AWS Step-by-Step

Enabling Programmatic Command Line Access for AWS, Part 2

Now that you've set up the requisite account, it's time to enable authentication. Here's how.

• By Brien Posey
• 05/21/2024

In Part 1, I showed you how to create an account that can be used to provide command line access to the various AWS services. Now, I want to continue the discussion by showing you how to set up the command line environment and how to enable authentication through the previously created account.

The first thing you need to do is obtain access keys corresponding to the account that you created earlier. To do so, open the Identity and Access Management (IAM) console and select the users tab. Next, click on the previously created account. This will cause the console to open an account summary screen, similar to the one shown in Figure 1.

Click on the Create Access Key link shown in the figure above. This will cause the console to display the Access Key Best Practices and Alternatives screen. Here, you will need to select the Command Line Interface (CLI) option, shown in Figure 2.

Select the "I Understand the Above Recommendations and Want to Proceed to Create an Access Key" checkbox and click Next. When you do, you will be taken to a screen that gives you the opportunity to set a description tag for the key that you are creating. You aren't required to assign a tag to the key, but tagging your keys can make it much easier to stay organized. When you are done, click the Create Access Key button, shown in Figure 3.

At this point, the console will display your access key for the account, along with the secret key. You will need to make a copy of both of these keys. You must do this right away, because AWS makes it impossible to retrieve the secret key at a later time.

Now that you have acquired the necessary access keys, it's time to install the AWS CLI. There are several different methods that you can use to download and install the CLI, but I prefer to use PowerShell.

To get started, open an elevated PowerShell session and enter the following command:

msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

The command line interface installation process is extremely simple and straightforward. It involves accepting a license agreement and clicking Next a few times.

When the installation process completes, it is a good idea to verify that the necessary components are in place before moving on to the authentication process. To verify that the command line interface is working properly, open a Windows Command Prompt window (not PowerShell) and enter the following command:

aws --version

As simple as this command may be, there are two important things you need to know about using it. First, there are two dashes (not just one) behind the word "version." While this syntax is somewhat uncommon in the world of Windows, double dashes are often used in Linux environments.

Second, If the command fails, then close and reopen the Command Prompt window. In my case, I set up the AWS CLI on a Windows 11 system as I wrote this article. I had to completely close the Terminal (including all open tabs) and reopen it before the AWS command would work.

The last step in the process is to configure the command line interface to use your access key and secret key. To do so, enter the following command into a Windows Command Prompt window:

aws configure

Upon doing so, the client will prompt you for several pieces of information. You will need to enter your access key, secret key, region and default output format. The region should be entered in Amazon's usual format. In my case, for example, the region is us-east-1. The output format is simply the way that you want command line output to be formatted. Most people probably use JSON as the output format. You can see what this process looks like in Figure 5.