how to provide a file content as an aws cli option value

Question

I am trying to create an SFTP user with the help of AWS CLI in my Linux Box.

Below is the AWS CLI command which I am passing in my bash script (my ssh public key is in a file, with the help of variable I am passing same into AWS CLI options section)

customer_name_pub_value=$(cat /home/developer/naman/dir/$customer_name.pub)

aws transfer create-user --user-name $customer_name --home-directory script-test/power-archive-ireland/$customer_name/ --server-id s-aaabbbccc --ssh-public-key-body $customer_name_pub_value --tags 'Key=Product,Value="demo",Key=Environment,Value=dev,Key=Contact,Value="dev.user@domain.com",Key=Service,Value="sftp"' --role customer-sftp-role

Below is the ERROR which I am facing while executing above commands:

[developer@dev-lin demo]$ aws transfer create-user --user-name $customer_name --home-directory script-test/power-archive-ireland/$customer_name/ --server-id s-aaabbbccc --ssh-public-key-body $customer_name_pub_value --tags 'Key=Product,Value="demo",Key=Environment,Value=dev,Key=Contact,Value="dev.user@domain.com",Key=Service,Value="sftp"' --role customer-sftp-role
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help

Unknown options: developer@dev-lin.domain.com, XXXXXXXXXXAB3NzaC1yc2EAAAADAQABAAABAQCm2hI3Y33K1GVbdQV0lfkm/klZRJS7Kcz8+53e/BoIbVMFH0jqm1aejELDFgPnN7HvIZ/csYGzF/ssTx5lXVaHQh/qkYwfqQBg8WvXVB0Jmogj1hr6z5M8Qy/3oCx0fSmh6e/Ekfk8vHhiHQlGZV3o8a2AW5SkP8IH/OgT6Bq+SMuB+xtSciVBZqSLI0OgYtOZ0MyxBzfLau1Tyegu5lVFevZDVjecnIaS4l+v2VIQ/OgaZ40oAI3NuRZ2EdnLqEqFyLjasx4kcuwNzD5oaXAU6T9UsqKN2rVLMKrXXXXXXXXXXX

Am I missing something bash syntax while passing option value!

UPDATE 30-March-2020 as per suggestions in below comments, I have added AWS ARN Role in command, now facing different issue than previous

CODE:

customer_name='demo'
customer_name_pub_value=$(cat /home/developer/naman/dir/$customer_name.pub)


aws transfer create-user --user-name $customer_name --home-directory script-test/power-archive-ireland/$customer_name/ --server-id s-aaabbbccc --ssh-public-key-body "$customer_name_pub_value" --tags 'Key=Product,Value="demo",Key=Environment,Value=dev,Key=Contact,Value="dev.user@domain.com",Key=Service,Value="sftp"' --role "arn:aws:iam::8XXXXXXXXX2:role/customer-sftp-role"

ERROR


An error occurred (ValidationException) when calling the CreateUser operation: 1 validation error detected: Value 'script-test/power-archive-ireland/demo/' at 'homeDirectory' failed to satisfy constraint: Member must satisfy regular expression pattern: ^$|/.*

Maybe delete the trailing slash at the end of the home-directory? Also, I believe you want to pass the ARN to --role? — user1394, Mar 23 '20 at 03:30
Another possibility is the format of the --tags as a list (perhaps take them out of quotes, mess with that) — user1394, Mar 23 '20 at 03:37
An easy way to debug this type of thing is to put "echo" at the front, so it simply prints the command, rather than running it. You can then verify that all the data is being correctly referenced. Since the error message is referencing data that wasn't in your command, it's likely coming from the $variables. — John Rotenstein, Mar 24 '20 at 02:40
@user1394 I have tried by removing trailing / from the home directory but still the same issue. ` An error occurred (ValidationException) when calling the CreateUser operation: 1 validation error detected: Value 'demo.ui/demo-test/ui-dl-power-archive-ireland/customer' at 'homeDirectory' failed to satisfy constraint: Member must satisfy regular expression pattern: ^$|/.* ` And thanks for correcting Role ARN suggestion, I have updated ARN Role — Naman Joshi, Mar 30 '20 at 11:38
@JohnRotenstein Thanks for the suggestion, I have tried breaking as much as possible but couldn't get the cause of the ERROR, Also updated the ERROR stack, have look if you can find something. — Naman Joshi, Mar 30 '20 at 12:02
@NamanJoshi Looks like the error you provided in your comment is different than the one above. Looks like it's rejecting the format of the directory. I would just try to tinker with that a bit as well as look into trying it without the $variables (as John said) to see if it works. — user1394, Mar 30 '20 at 16:23
@user1394 I figured it out the reason behind new ERROR which I updated in my question post, the issue was with the AWS RegEx (^$|/.*) in the --home-directory section, funny part is even AWS Documentation is incorrect, anyways below is the comparison: INCORRECT "--home-directory" PATH: `script-test/power-archive-ireland/$customer_name/` CORRECT PATH: (should start with "/") `/script-test/power-archive-ireland/$customer_name/` — Naman Joshi, Mar 31 '20 at 08:19
@user1394 now just one final bug in this code is, not all tags are getting attached to the user, out of 4 only 1 able to add, any suggestion on this! Given in command: --> `--tags 'Key=Product,Value="demo",Key=Environment,Value=dev,Key=Contact,Value="dev.user@domain.com",Key=Service,Value="sftp"' ` ` Service sftp` — Naman Joshi, Mar 31 '20 at 08:23

user1394 · Answer 1 · 2020-03-31T17:11:44.820

0

Yes, for the final bug, you should feed it as a list of objects:

--tags [{Key="Product", Value="demo"}, {Key="Environment", Value="dev"}, {Key="Contact", Value="dev.user@domain.com"}, {Key="Service", Value="sftp"

You may need to put "Key" and "Value" in quotes or even perhaps have to try key:value pairs (i.e. {"Product": "demo"}), but this should be the general syntax.

edited Mar 31 '20 at 17:11

answered Mar 31 '20 at 14:50

user1394

538
1
6
17

unfortunately this throws "Invalid JSON" ERROR, `Error parsing parameter '--tags': Invalid JSON: [{Key=Product,` I tried multiple combinations doesn't work well...at the end I made my complete command into JSON Ref: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-shorthand.html `$ aws ec2 create-tags \ --resources i-1286157c \ --tags '[ {"Key": "My1stTag", "Value": "Value1"}, {"Key": "My2ndTag", "Value": "Value2"}, {"Key": "My3rdTag", "Value": "Value3"} ]'` – Naman Joshi Mar 31 '20 at 17:57
1

Yes!!! I posted as an answer here, might help someone ;) Thanks for the help :) – Naman Joshi Mar 31 '20 at 18:23
I had actually mentioned that in my answer... I said to put the "Key" and "Value" in quotes, and that's exactly what ended up working. Anyway, glad you have it working! – user1394 Mar 31 '20 at 19:11

score 0 · Accepted Answer · answered Mar 31 '20 at 18:22

Below is the final working CLI command:

Changes

Added ROLE ARN (Thanks @user1394 for the suggestion)
Biggest issue resolved by placing / before --home-directory option (bad AWS documentation (https://docs.aws.amazon.com/cli/latest/reference/transfer/create-user.html) and their out-dated RegEx ^$|/.*)
Transform the broken CLI into JSON based CLI to fix the final bug (not all the tags were able to attach in old command)

#!/bin/bash

customer_name='demo'
customer_name_pub_value=$(cat /home/developer/naman/dir/$customer_name.pub)

aws transfer create-user \
        --user-name $customer_name \
        --server-id s-aaabbbccc \
        --role "arn:aws:iam::8XXXXXXXXX2:role/customer-sftp-role" \
        --ssh-public-key-body "$customer_name_pub_value" \
        --home-directory /script-test/power-archive-ireland/$customer_name \
        --tags '[
                {"Key": "Product", "Value": "demo"},
                {"Key": "Environment", "Value": "dev"},
                {"Key": "Contact", "Value": "dev.user@domain.com"},
                {"Key": "Service", "Value": "sftp"}
        ]'

how to provide a file content as an aws cli option value

2 Answers2