AWS CLI Cheat Sheet

A complete reference of AWS CLI commands with practical examples for cloud services. Find commands for S3, EC2, Lambda, CloudFormation, IAM and more with searchable categories.

31 commands found
Filter by category:

aws configure

Configuration

Configure AWS credentials and settings

Syntax:

aws configure [--profile profile-name]

Examples:

aws configure Configure default AWS credentials interactively
aws configure --profile production Configure credentials for named profile
aws configure list List current configuration settings

Notes:

Stores credentials in ~/.aws/credentials and config in ~/.aws/config

aws sts get-caller-identity

Configuration

Get current AWS user/role identity

Syntax:

aws sts get-caller-identity [--profile profile-name]

Examples:

aws sts get-caller-identity Show current AWS identity
aws sts get-caller-identity --profile prod Check identity for specific profile

Notes:

Useful for verifying current AWS authentication status

aws configure set

Configuration

Set individual configuration values

Syntax:

aws configure set <key> <value> [--profile profile-name]

Examples:

aws configure set region us-west-2 Set default region
aws configure set output json Set default output format
aws configure set aws_access_key_id AKIAIOSFODNN7EXAMPLE --profile myprofile Set access key for specific profile

Notes:

Allows setting individual config values without interactive prompt

aws s3 ls

Storage

List S3 buckets and objects

Syntax:

aws s3 ls [s3://bucket-name[/prefix]] [--recursive]

Examples:

aws s3 ls List all S3 buckets
aws s3 ls s3://my-bucket List objects in bucket
aws s3 ls s3://my-bucket/folder/ --recursive List all objects in folder recursively

Notes:

Use --human-readable for file sizes, --summarize for totals

aws s3 cp

Storage

Copy files to/from S3

Syntax:

aws s3 cp <source> <destination> [--recursive]

Examples:

aws s3 cp file.txt s3://my-bucket/ Upload file to S3
aws s3 cp s3://my-bucket/file.txt ./ Download file from S3
aws s3 cp ./folder s3://my-bucket/folder --recursive Upload folder recursively

Notes:

Add --dryrun to test without actually copying

aws s3 sync

Storage

Synchronize directories with S3

Syntax:

aws s3 sync <source> <destination> [--delete] [--exclude pattern]

Examples:

aws s3 sync ./website s3://my-bucket Sync local directory to S3
aws s3 sync s3://my-bucket ./backup Sync S3 bucket to local directory
aws s3 sync ./src s3://my-bucket/src --delete --exclude '*.tmp' Sync with deletion and exclusions

Notes:

Only uploads/downloads changed files for efficiency

aws s3 rm

Storage

Remove objects from S3

Syntax:

aws s3 rm s3://bucket-name/key [--recursive]

Examples:

aws s3 rm s3://my-bucket/file.txt Delete single object
aws s3 rm s3://my-bucket/folder --recursive Delete folder and all contents
aws s3 rm s3://my-bucket --recursive Delete all objects in bucket

Notes:

Use --dryrun to preview what will be deleted

aws s3 mb

Storage

Create S3 bucket

Syntax:

aws s3 mb s3://bucket-name [--region region]

Examples:

aws s3 mb s3://my-unique-bucket Create bucket in default region
aws s3 mb s3://my-bucket --region eu-west-1 Create bucket in specific region

Notes:

Bucket names must be globally unique across all AWS accounts

aws s3 rb

Storage

Remove S3 bucket

Syntax:

aws s3 rb s3://bucket-name [--force]

Examples:

aws s3 rb s3://my-bucket Remove empty bucket
aws s3 rb s3://my-bucket --force Remove bucket and all contents

Notes:

Bucket must be empty unless --force is used

aws ec2 describe-instances

Compute

List EC2 instances

Syntax:

aws ec2 describe-instances [--instance-ids id1 id2] [--filters Name=key,Values=value]

Examples:

aws ec2 describe-instances List all instances
aws ec2 describe-instances --instance-ids i-1234567890abcdef0 Describe specific instance
aws ec2 describe-instances --filters 'Name=instance-state-name,Values=running' List running instances only

Notes:

Use --query to extract specific fields from the output

aws ec2 run-instances

Compute

Launch EC2 instances

Syntax:

aws ec2 run-instances --image-id ami-id --count count --instance-type type

Examples:

aws ec2 run-instances --image-id ami-0abcdef1234567890 --count 1 --instance-type t2.micro Launch single t2.micro instance
aws ec2 run-instances --image-id ami-12345678 --count 2 --instance-type t3.small --key-name my-key Launch instances with key pair
aws ec2 run-instances --image-id ami-12345678 --count 1 --instance-type t2.micro --security-group-ids sg-12345678 Launch with security group

Notes:

Returns instance IDs for newly created instances

aws ec2 start-instances

Compute

Start stopped EC2 instances

Syntax:

aws ec2 start-instances --instance-ids id1 id2

Examples:

aws ec2 start-instances --instance-ids i-1234567890abcdef0 Start single instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0 i-0987654321fedcba0 Start multiple instances

Notes:

Instances must be in 'stopped' state to be started

aws ec2 stop-instances

Compute

Stop running EC2 instances

Syntax:

aws ec2 stop-instances --instance-ids id1 id2 [--force]

Examples:

aws ec2 stop-instances --instance-ids i-1234567890abcdef0 Stop single instance gracefully
aws ec2 stop-instances --instance-ids i-1234567890abcdef0 --force Force stop instance

Notes:

EBS-backed instances preserve data when stopped

aws ec2 terminate-instances

Compute

Terminate EC2 instances

Syntax:

aws ec2 terminate-instances --instance-ids id1 id2

Examples:

aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 Terminate single instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 i-0987654321fedcba0 Terminate multiple instances

Notes:

Termination is irreversible - all instance store data is lost

aws ec2 describe-security-groups

Compute

List security groups

Syntax:

aws ec2 describe-security-groups [--group-ids sg-id] [--filters Name=key,Values=value]

Examples:

aws ec2 describe-security-groups List all security groups
aws ec2 describe-security-groups --group-ids sg-12345678 Describe specific security group
aws ec2 describe-security-groups --filters 'Name=group-name,Values=web-servers' Find security groups by name

Notes:

Security groups act as virtual firewalls for instances

aws lambda list-functions

Serverless

List Lambda functions

Syntax:

aws lambda list-functions [--max-items num] [--function-version ALL]

Examples:

aws lambda list-functions List all Lambda functions
aws lambda list-functions --max-items 10 List first 10 functions
aws lambda list-functions --function-version ALL List all versions of all functions

Notes:

Returns function metadata including runtime, memory, and timeout

aws lambda invoke

Serverless

Invoke Lambda function

Syntax:

aws lambda invoke --function-name name [--payload json] output-file

Examples:

aws lambda invoke --function-name my-function response.json Invoke function without payload
aws lambda invoke --function-name my-function --payload '{"key":"value"}' response.json Invoke with JSON payload
aws lambda invoke --function-name my-function --invocation-type Event response.json Asynchronous invocation

Notes:

Response is written to the specified output file

aws lambda create-function

Serverless

Create Lambda function

Syntax:

aws lambda create-function --function-name name --runtime runtime --role arn --handler handler --zip-file fileb://file.zip

Examples:

aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip Create Python function from zip
aws lambda create-function --function-name my-node-function --runtime nodejs18.x --role arn:aws:iam::123456789012:role/lambda-role --handler index.handler --zip-file fileb://function.zip Create Node.js function

Notes:

Function code must be packaged as a zip file

aws lambda update-function-code

Serverless

Update Lambda function code

Syntax:

aws lambda update-function-code --function-name name --zip-file fileb://file.zip

Examples:

aws lambda update-function-code --function-name my-function --zip-file fileb://updated-function.zip Update function from zip file
aws lambda update-function-code --function-name my-function --s3-bucket my-bucket --s3-key function.zip Update function from S3

Notes:

Function must exist before updating code

aws logs filter-log-events

Serverless

Get Lambda function logs

Syntax:

aws logs filter-log-events --log-group-name /aws/lambda/function-name [--start-time timestamp]

Examples:

aws logs filter-log-events --log-group-name /aws/lambda/my-function Get recent function logs
aws logs filter-log-events --log-group-name /aws/lambda/my-function --start-time 1640995200000 Get logs from specific timestamp
aws logs filter-log-events --log-group-name /aws/lambda/my-function --filter-pattern ERROR Filter logs for ERROR messages

Notes:

Timestamps are in Unix epoch milliseconds

aws cloudformation list-stacks

Infrastructure

List CloudFormation stacks

Syntax:

aws cloudformation list-stacks [--stack-status-filter status1 status2]

Examples:

aws cloudformation list-stacks List all stacks
aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE List successful stacks only
aws cloudformation list-stacks --stack-status-filter DELETE_FAILED List failed deletions

Notes:

Shows stack name, status, and creation time

aws cloudformation create-stack

Infrastructure

Create CloudFormation stack

Syntax:

aws cloudformation create-stack --stack-name name --template-body file://template.yaml [--parameters ParameterKey=key,ParameterValue=value]

Examples:

aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml Create stack from local template
aws cloudformation create-stack --stack-name my-stack --template-url https://s3.amazonaws.com/bucket/template.yaml Create stack from S3 template
aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml --parameters ParameterKey=Environment,ParameterValue=Production Create stack with parameters

Notes:

Stack name must be unique within the account and region

aws cloudformation update-stack

Infrastructure

Update CloudFormation stack

Syntax:

aws cloudformation update-stack --stack-name name --template-body file://template.yaml

Examples:

aws cloudformation update-stack --stack-name my-stack --template-body file://updated-template.yaml Update stack with new template
aws cloudformation update-stack --stack-name my-stack --use-previous-template --parameters ParameterKey=Environment,ParameterValue=Staging Update stack parameters only

Notes:

CloudFormation creates a change set to preview changes

aws cloudformation delete-stack

Infrastructure

Delete CloudFormation stack

Syntax:

aws cloudformation delete-stack --stack-name name

Examples:

aws cloudformation delete-stack --stack-name my-stack Delete stack and all resources
aws cloudformation delete-stack --stack-name my-stack --retain-resources Resource1 Resource2 Delete stack but retain specific resources

Notes:

All stack resources are deleted unless retention is specified

aws cloudformation describe-stacks

Infrastructure

Get detailed stack information

Syntax:

aws cloudformation describe-stacks [--stack-name name]

Examples:

aws cloudformation describe-stacks --stack-name my-stack Get specific stack details
aws cloudformation describe-stacks Get details for all stacks

Notes:

Returns parameters, outputs, tags, and stack status

aws iam list-users

Security

List IAM users

Syntax:

aws iam list-users [--path-prefix prefix] [--max-items num]

Examples:

aws iam list-users List all IAM users
aws iam list-users --path-prefix /developers/ List users with specific path prefix
aws iam list-users --max-items 10 Limit results to 10 users

Notes:

Returns user metadata including creation date and path

aws iam create-user

Security

Create IAM user

Syntax:

aws iam create-user --user-name username [--path path]

Examples:

aws iam create-user --user-name john-doe Create user with default settings
aws iam create-user --user-name developer --path /developers/ Create user with specific path

Notes:

New users have no permissions until policies are attached

aws iam attach-user-policy

Security

Attach policy to IAM user

Syntax:

aws iam attach-user-policy --user-name username --policy-arn arn

Examples:

aws iam attach-user-policy --user-name john-doe --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess Attach AWS managed policy
aws iam attach-user-policy --user-name developer --policy-arn arn:aws:iam::123456789012:policy/CustomDeveloperPolicy Attach customer managed policy

Notes:

Users can have up to 10 managed policies attached

aws iam list-roles

Security

List IAM roles

Syntax:

aws iam list-roles [--path-prefix prefix] [--max-items num]

Examples:

aws iam list-roles List all IAM roles
aws iam list-roles --path-prefix /service/ List service roles only
aws iam list-roles --max-items 20 Limit results to 20 roles

Notes:

Roles are used for cross-account access and service permissions

aws iam create-role

Security

Create IAM role

Syntax:

aws iam create-role --role-name name --assume-role-policy-document file://policy.json

Examples:

aws iam create-role --role-name lambda-execution-role --assume-role-policy-document file://trust-policy.json Create role for Lambda functions
aws iam create-role --role-name cross-account-role --assume-role-policy-document file://cross-account-trust.json Create role for cross-account access

Notes:

Trust policy defines which entities can assume the role

aws iam create-access-key

Security

Create access key for IAM user

Syntax:

aws iam create-access-key --user-name username

Examples:

aws iam create-access-key --user-name john-doe Create access key for user

Notes:

Returns access key ID and secret - secret is only shown once

☁️ What is AWS CLI?

AWS Command Line Interface (CLI) is a unified tool developed by Amazon Web Services that allows you to manage AWS services from your terminal or command prompt. Launched in 2013, the AWS CLI has become an essential tool for developers, system administrators, and DevOps engineers working with cloud infrastructure. It provides a consistent interface to interact with over 200 AWS services through simple commands, enabling automation, scripting, and efficient cloud resource management.

🚀 Core Features

  • Unified Interface: Single tool for all AWS services
  • Scriptable: Perfect for automation and CI/CD pipelines
  • Cross-platform: Works on Windows, macOS, and Linux
  • Multiple output formats: JSON, table, text, and YAML
  • Pagination: Handle large result sets efficiently
  • Profiles: Manage multiple AWS accounts and regions

💡 Why Use AWS CLI?

  • Automation: Script complex AWS operations and deployments
  • Efficiency: Faster than console for repetitive tasks
  • Integration: Easy to integrate with other tools and scripts
  • Bulk operations: Manage multiple resources at once
  • Version control: Track infrastructure changes with code
  • Remote access: Manage AWS from any terminal

🌟 Key AWS CLI Concepts

Credentials

Access keys (Access Key ID + Secret Access Key) that authenticate your identity to AWS services.

Profiles

Named sets of credentials and configuration settings for different AWS accounts or roles.

Regions

Geographic areas where AWS services are hosted. Commands operate in your default or specified region.

Output Formats

JSON (default), table, text, or YAML formatting for command responses.

Filters & Queries

JMESPath queries to extract specific data from command output.

Pagination

Automatic handling of large result sets across multiple API calls.

🔄 Common AWS CLI Patterns

1. List Resources

View existing resources

aws s3 ls

2. Create Resources

Deploy new infrastructure

aws ec2 run-instances

3. Configure & Update

Modify existing resources

aws lambda update-function

Typical Workflow: Configure → Create → List → Update → Delete

🏗️ Popular AWS Services via CLI

Storage & Content

  • S3: Object storage and website hosting
  • CloudFront: Global content delivery network
  • EBS: Block storage for EC2 instances
  • EFS: Scalable file system

Compute & Containers

  • EC2: Virtual servers in the cloud
  • Lambda: Serverless function execution
  • ECS: Container orchestration service
  • Batch: Managed batch processing

Databases & Analytics

  • RDS: Managed relational databases
  • DynamoDB: NoSQL database service
  • Redshift: Data warehouse solution
  • Athena: Interactive query service

🛠️ Installation & Setup

Installation Methods

  • pip: pip install awscli
  • Homebrew (macOS): brew install awscli
  • MSI Installer (Windows): Download from AWS
  • Docker: docker run amazon/aws-cli
  • Bundle Installer: Standalone installation

Initial Configuration

  • • Run aws configure
  • • Enter Access Key ID
  • • Enter Secret Access Key
  • • Set default region (e.g., us-east-1)
  • • Choose output format (json recommended)
  • • Test with aws sts get-caller-identity

🚀 Getting Started Guide

1. Install & Configure

Install AWS CLI for your platform • Create IAM user with programmatic access • aws configure with your credentials

2. Test Your Setup

aws sts get-caller-identity • Verify your user/account info • Test basic commands like aws s3 ls

3. Explore Core Services

Start with S3 for file storage • Try EC2 for virtual servers • Experiment with Lambda for serverless functions

⚖️ AWS CLI vs Alternatives

AWS CLI Advantages

  • • Official tool with complete AWS API coverage
  • • Consistently updated with new services
  • • Excellent documentation and community support
  • • Built-in pagination and error handling
  • • Multiple output formats and filtering options
  • • Free and open source

Other Tools

  • AWS Console: Web interface, easier for beginners
  • Terraform: Infrastructure as code, multi-cloud
  • AWS CDK: Programming language-based infrastructure
  • Pulumi: Modern infrastructure as code
  • AWS SDKs: Language-specific libraries

AWS CLI Mastery: The AWS CLI is your gateway to cloud automation and infrastructure management. Start with basic commands, practice regularly, and gradually build more complex workflows. Master these commands to accelerate your cloud development and operations! ⚡

Pro AWS CLI Tips

Essential Daily Commands

  1. aws sts get-caller-identity - Verify your identity
  2. aws s3 ls - List your S3 buckets
  3. aws ec2 describe-instances --filters 'Name=instance-state-name,Values=running' - Show running instances
  4. aws lambda list-functions - List Lambda functions
  5. aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE - Show successful stacks
  6. aws logs describe-log-groups - View CloudWatch log groups

AWS CLI Best Practices

  • Use named profiles for multiple accounts: --profile prod
  • Always use --dry-run for testing destructive operations
  • Set up MFA for sensitive operations
  • Use --query to extract specific data from responses
  • Store commonly used filters in shell aliases
  • Use --output table for human-readable results
  • Keep AWS CLI updated: pip install --upgrade awscli