The AWS CLI is not strictly required for this workshop. Instead the important part of this lesson is going to be the way AWS treats configuration and how to configure your local profiles which will allow official tooling like the CDK to work with your AWS account as well as unofficial custom software.
The majority of AWS-related software like the CLI, third party tools, and custom software uses the same mechanisms for discovering account credentials and using them. This is because AWS ships SDKs that encapsulate pretty complicated schemes for doing so, which means everyone uses those and it “Just Works” everywhere.
The core of our local development will revolve around two files: ~/.aws/config and ~/.aws/credentials.
The credentials file allows us to set up multiple profiles with our access key and secret. This is a defined as [profile-name] with the access key and secret key defined as key/value pairs below the profile name.
In this case I have two profiles set up with different credentials. You will have these credentials if you followed the “Create an AWS Account” lesson. the name you choose for the profile does not matter other than you needing to be able to type it.
❯ cat ~/.aws/credentials
[rust-adventure]
aws_access_key_id=AKIA...
aws_secret_access_key=GEis...
[rust-adventure-playground]
aws_access_key_id=AKIA...
aws_secret_access_key=JYd...
The config file is of a similar format, with the profile that we’re using being named by [profile <name>] and then any attributes we want to set as key/value pairs below it. In this case I set a default region differently for each profile I have.
❯ cat ~/.aws/config
[profile rust-adventure]
region=us-east-2
[profile rust-adventure-playground]
region=us-east-1
If you’re on a mac, the name for the AWS CLI is somewhat appropriately, awscli. It may be different in other package managers on different systems.
brew install awscli
You can also choose to follow install instructions from the AWS site itself, although those docs will choose to bypass any package manager you have installed and often ask you to download a zip file instead.
The AWS CLI is broken down into separate services which are grouped into their own subcommands. This means you can ensure you have everything set up correctly by using the secure token service (sts) function get-caller-identity.
Make sure you’re using the profile you set up earlier.
aws sts --profile rust-adventure-playground get-caller-identity
This will return a small json blob containing information about your current user if successful.