I hate clicking around the AWS console. It reminds me how much of my workflow is not documented, not repeatable, not fast. Ironically I don’t feel that I make use of enough Amazon Web Services. I think the reason is that I’m not doing it right.

Today I’d like to share a script I wrote that performs a task common to any new web project, setting up asset storage with programatic access. On AWS this means an S3 bucket, an IAM user with permissions for that bucket, and a key pair for that user.

Configuring the AWS CLI

Okay, so small catch-22, to create aws users with api access using the aws api we’re going to need to start with one. The ruby gem explains where to put your credentials. My script only uses a couple IAM and S3 commands, so maybe someday I’ll prune the permissions of my cli credentials. Today I was proud enough to replace my root keys with device specific users.

Using Bundler in a single-file Ruby script

I figured that Bundler might have a way to make using gems in scripts easier and I was right. Thanks Bundler!

require 'bundler/inline'

gemfile do
  source 'https://rubygems.org'
  gem 'highline'
  gem 'aws-sdk-iam'
  gem 'aws-sdk-s3'
end

Prompt for user input

I don’t want to get carried away over-engineering this thing but I also would rather not be editing the script for each use, or opening it up to figure out which ARGs or ENV I expected to be present. So I decided that highline might be the right amount of user friendliness to walk me through the process each time.

cli = HighLine.new
profile = cli.ask('AWS profile name: ') { |q| q.default = 'default' }

Using the ruby aws sdk

I don’t know much about the ruby aws sdk, but I know that the api reference is huge and there is a repo of awesome examples. I wouldn’t say that getting everything I wanted was super easy, but it was pretty straightforward.

  • Identify what I would normally do in the aws console
  • Find the equivalent api reference
  • Fiddle with the ruby sdk syntax

See it in action

So how does it work?

Creating S3 bucket with IAM user

This gives me the new user credentials, ready to configure the cli, and the url of a new bucket [optionally] configured as a website. This covers my common use cases of “new rails project” and “new static website”. Let me know if it helps you at all!