# 🟢 AWS CLI Installation & Basic S3 Commands (Windows)

This lab walks through installing the **AWS Command Line Interface (CLI)** on Windows, configuring credentials for a user with **S3 Read-Only Access**, and running basic AWS commands.

---

## 🧩 Step 1: Verify Prerequisites

Before starting, ensure you have:
- An **AWS account** with IAM credentials (Access Key ID & Secret Access Key)
- A **Windows 10 or 11** machine
- Administrator privileges to install software

If your IAM user has the **`AmazonS3ReadOnlyAccess`** policy, you’ll be able to list and view S3 bucket contents but **not upload, modify, or delete** objects.

---

## 🧩 Step 2: Install AWS CLI on Windows

1. Visit the [AWS CLI MSI installer page](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
2. Download the latest **Windows (64-bit)** installer.
3. Run the `.msi` installer → click **Next** → accept license → **Install**.
4. Once installed, open **Command Prompt** or **PowerShell** and check the version:

```bash
aws --version
```

Expected output example:
```
aws-cli/2.17.12 Python/3.11.2 Windows/10 exe/AMD64 prompt/off
```

✅ *AWS CLI is now successfully installed.*

---

## 🧩 Step 3: Configure AWS CLI Credentials

You need IAM credentials (Access Key ID & Secret Access Key) from your AWS Admin.

1. Open **Command Prompt**.
2. Run:

```bash
aws configure
```

3. Provide the following details when prompted:

| Prompt | Example |
|---------|----------|
| AWS Access Key ID | AKIAIOSFODNN7EXAMPLE |
| AWS Secret Access Key | wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
| Default region name | us-east-1 |
| Default output format | json |

To verify your configuration:

```bash
aws configure list
```

✅ This command will show where credentials are stored and confirm configuration.

---

## 🧩 Step 4: Verify IAM User Permissions

Ensure the IAM user has the following policy attached:

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:GetObject"
      ],
      "Resource": "*"
    }
  ]
}
```

✅ *This is equivalent to `AmazonS3ReadOnlyAccess` managed policy.*

---

## 🧩 Step 5: Run Basic AWS Commands

Once credentials are configured, test connectivity and permissions.

### 🧠 List All S3 Buckets (Read Access)
```bash
aws s3 ls
```

Example Output:
```
2024-10-10  12:23:45  my-demo-bucket
2024-08-03  09:13:20  my-static-site-demo
```

### 📦 List Contents of a Specific Bucket
```bash
aws s3 ls s3://my-static-site-demo
```

### 🌍 Check Bucket Region
```bash
aws s3api get-bucket-location --bucket my-static-site-demo
```

### ⚙️ View User Identity (Optional)
```bash
aws sts get-caller-identity
```

---

## 🧩 Step 6: Troubleshooting

- **Error: Unable to locate credentials** → Run `aws configure` again.
- **AccessDenied or Forbidden** → Confirm IAM user has the right policy.
- **SSL Certificate Errors** → Check internet proxy or system time.

To see detailed logs:

```bash
aws s3 ls --debug
```

---

## ✅ Summary

- Installed AWS CLI on Windows
- Configured credentials for S3 Read-Only user
- Verified permissions and listed S3 buckets

🎉 *You have successfully connected to AWS and run your first commands!*

---
### 📚 Reference
- [AWS CLI Installation Guide](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
- [AWS CLI Command Reference](https://docs.aws.amazon.com/cli/latest/reference/)
- [Amazon S3 ReadOnly Policy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonS3ReadOnlyAccess.html)