This post will show some common issues experienced when running the AWS CLI via Bash using CRON on Linux. The issues are typically related to either a Bash script error, AWS CLI command error, or AWS CLI credentials/config error.
Why would you run the AWS CLI via Bash using CRON?
There are quite a few reasons! First, the AWS CLI complements your CRON jobs allowing you to do some amazing things. For example, your Bash scripts can AWS SNS notifications. Second, you can download your latest maintenance scripts from AWS S3. Finally, perhaps you want to determine the status of another AWS EC2 instance? The opportunities are endless.
Debugging Your Scripts
You can easily debug the Bash and AWS CLI scripts!
To debug your Bash script –
Enable Bash to debug mode by adding “-x” to the Bash shebang. So you change “#!/bin/bash” and add a ” -x”.
The Bash script will get verbose and show the execution steps.
To debug your AWS CLI command –
Set the AWS CLI to debug mode requires the following command “–debug“.
Example using the AWS CLI to copy files from S3:
sudo aws s3 cp s3://server-bash-library/maintenance /home/user/scripts/maintenance – recursive – debug
The AWS CLI will get verbose and show the execution steps.
AWS Credentials and Config Configuration
Check your configuration of the AWS credentials and config files. These files are available under ‘/home/yourUser/.aws’. You can use the ‘ls –
The ‘.aws’ folder must contain two configuration files:
For example, ~/.aws/credentials should look like this:
[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
~/.aws/config should look like this:
[default] region=us-west-2 output=json
You can configure the files when you run the ‘
AWS Credentials and Config Accessibility
If your Bash script works when you run it directly but not from CRON, then there is probably something different in the environment. One such difference is that the AWS CLI stores the credentials and config under the installer’s profile (example: ‘/home/yourUser/.aws’).
Remember that CRON does not execute as your user!
The CRON user’s home folder will not be the same as yours. As such, the CRON user will not be able to read the ‘.aws’ folder.
Luckily the AWS CLI supports environment variables!
The AWS CLI supports the following environment variables:
- AWS_SHARED_CREDENTIALS_FILE – Specifies the location of the file that the AWS CLI uses to store access keys.
- AWS_CONFIG_FILE – Specifies the location of the file that the AWS CLI uses to store configuration profiles.
The ‘printenv’ command will show you the current environment variables.
The ‘eval echo ~$USER’ command will show you your current home folder. My home folder is ‘/home/ubuntu’.
The following commands will allow you to add the required environment credentials and config to your environment variables. Then, change the script to use your home folder. BACKUP your /etc/environment file before making changes!
echo 'AWS_SHARED_CREDENTIALS_FILE="/home/ubuntu/.aws/credentials"' >> /etc/environment echo 'AWS_CONFIG_FILE="/home/ubuntu/.aws/config"' >> /etc/environment
The ‘>>’ redirects the command’s output on its left-hand side to the end of the file on the right-hand side. The ‘>>’ replaced by ‘>’, will replace everything! We do not want to do this.
Lastly, check your
You may also be interested in
About the Authors
Anto's editorial team loves the cloud as much as you! Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic! Contact Anto Online if you want to contribute.
Support the Cause
Support Anto Online and buy us a coffee. Anything is possible with coffee and code.