I am running EC2 as self hosted runner. I have exported AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to the EC2, and I can see that they are set with printenv command.
Reason for doing this is that I dont want to save AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in github secret.
Is there any way I can access and use the environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) in my github action workflow?
I am going to automate AWS EC2 instance creation. I have a yaml file which built using cloud formation template. I want to know how do i run this using command line interface.
first you have to upload your template to S3.
create bucket
aws s3api create-bucket --bucket cloud-formation-stacks --region us-east-1
upload to S3
aws s3 sync --delete <template> s3://cloud-formation-stacks
create stack
aws cloudformation create-stack --stack-name mystack
--template-url <template url>
--parameters ParameterKey=KeyName,ParameterValue=YOUR_KEY_NAME
add your parameters as shown. (vpc, security group, subnet id, tags etc etc)
OR. you can do this viva AWS management console, Services->Cloudformation and upload your template.
Can anybody tell me how to automate the aws configure in bash with a one liner?
Example:
$ aws configure --profile user2
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text
Application: I want to automate this inside a Docker Entrypoint!
If you run aws configure set help you will see that you can supply settings individually on the command line and they will be written to the relevant credentials or config file. For example:
aws configure set aws_access_key_id AKIAI44QH8DHBEXAMPLE
You can also run this interactively to modify the default credentials:
aws configure
Or run it interactively to create/modify a named profile:
aws configure --profile qa
Note: with the first technique above, whatever command you type will appear in your history and this is not a good thing for passwords, secret keys etc. So in that case, use an alternative that does not cause the secret parameter to be logged to history, or prevent the entire command being logged to history.
One liner
aws configure set aws_access_key_id "AKIAI44QH8DHBEXAMPLE" --profile user2 && aws configure set aws_secret_access_key "je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY" --profile user2 && aws configure set region "us-east-1" --profile user2 && aws configure set output "text" --profile user2
Note: setting region is optional (also never set it with an empty string if you don't have any region, or it will be buggy); as well as the user profile, if you don't set it it will go under default settings.
👍 Better practice with Secrets
Use secrets, then use associated environment variables:
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile user2 && aws configure set aws_secret_access_key "$AWS_ACCESS_KEY_SECRET" --profile user2 && aws configure set region "$AWS_REGION" --profile user2 && aws configure set output "text" --profile user2
📖 To know more
Run aws configure set help to get command line options.
Documentation for aws configure set.
Documentation for secrets: Docker, Kubernetes, GitLab.
If you want to automate you should use files rather than CLI. Your CLI only write those files.
➜ cat ~/.aws/config
[profile_1]
output = json
region = eu-west-1
[profile_2]
output = json
region = eu-west-1
➜ cat ~/.aws/credentials
[profile_1]
aws_access_key_id =
aws_secret_access_key =
[profile_2]
aws_access_key_id =
aws_secret_access_key =
For those inclined to use bash, the following works quite well and keeps secrets out of your scripts. In addition, it will also save your input to a named profile in one go.
printf "%s\n%s\nus-east-1\njson" "$KEY_ID" "$SECRET_KEY" | aws configure --profile my-profile
I think this is the answer in one line
aws configure set aws_access_key_id $YOUR_ACCESS_KEY_ID; aws configure set aws_secret_access_key $YOUR_SECRET_ACCESS_KEY; aws configure set default.region $YOUR_AWS_DEFAULT_REGION
One liner
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile profile_name_here && aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile profile_name_here && aws configure set region "$AWS_REGION" --profile profile_name_here && aws configure set output "json" --profile profile_name_here
Setting individual configuration
profile_name_here is the aws profile name to be saved to your aws config. Replace it with your own.
ACCESS KEY
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile profile_name_here
SECRET ACCESS KEY
aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile profile_name_here
REGION
aws configure set region "$AWS_REGION" --profile profile_name_here
OUTPUT
aws configure set output "json" --profile profile_name_here
The value specified here is json but you can replace it from the list of supported output formats from aws docs.
json
yaml
yaml-stream
text
table
Note:
That $AWS_ACCESS_KEY_ID, $AWS_SECRET_ACCESS_KEY and $AWS_REGION are variables from your AWS credentials file or environment variables if you are using CI. You can also replace them using regular strings value but that is not safe.
Building upon the suggestion by Tom in jarmod's answer, to "configure your keys in a config file that you then share with your docker container instead".
I found that slightly confusing as I'm new to using Docker and awscli.
Also, I believe most who end up at this question are similarly trying to use Docker and awscli together.
So what you'd want to do, step by step is:
Create a credentials file containing
[default]
aws_access_key_id = default_access_key
aws_secret_access_key = default_secret_key
that you copy to ~/.aws/credentials, using a line in Dockerfile like
COPY credentials /root/.aws/credentials
and a config file containing
[default]
region = us-west-2
output = table
that you copy to ~/.aws/config, using a line in Dockerfile like
COPY config /root/.aws/config
Reference:
aws configure set help
I am using the below Script to attach and detach the server from load balancer
#!/bin/bash
aws elb register-instances-with-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e
aws elb deregister-instances-from-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e
When I am running the script I am getting the error as below
Service elasticloadbalancing not available in region ap-southeast-1b
Service elasticloadbalancing not available in region ap-southeast-1b
Is there any changes I want to make the script working or Is there any alternate script to do the work.
The error says region ap-southeast-1b, but ap-southeast-1b is an Availability Zone, not a Region.
The Region should be ap-southeast-1.
Run aws configure and confirm that your Region is set correctly.
Seems your ELB is set in other regions, add --region in your command, for example, if the ELB is created at us-east-1:
aws elb register-instances-with-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e --region us-east-1
aws elb deregister-instances-from-load-balancer --load-balancer-name Load-BalancerLoadBalancer --instances i-a3f1446e --region us-east-1
I'm using the following command to set up the AWS launch config:
as-create-launch-config test1autoscale --image-id ami-xxxx --instance-type m1.small
where ami-xxxx is the image id that I got from my instance via the web console. I get the following error:
Malformed input-AMI ami-xxxx is invalid: The AMI ID 'ami-xxxx' does not exist
I have triple checked that the image id matches the instance image id. My availability zone is ap-southeast-1a. I am not clear on what image is being asked for if it will not accept the image of the instance I wish to add to the autoscale group
Try adding the region endpoint (because by default it's looking into us-east-1 enpoint) to your config command, then it should work:
as-create-launch-config test1autoscale --region ap-southeast-1 --image-id ami-xxxx --instance-type m1.small
Also take a look at this: Regions and Endpoints - Amazon Web Services Glossary