The AWS Command Line Interface is a unified tool to manage AWS services. You would use the CLI to run EC2 instances, upload objects for storage in S3, and to manage users in IAM.

In this post we examine how the CLI, and higher level tooling, can be used with your Eucalyptus cloud.

Get started with the CLI

The first step is to get the latest AWS CLI. These instructions will differ depending on your OS, we will assume that CentOS/RHEL 7 is in use as that is the OS used with Eucalyptus. You may need to alter for your package manager, or to use pip3 rather than pip.

The AWS CLI can be installed using pip, if you do not have pip available you can install it using yum (or apt-get, dnf, etc):

> yum install python-pip
> pip install awscli

We then need to configure a few options to allow use of the CLI with Eucalyptus clouds:

> aws configure set s3.signature_version s3v4
> aws configure set region eucalyptus
> aws configure set output text

We’ve used the region name eucalyptus, but you can use any region name for your Eucalyptus cloud. We set the output of the CLI to text rather than the JSON default so it is easier to read.

The CLI comes with support for TAB completion of commands let’s enable it for our current shell:

> complete -C aws_completer aws

With this configuration we can run commands by specifying the --endpoint option and using credentials from the environment. This is not very convenient, but fortunately we can do better by making use of the endpoint plugin.

Enter the Endpoint plugin

The AWS CLI Endpoint plugin can also be installed using pip and allows us to configure the service endpoints we want to use for our Eucalyptus cloud.

> pip install awscli-plugin-endpoint
> aws configure set plugins.endpoint awscli_plugin_endpoint

This installs and enables the plugin.

Next we configure the endpoints, making use of a euca2ools command to generate environment variables based on euca2ools existing configuration:

> eval $(euca-generate-environment-config)
> aws configure set autoscaling.endpoint_url ${AWS_AUTO_SCALING_URL}
> aws configure set cloudformation.endpoint_url ${AWS_CLOUDFORMATION_URL}
> aws configure set cloudwatch.endpoint_url ${AWS_CLOUDWATCH_URL}
> aws configure set ec2.endpoint_url ${EC2_URL}
> aws configure set elb.endpoint_url ${AWS_ELB_URL}
> aws configure set iam.endpoint_url ${AWS_IAM_URL}
> aws configure set s3.endpoint_url ${S3_URL}
> aws configure set s3api.endpoint_url ${S3_URL}
> aws configure set sts.endpoint_url ${TOKEN_URL}

Here we have configured the default endpoints used by the various AWS CLI subcommands. A subcommand is a little different from a service, notably we configure the Eucalyptus S3 endpoint for the s3 and s3api subcommands as these both use S3 compatible services.

AWS CLI in action

Now that the CLI is fully configured let’s try out a few of the services:

> aws ec2 describe-account-attributes
ACCOUNTATTRIBUTES	supported-platforms
> aws iam list-users
USERS	arn:aws:iam::000855590299:user/narwhal	2018-07-08T01:37:46.321Z	/	AIDAAMZJOPZULQOJTH5F5	narwhal
USERS	arn:aws:iam::000855590299:user/walrus	2018-07-08T01:37:22.949Z	/	AIDAAWRRN2HWUF3DKLQFP	walrus
USERS	arn:aws:iam::000855590299:user/admin	2018-07-08T01:36:29.632Z	/	AIDAAX6G7F7VLGONP3LJK	admin
> aws s3 ls
2018-07-07 18:39:04 narwhal
2018-07-07 18:39:15 walrus
> aws sts get-caller-identity
000855590299	arn:aws:iam::000855590299:user/admin	AIDAAX6G7F7VLGONP3LJK

This shows examples of using the ec2, s3, and iam services without having to specify the endpoint for each command.

Using the shell

Now that we have the basics working we can try out the AWS CLI shell

> pip install aws-shell

The shell uses the AWS CLI and provides additional functionality such as command completion and inline documentation.

AWS CLI shell

As shown here, the shell provides a more interactive experience.

All the clouds

The basic configuration we have so far is a good start, but if you use multiple Eucalyptus clouds, or if use both AWS and Eucalyptus you may need more control over your credentials and endpoints.

AWS CLI profiles offer a solution. When exporting the euca2ools configuration you can use the --region option for euca-generate-environment-config to select the credentials and endpoints for export. You then use the --profile option with the CLI:

> aws --profile euca-profile-1 configure
> eval $(euca-generate-environment-config --region euca-region-1)
> aws configure --profile euca-profile-1 set s3.endpoint_url ${S3_URL}
> aws configure --profile euca-profile-1 set s3api.endpoint_url ${S3_URL}

The initial configure command will interactively configure the region and credentials to use for the profile. The endpoint configuration will then set up the endpoints for the profile, above we only show configuration for the S3 endpoint.

If you have any issues with this configuration you may need to remove the [plugins] section from the ~/.aws/config file. If you do so, be sure to add it back in once the endpoints are configured.

With this configuration you can now specify the profile to use for each command or you can switch between CLI profiles by setting an environment variable:

> aws --profile euca-profile-1 s3 ls
> export AWS_PROFILE=euca-profile-1
> aws s3 ls

Using this approach to configuration you can more easily use the AWS CLI with both AWS and multiple Eucalyptus clouds.