Friday, April 5, 2013

Installing AWS IAM command line tools in Ubuntu


This guide goes over setting up the amazon AWS IAM (Identity and Access Management) command line tools.

I had to recently set these up due to a tool missing from the aws web console  (well maybe it's there but I can't seem to find it)  I recently added an SSL certificate to an ELB as a test.  The SSL certificate is somehow stored within the IAM system.   The only way I can see to remove the SSL certificate is to use the IAM command line tools.




Download the tools


The command line tools for IAM can be found at http://aws.amazon.com/developertools/AWS-Identity-and-Access-Management/

I am installing this tool on an Ubuntu server.  The direct download is at http://awsiammedia.s3.amazonaws.com/public/tools/cli/latest/IAMCli.zip


> wget http://awsiammedia.s3.amazonaws.com/public/tools/cli/latest/IAMCli.zip



Unzip it


> unzip IAMCli.zip

  Make a directory for the tools


> mkdir iam-api-tools
> cp -r IAMCli-1.5.0/* iam-api-tools/


Edit the bash file


> vi .bashrc

I added the following



#IAM tools
export AWS_IAM_HOME=$HOME/iam-api-tools
export AWS_CREDENTIAL_FILE=$AWS_IAM_HOME/account.cred
export PATH=$PATH:$AWS_IAM_HOME/bin

Source the file to get load the new information


> source .bashrc



Try to run this command


> iam-servercertlistbypath





You will get this error you need to create the credentials file.

Getting your credentials




 


Go to http://aws.amazon.com/  click on the My Account/Console menu and select "Security Credentials"



 

Log in with your username/password





 

Copy your Access Key ID  (I blocked mine out)







Click on "Show"  then copy your secret Access Key.

Open the account.cred file listed in the .bashrc under the AWS_CREDENTIAL_FILE 


> vi iam-api-tools/account.cred


Paste the following into it.



AWSAccessKeyId=YOURACCESSKEY
AWSSecretKey=YOURSECRETKEY


Now that it's been updated try to run this command


> iam-servercertlistbypath


 


Success!!
OK, now to delete all the certificates I have out there.


> iam-servercertdel -s ssl-test
> iam-servercertdel -s ssl-test2
> iam-servercertdel -s ssl3-test
> iam-servercertdel -s ssl4-test

Then running this command again


> iam-servercertlistbypath


Results in



Now they have all been deleted.


References


1 comment: