Previously, we’ve talked about obtaining an AWS account and installing the AWS CLI. This post goes further and shows how to configure the AWS CLI. Furthermore, the post provides a fix for being unable to ssh into EC2 with Cygwin.
Configure AWS CLI
We now need to specify a configuration for AWS CLI. The configuration is in four parts:
- User Account
- Set User Permissions
- Set Roles
- Key Pair
The user account allows you to spawn instances via command line.
The key pair provides you the ability to ssh into your clusters. In essence, the key pair is your password into the machine.
Setting aws configure
We must first create a user account to obtain an Access Key ID and a Secret Access Key.
First, go to the Identity and Access Management (IAM) console:
In the left hand navigation panel, select
User and then press the
Create New Users button:
On the creation page, create a username and then press
The user account will then be created and a Access Key ID along with your Secret Access Key will be revealed. Make sure to save this information by pressing the
Download Credentials button. You will only be able to view these credentials once.
Now, return to shell or terminal and type:
You will be prompted to enter your Access Key ID, Secret Access Key, preferred computing region, and the output format. For computing region, specify
us-east-1 and for output format specify
Set User Permissions
Now, we must grant the user that we just created permissions to represent our interests in AWS.
First, go to the Identity and Access Management (IAM) console’s groups page and then press the
Create New Role button:
On the new group creation page, write the name of your group. I chose “Administrators” since we are granting users total power over the account.
Here, we want to set permissions so that anyone within this group can access or modify anything on AWS.
If you want to specify additional policies, then write the policies now. Otherwise, press
Before the new group is created, you can review group information one more time. If you are satisfied, press
When the group is created, you will be brought back to the groups homepage. Select the Administrators group and then press
Group Actions and select
Add Users to Group from the drop down menu.
Now, select the user you created and press
Congratulations, the user is now able to effectively issue commands from AWS CLI!
You should now be able to issue the following command within shell:
aws ec2 describe-availability-zones --query AvailabilityZones.RegionName --out text
If you do not receive a region response (e.g. us-east-1, us-west-2, et cetera), then double check your
aws configure information and make sure you have linked the user to the admin group.
A client error (AuthFailure) occurred when calling the DescribeAvailabilityZones operation: Authorization header or parameters are not formatted correctly.
Reason: A parameter was not set in aws configure
A client error (AuthFailure) occurred when calling the DescribeAvailabilityZones operation: AWS was not able to validate the provided access credentials
Reason: Bad Access Key ID and/or Secret Access Key.
A client error (UnauthorizedOperation) occurred when calling the DescribeAvail abilityZones operation: You are not authorized to perform this operation.
Reason: User was not added to Administrators group or a group that has permission to execute command.
Setting a Role
We now need to give specific application roles out. We can do this for EMR very simply by entering the following AWS CLI EMR command into shell.
aws emr create-default-roles
Creating a key pair
To be able to SSH into the machine, we need to create a key pair. To do so, go to the EC2 Console.
Amazon has different regions for its computing resources. Each region will require its own key pair. For convenience and personal preference, I’ve opted to create a key pair in the US East region. If you would like to create it in a different region, use the drop down menu in the upper right hand corner.
In the left navigation panel, select the
Key Pairs option and press
Create Key Pair button.
Enter a thoughtful key name that is short, but descriptive. You will be referencing this name everytime you connect to the server. Press
NOTE: The keypair file is automatically downloaded to your computer after it is created. You can only download it once. So, make sure to save the keypair file in a place you will have easy access to.
Before we are done, we will need to generate an SSH key for our own use.
Generating an SSH Key
To generate an SSH key, simply use:
# Create an SSH key ssh-keygen -t rsa -C "firstname.lastname@example.org" # Do not supply a passphrase. Just press "enter"
Windows: Cygwin Permission Fix
Cygwin has been known to have a permissions issue. The following script addresses these issues.
Note: Cygwin has a different way of accessing traditional files… E.g. To access files on your C drive you would use:
# Set permissions chgrp -R Users ~/.ssh chmod 0700 ~/.ssh chmod 400 /cygdrive/c/Users/"<YOUR_NAME>"/"<YOUR_KEYPAIR_NAME>".pem