Getting Started (AWS PowerShell): Difference between revisions

From vwiki
Jump to navigation Jump to search
(Initial creation)
 
(Added "Get Instances")
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Setup Credentials ==
== Setup Credentials ==
PowerShell Core can't store credentials securely by itself (the encryption used by Windows PowerShell is dependant on Windows DLL's, the Secure String object is not available in PowerShell Core), therefore AWS provide a method of storing AWS credentials securely for use which replicates how you'd do this in Windows PowerShell whereby credentials are stored in an encrypted file that can only be decrypted by the logged in user..  You need the Access Key ID and Secret for your account
PowerShell Core can't store credentials securely by itself (the encryption used by Windows PowerShell is dependant on Windows DLL's, the Secure String object is not available in PowerShell Core), therefore AWS provide a method of storing AWS credentials securely for use which replicates how you'd do this in Windows PowerShell whereby credentials are stored in an encrypted file that can only be decrypted by the logged in user.  You need the Access Key ID and Secret for your account.  If you don't have an ''Access Key ID'', go to '''IAM > Users''' and locate your account and select '''Create access key''' (the secret will not be accessible again, make a note of it somewhere secure).


The following command stores your credentials in the default profile, meaning that they will be used for operations where credentials are required, unless you specify a different profile of credentials to use
The following command stores your credentials in the default profile, meaning that they will be used for operations where credentials are required, unless you specify a different profile of credentials to use
Line 8: Line 8:
</source>
</source>


{| class="vwiki-note"
|-
| '''Credentials file is not encrypted in Linux systems'''
|-
| When using the <source lang="PowerShell" inline>Set-AWSCredential</source> CmdLet on Linux systems the credentials file created is not encrypted (it is on Windows systems).  Therefore you need to ensure you secure the file, ideally store in an encrypted path accessible by only you.
|}


== Set Default Region ==
Most commands need to be run against a specific region.  You can either specify this each time you run CmdLet, or if you predominantly run in one region, its more convenient to set a default region
<source lang="PowerShell">
Set-DefaultAWSRegion -Region eu-west-1
</source>
Other useful region commands...
<source lang="PowerShell">
Clear-DefaultAWSRegion              # Clear default region
Get-AWSRegion                      # Get list of regions, including what is default
</source>
== Get Instances ==
Example commands to get instances..
<source lang="PowerShell">
# Get running instances with Production tag
$instances = Get-EC2Instance -Filter @(@{Name="tag:Function";Values="Production"};@{Name="instance-state-name";Values="running"}) | Select-Object -ExpandProperty instances
# Get specific instance
$instance = Get-EC2Instance -Filter @(@{Name="instance-id";Values="i-012345678abcdef01"}) | Select-Object -ExpandProperty instances
</source> 
[[Category: AWS PowerShell]]
[[Category: AWS PowerShell]]

Latest revision as of 09:17, 20 November 2018

Setup Credentials

PowerShell Core can't store credentials securely by itself (the encryption used by Windows PowerShell is dependant on Windows DLL's, the Secure String object is not available in PowerShell Core), therefore AWS provide a method of storing AWS credentials securely for use which replicates how you'd do this in Windows PowerShell whereby credentials are stored in an encrypted file that can only be decrypted by the logged in user. You need the Access Key ID and Secret for your account. If you don't have an Access Key ID, go to IAM > Users and locate your account and select Create access key (the secret will not be accessible again, make a note of it somewhere secure).

The following command stores your credentials in the default profile, meaning that they will be used for operations where credentials are required, unless you specify a different profile of credentials to use

Set-AWSCredential -AccessKey <your-access-key> -SecretKey <your-secret> -StoreAs default
Credentials file is not encrypted in Linux systems
When using the Set-AWSCredential CmdLet on Linux systems the credentials file created is not encrypted (it is on Windows systems). Therefore you need to ensure you secure the file, ideally store in an encrypted path accessible by only you.

Set Default Region

Most commands need to be run against a specific region. You can either specify this each time you run CmdLet, or if you predominantly run in one region, its more convenient to set a default region

Set-DefaultAWSRegion -Region eu-west-1

Other useful region commands...

Clear-DefaultAWSRegion              # Clear default region
Get-AWSRegion                       # Get list of regions, including what is default

Get Instances

Example commands to get instances..

# Get running instances with Production tag
$instances = Get-EC2Instance -Filter @(@{Name="tag:Function";Values="Production"};@{Name="instance-state-name";Values="running"}) | Select-Object -ExpandProperty instances 

# Get specific instance
$instance = Get-EC2Instance -Filter @(@{Name="instance-id";Values="i-012345678abcdef01"}) | Select-Object -ExpandProperty instances