- installed Docker
- (optional) installed AWS CLI (Amazon Web Service Command Line Interface) which is a command line tool for managing and administering Amazon Web Services. Instructions are here: Installing or updating the latest version of the AWS CLI - AWS Command Line Interface. If aws-cli is not installed locally we'll need to pass all AWS credentials and config to aws-cli container via environment variables.
Unable to find image 'amazon/aws-cli:latest' locally
latest: Pulling from amazon/aws-cli
3a461b3ae562: Pull complete
7712a86ec383: Pull complete
3cb574325c5f: Pull complete
5d0b01aa5bf0: Pull complete
1aed496d20a4: Pull complete
Digest: sha256:f307dff4414de258337aee8c3c5d8a468c669426fdb8254c81984f72b51fc914
Status: Downloaded newer image for amazon/aws-cli:latest
aws-cli/2.4.16 Python/3.8.8 Linux/5.4.0-91-generic docker/x86_64.amzn.2 prompt/off
AWS Access Key ID [****************BWO7]:
AWS Secret Access Key [****************6BhK]:
Default region name [us-east-1]:
Default output format [json]:
Name Value Type Location
---- ----- ---- --------
profile default manual --profile
access_key ****************BWO7 shared-credentials-file
secret_key ****************6BhK shared-credentials-file
region us-east-1 config-file ~/.aws/config
---- ----- ---- --------
profile default manual --profile
access_key ****************BWO7 shared-credentials-file
secret_key ****************6BhK shared-credentials-file
region us-east-1 config-file ~/.aws/config
[default]
aws_access_key_id = BKI...BWO7
aws_secret_access_key = tdA...6BhK
$ cat ~/.aws/config
[default]
region = us-east-1
output = json
To make locally stored AWS credentials and configuration available to aws-cli running in Docker container, we can map host directory ~/.aws into container's /root/.aws:
$ docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli --version
aws-cli/2.4.16 Python/3.8.8 Linux/5.4.0-91-generic docker/x86_64.amzn.2 prompt/off
This command above actually does not require having aws-cli installed on the local host.
Accessing Amazon Relational Databases (RDS)
[
"my-db-instance-01"
],
[
"my-db-instance-02"
],
[
"my-db-instance-03"
],
[
"my-db-instance-04"
],
[
"my-db-instance-05"
]
]
If we pipe this output to a file, we'll see that this JSON is polluted with extra characters:
The reason is that the output was first sent to TTY device for no real benefit as we didn't actually need an interactive terminal. Detailed explanation is here: amazon web services - AWS CLI returns JSON with control codes making JQ fail - Stack Overflow. The bottom line is: don't use -it option with docker run if piping the output not to TTY but to another Unix command or tool, like jq.
rds describe-db-instances output can be set not to be JSON but a plain text:
my-db-instance-01
$ docker run --rm -v ~/.aws:/root/.aws amazon/aws-cli rds describe-db-instances --db-instance-identifier my-db-instance-01
{
"DBInstances": [
{
"DBInstanceIdentifier": "my-db-instance-01",
"DBInstanceClass": "db.t3.medium",
"Engine": "mysql",
"DBInstanceStatus": "available",
"MasterUsername": "my_username",
"Endpoint": {
"Address": "my-db-instance-01.abcd6efgh3.us-east-1.rds.amazonaws.com",
"Port": 3306,
"HostedZoneId": "A252ITUGPM61PM"
},
...
$ docker run --rm -v ~/.aws:/root/.aws amazon/aws-cli rds describe-db-instances --db-instance-identifier my-db-instance-01 --query 'DBInstances[0].Endpoint' --output text
my-db-instance-01.abcd6efgh3.us-east-1.rds.amazonaws.com A252ITUGPM61PM 3306
---
No comments:
Post a Comment