โ๏ธ
AWS CLI
AWS CLI commands across S3, EC2, IAM, ECS, Lambda, RDS, CloudWatch and more
S3 โ Buckets & Objects
Create, list, copy, sync and delete S3 resources
bashยทList all buckets
aws s3 ls
bashยทList bucket contents (recursive)
aws s3 ls s3://<bucket>/ --recursive --human-readable
bashยทCreate bucket
aws s3 mb s3://<bucket> --region <region>
bashยทRemove empty bucket
aws s3 rb s3://<bucket>
bashยทRemove bucket and all contents
aws s3 rb s3://<bucket> --force
bashยทUpload file
aws s3 cp ./file.txt s3://<bucket>/path/
bashยทDownload file
aws s3 cp s3://<bucket>/path/file.txt ./file.txt
bashยทSync local โ S3 (delete removed files)
aws s3 sync ./local-dir s3://<bucket>/prefix --delete
bashยทSync S3 โ local
aws s3 sync s3://<bucket>/prefix ./local-dir
bashยทDelete object
aws s3 rm s3://<bucket>/path/file.txt
bashยทDelete all objects under prefix
aws s3 rm s3://<bucket>/prefix/ --recursive
bashยทGenerate presigned URL (1 hour)
aws s3 presign s3://<bucket>/file.txt --expires-in 3600
EC2 โ Instances
Describe, start, stop, and connect to EC2 instances
bashยทList instances (table view)
aws ec2 describe-instances \ --query "Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType,PublicIpAddress,Tags[?Key=='Name'].Value|[0]]" \ --output table
bashยทStart instance
aws ec2 start-instances --instance-ids <id>
bashยทStop instance
aws ec2 stop-instances --instance-ids <id>
bashยทReboot instance
aws ec2 reboot-instances --instance-ids <id>
bashยทTerminate instance
aws ec2 terminate-instances --instance-ids <id>
bashยทGet instance public IP
aws ec2 describe-instances --instance-ids <id> \ --query "Reservations[0].Instances[0].PublicIpAddress" --output text
bashยทConnect via SSM Session Manager
aws ssm start-session --target <instance-id>
bashยทList security groups
aws ec2 describe-security-groups \ --query "SecurityGroups[*].[GroupId,GroupName,Description]" --output table
bashยทList key pairs
aws ec2 describe-key-pairs --query "KeyPairs[*].KeyName" --output table
IAM โ Users, Roles & Policies
Manage IAM identities and permissions
bashยทList users
aws iam list-users --query "Users[*].[UserName,UserId,CreateDate]" --output table
bashยทCreate user
aws iam create-user --user-name <username>
bashยทDelete user
aws iam delete-user --user-name <username>
bashยทList roles
aws iam list-roles --query "Roles[*].[RoleName,Arn]" --output table
bashยทGet caller identity (who am I?)
aws sts get-caller-identity
bashยทAttach managed policy to user
aws iam attach-user-policy --user-name <username> --policy-arn arn:aws:iam::aws:policy/<PolicyName>
bashยทList attached policies for user
aws iam list-attached-user-policies --user-name <username>
bashยทCreate access key for user
aws iam create-access-key --user-name <username>
bashยทList access keys
aws iam list-access-keys --user-name <username>
bashยทAssume role (get temp credentials)
aws sts assume-role \ --role-arn arn:aws:iam::<account-id>:role/<role-name> \ --role-session-name my-session
ECS โ Clusters & Services
Deploy and manage containers with ECS
bashยทList clusters
aws ecs list-clusters
bashยทList services in cluster
aws ecs list-services --cluster <cluster-name>
bashยทDescribe service
aws ecs describe-services --cluster <cluster> --services <service>
bashยทForce new deployment
aws ecs update-service --cluster <cluster> --service <service> --force-new-deployment
bashยทScale service
aws ecs update-service --cluster <cluster> --service <service> --desired-count 3
bashยทList running tasks
aws ecs list-tasks --cluster <cluster> --service-name <service>
bashยทStop a task
aws ecs stop-task --cluster <cluster> --task <task-id> --reason "manual stop"
bashยทExecute command in task (ECS Exec)
aws ecs execute-command \ --cluster <cluster> --task <task-id> \ --container <container-name> \ --command "/bin/sh" --interactive
Lambda โ Functions
Deploy, invoke and monitor Lambda functions
bashยทList functions
aws lambda list-functions --query "Functions[*].[FunctionName,Runtime,LastModified]" --output table
bashยทInvoke function (sync)
aws lambda invoke --function-name <name> --payload '{"key":"value"}' /tmp/response.json && cat /tmp/response.jsonbashยทInvoke function (async)
aws lambda invoke --function-name <name> --invocation-type Event --payload '{}' /tmp/out.jsonbashยทUpdate function code from zip
aws lambda update-function-code --function-name <name> --zip-file fileb://function.zip
bashยทUpdate environment variable
aws lambda update-function-configuration \
--function-name <name> \
--environment "Variables={KEY=value,OTHER=value}"bashยทGet function configuration
aws lambda get-function-configuration --function-name <name>
bashยทTail live logs via CloudWatch
aws logs tail /aws/lambda/<name> --follow
RDS โ Databases
Manage RDS instances and snapshots
bashยทList DB instances
aws rds describe-db-instances --query "DBInstances[*].[DBInstanceIdentifier,DBInstanceStatus,Engine,Endpoint.Address]" --output table
bashยทStart DB instance
aws rds start-db-instance --db-instance-identifier <id>
bashยทStop DB instance
aws rds stop-db-instance --db-instance-identifier <id>
bashยทCreate manual snapshot
aws rds create-db-snapshot --db-instance-identifier <id> --db-snapshot-identifier <snapshot-id>
bashยทList snapshots
aws rds describe-db-snapshots --db-instance-identifier <id> --query "DBSnapshots[*].[DBSnapshotIdentifier,Status,SnapshotCreateTime]" --output table
bashยทRestore from snapshot
aws rds restore-db-instance-from-db-snapshot \ --db-instance-identifier <new-id> \ --db-snapshot-identifier <snapshot-id>
CloudWatch โ Logs & Metrics
Query logs and metrics from CloudWatch
bashยทList log groups
aws logs describe-log-groups --query "logGroups[*].logGroupName" --output table
bashยทTail log group (live)
aws logs tail <log-group-name> --follow
bashยทFilter log events
aws logs filter-log-events \ --log-group-name <group> \ --filter-pattern "ERROR" \ --start-time $(date -d '1 hour ago' +%s000)
bashยทRun Logs Insights query
aws logs start-query \ --log-group-name <group> \ --start-time $(date -d '1 hour ago' +%s) \ --end-time $(date +%s) \ --query-string 'fields @timestamp, @message | filter @message like /ERROR/ | sort @timestamp desc | limit 20'
bashยทGet Logs Insights results
aws logs get-query-results --query-id <query-id>
bashยทGet metric statistics (CPU last hour)
aws cloudwatch get-metric-statistics \ --namespace AWS/EC2 \ --metric-name CPUUtilization \ --dimensions Name=InstanceId,Value=<instance-id> \ --start-time $(date -u -d '1 hour ago' +%FT%TZ) \ --end-time $(date -u +%FT%TZ) \ --period 300 --statistics Average
ECR โ Container Registry
Push and pull Docker images to/from ECR
bashยทAuthenticate Docker to ECR
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
bashยทCreate repository
aws ecr create-repository --repository-name <name> --region <region>
bashยทList repositories
aws ecr describe-repositories --query "repositories[*].[repositoryName,repositoryUri]" --output table
bashยทTag & push image
docker tag <local-image>:<tag> <account-id>.dkr.ecr.<region>.amazonaws.com/<repo>:<tag> docker push <account-id>.dkr.ecr.<region>.amazonaws.com/<repo>:<tag>
bashยทList images in repository
aws ecr list-images --repository-name <name> --query "imageIds[*].[imageTag,imageDigest]" --output table
bashยทDelete image
aws ecr batch-delete-image --repository-name <name> --image-ids imageTag=<tag>
VPC & Networking
Inspect VPCs, subnets, and route tables
bashยทList VPCs
aws ec2 describe-vpcs --query "Vpcs[*].[VpcId,CidrBlock,Tags[?Key=='Name'].Value|[0]]" --output table
bashยทList subnets
aws ec2 describe-subnets --query "Subnets[*].[SubnetId,VpcId,CidrBlock,AvailabilityZone]" --output table
bashยทList route tables
aws ec2 describe-route-tables --query "RouteTables[*].[RouteTableId,VpcId]" --output table
bashยทList internet gateways
aws ec2 describe-internet-gateways --query "InternetGateways[*].[InternetGatewayId,Attachments[0].VpcId]" --output table
bashยทDescribe network ACLs
aws ec2 describe-network-acls --query "NetworkAcls[*].[NetworkAclId,VpcId,IsDefault]" --output table
SSM Parameter Store & Secrets
Read and write secrets and config from SSM
bashยทGet parameter (decrypted)
aws ssm get-parameter --name /my/param --with-decryption --query Parameter.Value --output text
bashยทGet all parameters by path
aws ssm get-parameters-by-path --path /my/app/ --with-decryption --recursive
bashยทPut parameter (SecureString)
aws ssm put-parameter --name /my/param --value 'secret' --type SecureString --overwrite
bashยทDelete parameter
aws ssm delete-parameter --name /my/param
bashยทGet secret from Secrets Manager
aws secretsmanager get-secret-value --secret-id <secret-name> --query SecretString --output text
bashยทList secrets
aws secretsmanager list-secrets --query "SecretList[*].[Name,LastChangedDate]" --output table