AWS CLI and S3
May 26, 2023
Accounts and Users
An AWS Organization is a unit that can hold multiple AWS accounts.
AWS users are conceptually separate from AWS accounts. There are two types of users: root and IAM.
A root user’s login information was used to create an account. The root user has supreme control over that account. But a root user cannot interface with other accounts.
An IAM user can interface with multiple accounts and have varying degrees of power in each (Administrative access for example). But an IAM user will never have the power level of a root user.
S3
Cloud storage organized into buckets.
By default buckets are completely private. Individual files or folders can be made public however.
Bucket names must be globally unique, lowercase, and can only include hypens or periods.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
CLI
Setup
Install.
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Option 1: Configure with root user credentials (Less secure, more simple).
Login to AWS Console.
Go to username drop down > Security Credentials > Scroll down to “Access keys” section > Create a access key > Check the box > Create access key.
Take a screenshot of the keys. You won’t be able to see the keys again, but you can always generate new ones.
aws configure
Enter prompted information.
AWS Access Key ID [None]: AKIAWT7RYAPOG57VK4Q3
AWS Secret Access Key [None]: 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
Default region name [None]: us-west-2
Default output format [None]: json
AWS CLI uses the default region when you run a command where the region to use is not self evident.
Option 2: Configure with IAM user credentials (More secure, less simple).
You need to login every aws cli session. If your IAM user has access to multiple accounts, this is useful because you only need to login once to access all accounts.
https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-token.html
Use with S3
List buckets.
aws s3 ls
Make bucket.
aws s3 mb s3://mybucket
Sync
Sync local folder to bucket.
aws s3 sync ~/Downloads/thing s3://mybucket
Sync bucket to local folder.
aws s3 sync s3://mybucket ~/Downloads/thing
If you delete a file in ~/Downloads/thing and sync to mybucket,
the file will not be deleted in mybucket unless you pass the
--delete
flag.
aws s3 sync ~/Downloads/thing s3://mybucket --delete
Sync file. This command will override the target file if it already exists.
aws s3 sync s3://mybucket/folder/file.txt ~/Downloads/file.txt
Like Github repositories, S3 buckets will only store non-empty folders.