Aiven is a next-generation managed cloud services platform. Its focus is in ease of adoption, high fault resilience, customer's peace of mind and advanced features at competitive price points. See https://aiven.io/ for more information about the backend service.
aiven-client (avn
) is the official command-line client for Aiven.
Requirements:
Pypi installation is the recommended route for most users:
$ python3 -m pip install aiven-client
It is also possible to build an RPM:
$ make rpm
To check that the tool is installed and working, run it without arguments:
$ avn
If you see usage output, you're all set.
Note: On Windows you may need to usepython3 -m aiven.client
instead ofavn
.
The simplest way to use Aiven CLI is to authenticate with the username and password you use on Aiven:
$ avn user login <[email protected]>
The command will prompt you for your password.
You can also use an access token generated in the Aiven Console:
$ avn user login <[email protected]> --token
You will be prompted for your access token as above.
If you are registered on Aiven through the AWS or GCP marketplace, then you need to specify an additional argument --tenant
. Currently the supported value are aws
and gcp
, for example:
$ avn user login <[email protected]> --tenant aws
Some handy hints that work with all commands:
- The
avn help
command shows all commands and can search for a command, so for exampleavn help kafka topic
shows commands with kafka and topic in their description. - Passing
-h
or--help
gives help output for any command. Examples:avn --help
oravn service --help
. - All commands will output the raw REST API JSON response with
--json
, we use this extensively ourselves in conjunction with jq.
Login:
$ avn user login <[email protected]>
Logout (revokes current access token, other sessions remain valid):
$ avn user logout
Expire all authentication tokens for your user, logs out all web console sessions, etc. You will need to login again after this:
$ avn user tokens-expire
Manage individual access tokens:
$ avn user access-token list $ avn user access-token create --description <usage_description> [--max-age-seconds <secs>] [--extend-when-used] $ avn user access-token update <token|token_prefix> --description <new_description> $ avn user access-token revoke <token|token_prefix>
Note that the system has hard limits for the number of tokens you can create. If you're
permanently done using a token you should always use user access-token revoke
operation
to revoke the token so that it does not count towards the quota.
Alternatively, you can add 2 JSON files, first create a default config in ~/.config/aiven/aiven-credentials.json
containing the JSON with an auth_token
:
{ "auth_token": "ABC1+123...TOKEN==", "user_email": "[email protected]" }
Second create a default config in ~/.config/aiven/aiven-client.json
containing the json with the default_project
:
{"default_project": "yourproject-abcd"}
List available cloud regions:
$ avn cloud list
List projects you are a member of:
$ avn project list
Project commands operate on the currently active project or the project
specified with the --project NAME
switch. The active project cab be changed
with the project switch
command:
$ avn project switch <projectname>
Show active project's details:
$ avn project details
Create a project and set the default cloud region for it:
$ avn project create myproject --cloud aws-us-east-1
Delete an empty project:
$ avn project delete myproject
List authorized users in a project:
$ avn project user-list
Invite an existing Aiven user to a project:
$ avn project user-invite [email protected]
Remove a user from the project:
$ avn project user-remove [email protected]
View project management event log:
$ avn events
List services (of the active project):
$ avn service list
List services in a specific project:
$ avn service list --project proj2
List only a specific service:
$ avn service list db1
Verbose list (includes connection information, etc.):
$ avn service list db1 -v
Full service information in JSON, as it is returned by the Aiven REST API:
$ avn service list db1 --json
Only a specific field in the output, custom formatting:
$ avn service list db1 --format "The service is at {service_uri}"
View service log entries (most recent entries and keep on following logs, other options can be used to get history):
$ avn service logs db1 -f
View available service plans:
$ avn service plans
Launch a PostgreSQL service:
$ avn service create mydb -t pg --plan hobbyist
View service type specific options, including examples on how to set them:
$ avn service types -v
Launch a PostgreSQL service of a specific version (see above command):
$ avn service create mydb96 -t pg --plan hobbyist -c pg_version=9.6
Update a service's list of allowed client IP addresses. Note that a list of multiple values is provided as a comma separated list:
$ avn service update mydb96 -c ip_filter=10.0.1.0/24,10.0.2.0/24,1.2.3.4/32
Open psql client and connect to the PostgreSQL service (also available for InfluxDB):
$ avn service cli mydb96
Update a service to a different plan AND move it to another cloud region:
$ avn service update mydb --plan startup-4 --cloud aws-us-east-1
Power off a service:
$ avn service update mydb --power-off
Power on a service:
$ avn service update mydb --power-on
Terminate a service (all data will be gone!):
$ avn service terminate mydb
Some service types support multiple users (e.g. PostgreSQL database users).
List, add and delete service users:
$ avn service user-list $ avn service user-create $ avn service user-delete
For Redis services running version 6 or above, it's possible to create users with ACLs:
$ avn service user-create --username new_user --redis-acl-keys="prefix* another_key" --redis-acl-commands="+set" --redis-acl-categories="-@all +@admin" --redis-acl-channels="prefix* some_chan" my-redis-service
Service users are created with strong random passwords.
Service integrations allow to link Aiven services to other Aiven services or to services offered by other companies for example for logging. Some examples for various diffenent integrations: Google cloud logging, AWS Cloudwatch logging, Remote syslog integration and Getting started with Datadog.
List service integration endpoints:
$ avn service integration-endpoint-list
List all available integration endpoint types for given project:
$ avn service integration-endpoint-types-list --project <project>
Create a service integration endpoint:
$ avn service integration-endpoint-create --project <project> --endpoint-type <endpoint type> --endpoint-name <endpoint name> --user-config-json <user configuration as json> $ avn service integration-endpoint-create --project <project> --endpoint-type <endpoint type> --endpoint-name <endpoint name> -c <KEY=VALUE type user configuration>
Update a service integration endpoint:
$ avn service integration-endpoint-update --project <project> --user-config-json <user configuration as json> <endpoint id> $ avn service integration-endpoint-update --project <project> -c <KEY=VALUE type user configuration> <endpoint id>
Delete a service integration endpoint:
$ avn service integration-endpoint-delete --project <project> <endpoint_id>
List service integrations:
$ avn service integration-list <service name>
List all available integration types for given project:
$ avn service integration-types-list --project <project>
Create a service integration:
$ avn service integration-create --project <project> -t <integration type> -s <source service> -d <dest service> -S <source endpoint id> -D <destination endpoint id> --user-config-json <user configuration as json> $ avn service integration-create --project <project> -t <integration type> -s <source service> -d <dest service> -S <source endpoint id> -D <destination endpoint id> -c <KEY=VALUE type user configuration>
Update a service integration:
$ avn service integration-update --project <project> --user-config-json <user configuration as json> <integration_id> $ avn service integration-update --project <project> -c <KEY=VALUE type user configuration> <integration_id>
Delete a service integration:
$ avn service integration-delete --project <project> <integration_id>
List account teams:
$ avn account team list <account_id>
Create a team:
$ avn account team create --team-name <team_name> <account_id>
Delete a team:
$ avn account team delete --team-id <team_id> <account_id>
Attach team to a project:
$ avn account team project-attach --team-id <team_id> --project <project_name> <account_id> --team-type <admin|developer|operator|read_only>
Detach team from project:
$ avn account team project-detach --team-id <team_id> --project <project_name> <account_id>
List projects associated to the team:
$ avn account team project-list --team-id <team_id> <account_id>
List members of the team:
$ avn account team user-list --team-id <team_id> <account_id>
Invite a new member to the team:
$ avn account team user-invite --team-id <team_id> <account_id> <[email protected]>
See the list of pending invitations:
$ avn account team user-list-pending --team-id <team_id> <account_id>
Remove user from the team:
$ avn account team user-delete --team-id <team_id> --user-id <user_id> <account_id>
List configured OAuth2 clients:
$ avn account oauth2-client list <account_id>
Get a configured OAuth2 client's configuration:
$ avn account oauth2-client list <account_id> --oauth2-client-id <client_id>
Create a new OAuth2 client information:
$ avn account oauth2-client create <account_id> --name <app_name> -d <app_description> --redirect-uri <redirect_uri>
Delete an OAuth2 client:
$ avn account oauth2-client delete <account_id> --oauth2-client-id <client_id>
List an OAuth2 client's redirect URIs:
$ avn account oauth2-client redirect-list <account_id> --oauth2-client-id <client_id>
Create a new OAuth2 client redirect URI:
$ avn account oauth2-client redirect-create <account_id> --oauth2-client-id <client_id> --redirect-uri <redirect_uri>
Delete an OAuth2 client redirect URI:
$ avn account oauth2-client redirect-delete <account_id> --oauth2-client-id <client_id> --redirect-uri-id <redirect_uri_id>
List an OAuth2 client's secrets:
$ avn account oauth2-client secret-list <account_id> --oauth2-client-id <client_id>
Create a new OAUth2 client secret:
$ avn account oauth2-client secret-create <account_id> --oauth2-client-id <client_id>
Delete an OAuth2 client's secret:
$ avn account oauth2-client secret-delete <account_id> --oauth2-client-id <client_id> --secret-id <secret_id>
avn supports shell completions. It requires an optional dependency: argcomplete. Install it:
$ python3 -m pip install argcomplete
To use completions in bash, add following line to ~/.bashrc
:
eval "$(register-python-argcomplete avn)"
For more information (including completions usage in other shells) see https://kislyuk.github.io/argcomplete/.
When you spin up a new service, you'll want to connect to it. The --json
option combined with the jq utility is a good way to grab the fields you need for your specific service. Try this to get the connection string:
$ avn service get --json <service> | jq ".service_uri"
Each project has its own CA cert, and other services (notably Kafka) use mutualTLS so you will also need the service.key
and service.cert
files too for those. Download all three files to the local directory:
$ avn service user-creds-download --username avnadmin <service>
For working with kcat (see also our help article ) or the command-line tools that ship with Kafka itself, a keystore and trustore are needed. By specifying which user's creds to use, and a secret, you can generate these via avn
too:
$ avn service user-kafka-java-creds --username avnadmin -p t0pS3cr3t <service>
Check the CONTRIBUTING guide for details on how to contribute to this repository.
We maintain some other resources that you may also find useful: