AWS Certified SysOps Administrator Official Study Guide. Cole Stephen
to participate. Find the code and more information on the user community at https://github.com/aws/aws-cli.
Executing an AWS CLI command is as simple as typing aws and then a command string followed by a list of options.
The format of your command will generally take the form of the following:
aws service parameter1
parameter2 … parameterN
For example, aws ec2 describe-instances will return a list of your Amazon Elastic Compute Cloud (Amazon EC2) instances, along with their properties, running in your configured region. aws s3 ls s3://mycertification/ will return an object listing of an Amazon S3 bucket you own named mycertification.
In the Configuration section, we mentioned that you can represent the data retrieved using the AWS CLI in three output formats: “JSON,” “text,” or “table.” Each format can provide a number of benefits to the user depending on the use case in question.
JSON is the default format, and it provides data in a form that is easily parsed and ingested by applications. This format is commonly used in other AWS Cloud services (for example, AWS CloudFormation), and it is a standard in which operations personnel should become well versed if they want to excel. Text output allows the operator to output data in a tab-delimited format that can be parsed by tools like grep and other text parsers. (If you happen to be a Linux systems administrator, you’re likely very familiar with this tool.) Table format is often more easily human readable than JSON or text.
As you gain more experience using the AWS CLI, you will find that your command lines can become increasingly difficult to manage effectively as your parameters become more complex. There are several strategies to deal with this problem.
First, in Linux or Mac, you can use the backslash character to separate a command into several lines. For example, this command:
aws rds download-db-log-file-portion – db-instance-identifier awstest1 – log-file-name "error/postgres.log"
is equivalent to the following command, parsed with backslashes:
aws rds \download-db-log-file-portion \-db-instance-identifier awstest1 \-log-file-name "error/postgres.log"
Using backslashes makes the command more easily comprehensible to a human reader, thus assisting with troubleshooting when errors occur.
Next, some AWS CLI commands take a JSON-formatted string as part of the input. For example, the aws ec2 create-security-group command has a parameter -cli-input-json that takes a JSON-formatted string as an input. As an alternative to entering the string via the command line, you can refer to a local file as follows:
aws ec2 create-security-group – cli-input-json file://filename.json
where filename.json is the file containing the JSON string.
Additionally, you can store the JSON string as an object in Amazon S3 or another web-hosted location and access the file as a URL:
aws ec2 create-security-group \-cli-input-json \https://s3.amazonaws.com/cheeeeessseeee/filename.json
This gives you the ability to reuse more easily the JSON string that you’ve created for one environment in another.
As you explore using the AWS CLI, you will find that there is a wealth of information about your AWS environment that can be retrieved using the tool. Command-line output is comprehensive. Running the command aws ec2 describe-instances returns dozens of values describing each instance running: InstanceId, PublicDnsName, PrivateDnsName, InstanceType, and much more. There are times when you don’t want to return all of those values, though. What do you do if you want to retrieve only a list of the Amazon Machine Image (AMI) IDs that your instances are running so that you can make sure that your fleet is running your preferred image?
That’s where the -query option comes in. This option allows you to filter results so that only the output with the parameters you specify are returned. Query uses the JMESPath query language as its input for filtering to the results you specify.
Here are some examples of query in practical use cases. Perhaps you want to obtain the metadata for your Amazon Relational Database Service (Amazon RDS) instances, but only those that are running in the us-east-1e Availability Zone:
aws rds describe-db-instances \ – query 'DBInstances[?AvailabilityZone==`us-east-1e`]' \ – output text
Maybe you want a list of your AWS IoT things that are Intel Edison devices:
aws iot list-things – query 'things[?thingTypeName==`IntelEdison`]' – output text
Or maybe you’ve been tasked with identifying a list of the instances with their associated instance type that are running in your environment so that they can be targeted as candidates for upgrades to newer generation types:
aws ec2 describe-instances \ – query 'Reservations[*].Instances[*].[InstanceId, LaunchTime, InstanceType]' \ – output text
That last one is a bit different than what we’ve executed in the previous examples. Note that we are working our way down the JSON hierarchy. First we specify that everything under Reservations and then everything under Instances is in scope for our query (the * character works as our wildcard here). In the final set of brackets, we specify what specific fields at that level we want to return – InstanceId, LaunchTime, and InstanceType in this example, allowing us to see only which fields are useful to us for our task.
Query can be a powerful tool. However, output can vary among the resources you list using the AWS CLI (differing fields may be present in your output based on a number of variables). Accordingly, it’s recommended that you rely on text format for any outputs that you run through query; you can see that we’ve added that output parameter to the queries here. Additionally, using text format makes it easier to use tools like grep on the output.
To this point, we’ve been focusing on the AWS CLI tool in our discussion of how a systems operator can effectively administer a customer’s cloud resources from the command line. Because this tool works across operating systems, the AWS CLI provides an effective way to administer across various shells.
There is, however, a notable contingent of IT professionals whose favorite command-line shell is Windows PowerShell. To serve those customers who prefer PowerShell, we have provided a full-featured tool for that environment called AWS Tools for Windows PowerShell. Although we will not dive into this tool in this book, if you love PowerShell, you can find more information at https://aws.amazon.com/powershell/.
AWS provides a number of SDKs for use by programmers. Although we don’t expect that a systems operator would use an SDK directly on a regular basis, as a knowledgeable AWS resource, it’s important that you understand that the SDKs and the underlying APIs they use exist, and that you have some general knowledge about how they are used.
There are a few reasons for this. For one thing, some