Intro

Previously, we’ve talked about obtaining an AWS account and installing the AWS CLI. This post goes further and shows how to configure the AWS CLI. Furthermore, the post provides a fix for being unable to ssh into EC2 with Cygwin.

Configure AWS CLI

We now need to specify a configuration for AWS CLI. The configuration is in four parts:

  1. User Account
  2. Set User Permissions
  3. Set Roles
  4. Key Pair

The user account allows you to spawn instances via command line.

The key pair provides you the ability to ssh into your clusters. In essence, the key pair is your password into the machine.

Setting aws configure

We must first create a user account to obtain an Access Key ID and a Secret Access Key.

First, go to the Identity and Access Management (IAM) console:

IAM Homepage

In the left hand navigation panel, select User and then press the Create New Users button:

IAM Select User

On the creation page, create a username and then press Create:

IAM Create User

The user account will then be created and a Access Key ID along with your Secret Access Key will be revealed. Make sure to save this information by pressing the Download Credentials button. You will only be able to view these credentials once.

IAM Create User

Now, return to shell or terminal and type:

aws configure

You will be prompted to enter your Access Key ID, Secret Access Key, preferred computing region, and the output format. For computing region, specify us-east-1 and for output format specify text.

IAM AWS CLI Console Config

Set User Permissions

Now, we must grant the user that we just created permissions to represent our interests in AWS.

First, go to the Identity and Access Management (IAM) console’s groups page and then press the Create New Role button:

IAM Groups Homepage

On the new group creation page, write the name of your group. I chose “Administrators” since we are granting users total power over the account.

IAM Groups New

Here, we want to set permissions so that anyone within this group can access or modify anything on AWS.

IAM Groups New

If you want to specify additional policies, then write the policies now. Otherwise, press Next Step

IAM Groups New

Before the new group is created, you can review group information one more time. If you are satisfied, press Create Group.:

IAM Groups New

When the group is created, you will be brought back to the groups homepage. Select the Administrators group and then press Group Actions and select Add Users to Group from the drop down menu.

IAM Groups New

Now, select the user you created and press Add Users:

IAM Groups New

Congratulations, the user is now able to effectively issue commands from AWS CLI!

You should now be able to issue the following command within shell:

aws ec2 describe-availability-zones --query AvailabilityZones[0].RegionName --out text

If you do not receive a region response (e.g. us-east-1, us-west-2, et cetera), then double check your aws configure information and make sure you have linked the user to the admin group.

Example errors:

A client error (AuthFailure) occurred when calling the DescribeAvailabilityZones operation: Authorization header or parameters are not formatted correctly.

Reason: A parameter was not set in aws configure

A client error (AuthFailure) occurred when calling the DescribeAvailabilityZones operation: AWS was not able to validate the provided access credentials

Reason: Bad Access Key ID and/or Secret Access Key.

A client error (UnauthorizedOperation) occurred when calling the DescribeAvail abilityZones operation: You are not authorized to perform this operation.

Reason: User was not added to Administrators group or a group that has permission to execute command.

Setting a Role

We now need to give specific application roles out. We can do this for EMR very simply by entering the following AWS CLI EMR command into shell.

aws emr create-default-roles

Creating a key pair

To be able to SSH into the machine, we need to create a key pair. To do so, go to the EC2 Console.

AWS Keypair Dashboard

Amazon has different regions for its computing resources. Each region will require its own key pair. For convenience and personal preference, I’ve opted to create a key pair in the US East region. If you would like to create it in a different region, use the drop down menu in the upper right hand corner.

AWS Keypair Region

In the left navigation panel, select the Key Pairs option and press Create Key Pair button.

AWS Keypair Create

Enter a thoughtful key name that is short, but descriptive. You will be referencing this name everytime you connect to the server. Press Create.

AWS Keypair Naming

NOTE: The keypair file is automatically downloaded to your computer after it is created. You can only download it once. So, make sure to save the keypair file in a place you will have easy access to.

AWS Keypair Made

Before we are done, we will need to generate an SSH key for our own use.

Generating an SSH Key

To generate an SSH key, simply use:

# Create an SSH key 
ssh-keygen -t rsa -C "your_email@example.com"

# Do not supply a passphrase. Just press "enter"

Windows: Cygwin Permission Fix

Cygwin has been known to have a permissions issue. The following script addresses these issues.

Note: Cygwin has a different way of accessing traditional files… E.g. To access files on your C drive you would use: /cygdrive/c

# Set permissions
chgrp -R Users ~/.ssh

chmod 0700 ~/.ssh

chmod 400 /cygdrive/c/Users/"<YOUR_NAME>"/"<YOUR_KEYPAIR_NAME>".pem