney, Australia
Amazon has announced a new AWS region in Sydney, Australia with the name ap-southeast-2. The official Ubuntu AMI lookup pages (1, 2) don’t seem to be showing the new location…
Save Money by Giving Away Unused Heavy Utilization Reserved Instances
You may be able to save on future EC2 expenses by selling an unused Reserved Instance for less than its true value or even $0.01, provided it is in the…
Installing AWS Command Line Tools from Amazon Downloads
When you need an AWS command line toolset not provided by Ubuntu packages, you can download the tools directly from Amazon and install them locally. In a previous article I…
Convert Running EC2 Instance to EBS-Optimized Instance with Provisioned IOPS EBS Volumes
Amazon just announced two related features for getting super-fast, consistent performance with EBS volumes: (1) Provisioned IOPS EBS volumes, and (2) EBS-Optimized Instances. Starting new instances and EBS volumes with…
Which EC2 Availability Zone is Affected by an Outage?
Did you know that Amazon includes status messages about the health of availability zones in the output of the ec2-describe-availability-zones command, the associated API call, and the AWS console? Right…
Installing AWS Command Line Tools Using Ubuntu Packages
See also: Installing AWS Command Line Tools from Amazon Downloads Here are the steps for installing the AWS command line tools that are currently available as Ubuntu packages. These include:…
Ubuntu Developer Summit, May 2012 (Oakland)
I will be attending the Ubuntu Developer Summit (UDS) next week in Oakland, CA. ┬áThis event brings people from around the world together in one place every six months to…
Uploading Known ssh Host Key in EC2 user-data Script
The ssh protocol uses two different keys to keep you secure: The user ssh key is the one we normally think of. This authenticates us to the remote host, proving…
Seeding Torrents with Amazon S3 and s3cmd on Ubuntu
Amazon Web Services is such a huge, complex service with so many products and features that sometimes very simple but powerful features fall through the cracks when you’re reading the…
CloudCamp
There are a number of CloudCamp events coming up in cities around the world. These are free events, organized around the various concepts, technologies, and services that fall under the…
Use the Same Architecture (64-bit) on All EC2 Instance Types
A few hours ago, Amazon AWS announced that all EC2 instance types can now run 64-bit AMIs. Though t1.micro, m1.small, and c1.medium will continue to also support 32-bit AMIs, it…
ec2-consistent-snapshot on GitHub and v0.43 Released
The source for ec2-conssitent-snapshot has historically been available here: ec2-consistent-snapshot on Launchpad.net using Bazaar For your convenience, it is now also available here: ec2-consistent-snapshot on GitHub using Git You are…
You Should Use EBS Boot Instances on Amazon EC2
EBS boot vs. instance-store If you are just getting started with Amazon EC2, then use EBS boot instances and stop reading this article. Forget that you ever heard about instance-store…
Retrieve Public ssh Key From EC2
A serverfault poster had a problem that I thought was a cool challenge. I had so much fun coming up with this answer, I figured I’d share it here as…
Running EC2 Instances on a Recurring Schedule with Auto Scaling
Do you want to run short jobs on Amazon EC2 on a recurring schedule, but don’t want to pay for an instance running all the time? Would you like to…