Open in app

Sign in

Write

Sign in

✨Building a small Cloud Infrastructure using AWS CLI..!

Sanket Badjate
11 min readOct 22, 2020

The AWS Command Line Interface (AWS CLI) is a unified tool that provides a consistent interface for interacting with all parts of AWS.AWS CLI will enable the automation of many tasks. Automate anything that is tedious.

What is AWS CLI?

The AWS CLI is an open-source tool built on top of the AWS SDK for Python that provides commands for interacting with AWS services. Once set up, you can use the CLI to access all the functionality provided on the AWS Management Console to access AWS services and configure resources.

You can use one of the following terminal programs for CLI:

  • Linux shells: Use common shell programs such as Bash, Zsh, and Tsch to run commands in Linux, Mac OS, or Unix.
  • Windows command line: On Microsoft Windows, run commands in either PowerShell or the Windows Command Processor.
  • Remotely: Run commands on Amazon EC2 instances through a remote terminal such as PuTTY or SSH, or with Amazon EC2 systems manager.

Check Out the below link to install the AWS CLI in your system.

Installing the AWS CLI

Install the AWS Command Line Interface (AWS CLI) on your system.

docs.aws.amazon.com

Installation of AWS CLI

Now configure your key, secret, and region.

aws
aws --version
aws configure

Problem Statement

We will use the AWS command-line interface to

  • Create a Key-Pair
  • Create a Security Group.
  • Launch an Elastic Cloud Compute Instance using Amazon Linux 2 AMI and the above created Key-Pair and Security Group.
  • Create an Elastic Block Storage volume of gp2 type and size of 1GiB.
  • Attach the volume to the EC2 instance that we have created above.

✨Step-0: Check the installation

We can verify whether the installation has been successful or not.

$ aws --version

✨Step-1: Configure the AWS CLI

For general use, the aws configure the command is the fastest way to set up your AWS CLI installation. When we enter this command, the AWS CLI prompts you for four pieces of information:

  • Access key ID: It’s the first part of the Access Key which is unique in AWS and which are used to sign programmatic requests that you make to AWS.
  • Secret access key: It’s the second part of the Access Key which is hashed and is used as a password for the unique Access Key ID.
  • AWS Region: The Default region name identifies the AWS Region whose servers you want to send your requests to by default. This is typically the Region closest to you, but it can be any Region. For example, you can type ap-south-1 to use Mumbai(India).
  • Output format: The Default output format specifies how the results are formatted. The value can be any of the values in the following list. If you don't specify an output format, json is used as the default.

Now our AWS CLI is configured successfully.

The thing which comes in our mind about the CLI (Command Line Interface) is that we have to remember lots of commands. But it is not in the case of the AWS CLI, as they have given the documentation, Which is so useful and we need not remember the commands.

Let’s say you don't know the AWS command syntax or you want to see the services provided by AWS.

aws help

If you know the service name which you want to use but you don't know which attributes it supports and other information related to that service then you can use help for the sub-commands -

aws <service_name> help

example —

aws ec2 help

✨Step-2: Create a Key-Pair for the EC2 Instance

  • A key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance.
  • Amazon EC2 stores the public key, and you store the private key.
  • You use the private key, instead of a password, to securely access your instances.
  • Anyone who possesses your private keys can connect to your instances, so it’s important that you store your private keys in a secure place.

To create and verify the Key-Pair, we need to run the following commands

$ aws ec2 create-key-pair --key-name MyCliKey --query 'KeyMaterial' --output text > MyCliKey.pem$ aws ec2 describe-key-pairs

Arth-Key-Pair has been created successfully.

✨Step-3: Create a Security Group for the EC2 Instance

  • A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
  • Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.
  • For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

To create a Security Group, we use the create-security-group sub-command of ec2command:

$ aws ec2 create-security-group --group-name "AWS_CLI_TASK" --description "Security group which allows only SSH traffic"

The output of the above command gives one JSON which will contains the GroupId of the security group which we have created.

Now we have to provide the SSH Inbound/Ingress Rules to the Security Group using the authorize-security-group-ingress sub-command of ec2command:

$ aws ec2 authorize-security-group-ingress --group-id <Your_group_id_ from the above command> --protocol tcp --port 22 
--cidr 0.0.0.0/0

In AWS CLI, there is an inbuilt JSON parser, so we can parse the JSON, and visualize the JSON in some other format, here we can display the content in the table format.

  • The command aws ec2 describe-security-groups will provide a detailed output in JSON format, as initially in the configure command there was an option of Default Output Format, but we haven’t provided anything, thus the default output format is JSON.
  • To parse the JSON, we have to use --query option to filter out the information specifically.
  • The output of the JSON can be parse into an array [], we can give the index number for the specific Security Group(array is zero-based indexed).To display all the groups the we can use “*” like array[*].
  • To display in output in the table format use --output parameter.
$ aws ec2 describe-security-groups --query 'SecurityGroups[0]' \
--output table

Thus our security group “AWS_CLI_TASK” with SSH inbound/ingress rule has been successfully created.

✨Step-4: Launch an Elastic Cloud Compute Instance using Amazon Linux 2 AMI and the above created Key-Pair and Security Group.

  • Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction.
  • Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can develop and deploy applications faster.
  • You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

Now to launch the EC2 instance using CLI we need to gather some information first.

  • --image-id : To launch any instance we need an Operating System image and in AWS it’s called AMI(Amazon Machine Image), you can assume it like a DVD of the OS which we have to install. Each and every AMI has a unique id called image-id. Website for the AMI id for the Linux based OS https://aws.amazon.com/amazon-linux-ami/
  • --count : It's the number of EC2 instances that we have to launch at once.
  • --instance-type : There are more than 100 flavors or different varieties of systems having different resources(RAM/CPUs). Each and everyone has a different unique id. Check out the appropriate instance type form here- https://aws.amazon.com/ec2/instance-types/
  • --subnet-id : It is a unique id of the Datacenter where we are going to launch our instance.
  • --security-group-ids : The above Security Group that we have created has a unique id.
  • --key-name : Launch an instance using the Key-Pair which will act as a Token for authentication. We already created the key pair above.

These are the minimum parameters that we need. There are many other parameters. To learn more about it refer to this website- https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html

To create an EC2 instance, we are going to use run-instances subcommand of ec2 command.

$ aws ec2 run-instances \
 --image-id ami-0e306788ff2473ccb \
 --instance-type t2.micro \
 --count 1 \
 --subnet-id subnet-23232a4b \
 --security-group-ids sg-0fa3c611af8fde4e4 \ 
 --key-name MyCliKey

To provide a Name Tag to EC2 Instance, we will use create-tags subcommand of ec2 command.

$ aws ec2 create-tags \
     --resources <Instance_id>\
     --tags Key=Name,Value=<Give_Name_here>

We have successfully launched the EC2 instance in AWS.

✨Step-5: Create an Elastic Block Storage volume of gp2 type and size of 1GiB.

  • Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale.
  • A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

To create an EBS volume, we are going to use create-volume subcommand of ec2 command:

$ aws ec2 create-volume \
      --availability-zone ap-south-1a \
      --size 1 \
      --volume-type gp2

We will also provide a Name Tag to the EBS Volume.

$ aws ec2 create-tags --resources <Volume_id> --tags Key=Name,Value=<Tag_Name>

Now to verify whether our EBS volume has launch or not, we are going to use describe-volumes which is the sub-command of ec2 command:

$ aws ec2 describe-volumes \
      --filters Name=status,Values=available \
      --output table

NOTE: The volume and instance must be in the same Availability Zone

We have successfully created an EBS Volume in the same availability zone where our EC2 instance is present.

Step-6: Attach the volume to the EC2 instance that we have created above.

Now the final step. We need to attach the EBS volume(CliEBS) to EC2 Instance for using it.

To attach an EBS volume to an EC2 instance, we are going to use attach-volume subcommand of ec2 command.

$ aws ec2 attach-volume \
--volume-id <Volume_id> \
--instance-id <instance_id> \
--device /dev/sdf
$ aws ec2 describe-volumes \
 --filters Name=tag:Name,Values=<volume_tag> \
 --output table

We have successfully attached the EBS volume to the EC2 instance.

Even though we have completed all the steps successfully, we cannot use the volume because it is not formatted and partitioned yet.

Now to get the shell of the launched instance we can use OpenSSH for our base system.

  • we have to switch to the root user by typing the following command:
$ sudo su - root
  • Then we will list all the drives in the instance including the one just attached as /dev/xvdf
$ fdisk -lfdisk --> is a menu-driven command-line utility that allows you to create and manipulate partition tables on a hard disk.
-l -->  List the partition tables for the specified devices and then exit.
  • Now we will partition the /dev/xvdf device, using fdisk command.
$ fdisk /dev/xvdf

Now press ’n’ to add a new partition, after that press ‘p’ to create a primary partition. Then press 3 times to enter and at last press ‘w’ to quit.

  • Now we have to format the new partition for Linux File-System using mkfs.ext4 command
$ mkfs.ext4 /dev/xvdf1

Now we will create one folder so that we can link that formatted drive to that folder, which is called as mount.

We will mount the device into the folder using mount command. And to see the amount of disk space and other file system data you can use df -h command

$ mkdir -v /myCliDrive$ mount /dev/xvdf1 /myCliDrive$ df -hdf -> The df command is used to show the amount of disk space that is free on file systems.
-h -> It is for Human Readable.

Now we can use that EBS drive.

✨Congratulations readers, we have successfully completed the task..! 😌

⚡️Bonus

We want to detach the EBS Volume from any instance using CLI

You can detach an Amazon EBS volume from an instance explicitly or by terminating the instance. However, if the instance is running, you must first unmount the volume from the instance.

$ umount -d /dev/xvda1
  • To detach the volume from the ec2 instance we have to use the detach-volume command, which is the sub-command of the ec2 command. we have to provide the Volume Id.

To get the volume Id you can use the describe-volumes command.

The following describe-volumes example describes all volumes that have a status of available and are in the specified Availability Zone.

$ aws ec2 describe-volumes \
--filters Name=status,Values=available Name=availability-zone,Values=ap-south-1b$ aws ec2 detach-volume volume-id <Give_volume-id>
Before detach-volume
After detach-volume

✨That’s all from my side, if you find the article useful please share and like.🤓

Thank you! ✌🏻

💻I keep writing blogs about various technologies in computer science, so feel free to follow me on Medium.

Sanket Badjate - Medium

medium.com

👨‍💻Connect me on LinkedIn

Sanket Badjate - Specialist in Python (With full-stack &amp; flask) - Indian Innovation &amp…

View Sanket Badjate's profile on LinkedIn, the world's largest professional community. Sanket has 2 jobs listed on…

www.linkedin.com

AWS
Aws Cli
Aws Ec2

--

--

Sanket Badjate

Written by Sanket Badjate

9 Followers

Tech enthusiast | AWS | Ansible | Docker | Kubernetes | Jenkins | ML | Python | JavaScript🤓

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams