I recently started using AWS. While there is a lot of documentation, it is easy to get lost. Here are a few tips.
For remote administration access, I needed to create a user and group. This can be done in the “Security Credentials” section:
- Create an admin group and give it the “AdministratorAccess” policy.
- Create a user and put it in the admin group.
- Create an access key for the user to obtain an access key id and a secret access key id.
Command line tool
Command line access is essential to me, so I installed awscli using pip. No problem on Gentoo (as long as you are using python 3.x).
awscli can be configured with two files.
~/.aws/credentials is used to
store access keys, for example:
[default] aws_access_key_id=XXXXXX aws_secret_access_key_id=XXXXXX [$PROFILE1] aws_access_key_id=XXXXXX aws_secret_access_key_id=XXXXXX [$PROFILE2] aws_access_key_id=XXXXXX aws_secret_access_key_id=XXXXXX
~/.aws/config contains preferences, e.g.:
[default] region=eu-west-1 output=json [profile $PROFILE1] region=eu-west-1 output=json [profile $PROFILE2] region=eu-central-1 output=table
--profile argument is used to select a profile when running a command.
Personally, I do not specify default credentials and configuration. This way,
I am forced to use the
--profile argument for every command, which
eliminates any risk of using the wrong account, a mistake which can be
awscli is well documented. Run
aws help or
aws <command> help for more
It is also distributed with a zsh completion script. When installed with pip
on gentoo, the file is available at
/usr/bin/aws_zsh_completer.sh. I added
the following lines to my
aws_completion="/usr/bin/aws_zsh_completer.sh" if [ -f "$aws_completion" ]; then source $aws_completion fi
AWS is of course not free. It is easy to underestimate the cost of each service, and I do not like surprises.
I highly recommend to setup a budget in the “Billing & Cost Management” dashboard, and configure it to receive a notification when the costs exceed a specified percentage of the budget.