Easing the use of the AWS CLI

This post talks about a little welcome time-saver and how we achieved it by using Docker.

In our company we work a lot with AWS and since we automate everything we use the AWS CLI. To make the usage of the CLI as easy and frictionless as possible we use Docker. Here is the Dockerfile to create a container having the AWS CLI installed

Note that we need to provide the three environment variables AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY set in the container such as that the CLI can automatically authenticate with AWS.

Update: a few people rightfully pointed out that one should never ever

disclose secrets in the public, ever! And I agree 100% with this. In

this regard my post was a bit misleading and my “Note:” further down

not explicit enough. My fault, I agree. Thus let me say it loudly

here: “Do not push any image that contains secrets to a public

registry like Docker Hub!” Leave the Dockerfile from above as is

without modifications and pass the real values of the secrets when

running a container, as command line parameters as shown further down

Let’s build and push this container to Docker Hub

docker build -t gnschenker/awscli

to push to Docker Hub I of course need to be logged in. I can use docker login to do so. Now pushing is straight forward

docker push gnschenker/awscli:latest

Note: I do not recommend to hard-code the values of the secret keys into the Dockerfile but pass them as parameters when running the container. Do this

docker run -it --rm -e AWS_DEFAULT_REGION='[your region] -e AWS_ACCESS_KEY_ID='[your access ID] -e AWS_SECRET_ACCESS_KEY='[your access key] gnschenker/awscli:latest

Running the above command you find yourself running in a bash shell inside your container and can use the AWS CLI. Try to type something like this

aws ecs list-clusters

to get a list of all ECS clusters in your account.

To simplify my life I define an alias in my bash profile (file ~/.bash_profile) for the above command. Let’s call it awscli.

Once I have done that and sourced the profile I can now use the CLI e.g. like this

awscli s3 ls

and I get the list of all S3 buckets defined in my account.

Thanks to the fact that Docker containers are ephemeral by design they are really fast to startup (once you have the Docker image in you local cache) and thus using a container is similar in experience than natively installing the AWS CLI on you machine and using it.

Docker and Swarm Mode – Part 2