Anyone developing applications and infrastructure in AWS will at some point make use of the AWS Command Line Interface (CLI), either interactively at a shell command line, or by integrating the CLI into shell scripts.

While it is a powerful avenue to access, create and manage AWS resources, it can get cumbersome to remember all of the possible commands and arguments for each of the services needed. We have relatively simple commands like

$ aws ec2 describe-subnets

which doesn’t need any arguments to retrieve a list of subnets for the default VPC in your account. On the other hand, there are a large number of CLI commands which require one or more arguments to get a response and the data you are interested in.

The AWS Shell is a GitHub project which creates another interactive interface, which is capable of guiding what you need to do next for the command. aws-shell is a python based interface, easily installed using pip.

pip install aws-shell

After installing aws-shell, the first execution takes a little longer as the autocomplete index is built for all of the AWS commands. The autocomplete index is important as we shall see in a moment. In addition to the autocomplete index, a complete documentation set is also indexed and displayed at various times.

Before you can use the shell to access AWS resources, you must configure your AWS access and secret key in the same manner as you would for the AWS CLI. Start aws-shell, and enter configure as the command.

aws> configure
AWS Access Key ID [****************NEWP]:
AWS Secret Access Key [****************w7NK]:
Default region name [us-east-1]:
Default output format [json]:

All of the commands you would normally use in the CLI are available in aws-shell, except no more typing that aws command, and you get autocomplete to help you execute the command successfully.

One thing I find tedious about the CLI is using profiles to change which access and secret key I am using. This is much simpler to take advantage of in aws-shell.

First, we need to set up a profile if we don’t already have one. Let’s look at what we have configured already (output has been formatted to fit the view).

aws> configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****NEWP shared-credentials-file
secret_key ****w7NK shared-credentials-file
region us-east-1 config-file ~/.aws/config

Now, let’s add a profile called test, and then list the credentials we have configured:

aws> configure --profile test
AWS Access Key ID [None]: ........
AWS Secret Access Key [None]: ........
Default region name [None]: us-east-2
Default output format [None]: json
aws> configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key *****NEWP shared-credentials-file
secret_key *****w7NK shared-credentials-file
region us-east-1 config-file ~/.aws/config

What? Where is our new profile? To see the new credentials, we have to specify the profile argument.

aws> configure list --profile test
Name Value Type Location
---- ----- ---- --------
profile <not set> test manual --profile
access_key *****YAMY shared-credentials-file
secret_key *****C7iv shared-credentials-file
region us-east-2 config-file ~/.aws/config

Just as we can use this profile with the AWS CLI like:

$ aws ec2 describe-instances --profile test

which gets tedious very quickly, we can set the profile we want to use in the aws-shell.

With your profile created, you can either start aws-shell with a profile definition using the command

$ aws-shell --profile test

Alternatively, you can also set and change your profile from within the aws-shell.

aws> .profile
Current shell profile: no profile configured
You can change profiles using: .profile profile-name
aws> .profile test
Current shell profile changed to: test
aws> .profile
Current shell profile: test

As you know from working with the AWS CLI, changing profiles changes the access and secret key used to execute the commands in the associated account.

The aws-shell takes over the terminal window, and displays some key sequences at the bottom, which can be toggled to suit your preference.

Image for post

The options which can be toggled and the key sequences are:

  • F2 — Turn “fuzzy” on or off
  • F3 — Change the key layout between emacs and vi
  • F4 — Multi-column — provide command and sub-command hints in one or two columns
  • F5 — Turn Help on or off
  • F9 — set the focus
  • F10 — exit aws-shell

“Fuzzy” refers to fuzzy searching for the commands you type. This means you can get to the command you want without typing the full name.

Image for post

For example, we can type EC2 drio, and aws-shell shows ec2 describe-reserved-instances-offerings as the first option as drio are the first letter of each of the words in the command. Similarly, typing r53 shows the list of Route53 commands. Pressing the ‘F2’ key to turn off fuzzy searching, means you must type the command, sub-command, and options exactly. This feature is best left enabled.

This alters the key bindings used by aws-shell. The choices are vi and Emacs

When aws-shell shows the list of commands, you can control if it is a single or multi-column list.

Image for post

It is a personal preference, but using multi-column with commands which have a long list of sub-commands can make it easier to find what you are looking for.

By default, aws-shell displays help on the command and sub-command as you type them.

Image for post

If you find this distracting, you can disable the help display by pressing F5.

Aside from several features specific to the aws-shell, executing commands is like working in the AWS CLI, with the benefit of not having to remember precisely the name of the commands, sub-commands, options, etc. This can be a time saver.

There are several other useful commands offered by aws-shell, called dot commands as they are prefixed by a . before the command.

The .profile command allows changing the profile, meaning the access and secret keys used to execute the CLI commands. We saw this command earlier in this article.

It is possible to change the working directory using the .cd command.

aws> .cd
invalid syntax, must be: .cd dirname
aws> .cd ~
aws> !pwd
aws> .cd /tmp
aws> !pwd

It isn’t possible to see your current directory using a dot command, but this leads to the next feature, executing shell commands directly within aws-shell by prefixing the command with a !. Not only can we execute arbitrary shell commands within aws-shell, but we can use pipes (|), to send the output of the aws-shell command to a shell.

aws> ec2 describe-subnets --output table | grep CidrBlock
|| CidrBlock | ||
|| CidrBlock | ||

aws-shell keeps a history of all commands executed in the file ~/.aws/shell/history, so you can see what commands you have executed. There is no history command per se in the aws-shell, but you can take advantage of another feature to see and interact with the list.

The .edit command retrieves your shell history in an editor, allowing you to both view your command history, and create a shell script from the aws-shell commands.

The last dot commands are .exit and .quit, which have the same effect as pressing the F10 key, that of ending your aws-shell session.

If you spend any amount of time interacting with the AWS CLI, then you know how tedious it is always having to type those three extra letters. It doesn’t sound like a big deal, but if you are like me, occasionally you forget the “aws” part of that long command line.

The aws-shell makes it simpler to interact with the AWS CLI, especially with the dynamic display of sub-commands options.

The AWS Shell


The AWS CLI Command Interface

Chris is a highly-skilled Information Technology AWS Cloud, Training and Security Professional bringing cloud, security, training and process engineering leadership to simplify and deliver high-quality products. He is the co-author of more than seven books and author of more than 70 articles and book chapters in technical, management and information security publications. His extensive technology, information security, and training experience makes him a key resource who can help companies through technical challenges.

This article is Copyright © 2020, Chris Hare.

Written by

Chris is the co-author of seven books and author of more than 70 articles and book chapters in technical, management, and information security publications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store