Appearance
AWS CLI
Comprehensive AWS CLI commands and workflows for managing Amazon Web Services infrastructure, including EC2, S3, Lambda, and more.
Installation & Configuration
| Command | Description |
|---|---|
aws configure | Configure AWS credentials and region |
aws configure list | Show current configuration |
aws configure set region us-west-2 | Set default region |
aws configure set output json | Set output format |
aws sts get-caller-identity | Verify current identity |
aws configure list-profiles | List all configured profiles |
aws configure --profile myprofile | Configure named profile |
EC2 (Elastic Compute Cloud)
Instance Management
| Command | Description |
|---|---|
aws ec2 describe-instances | List all instances |
aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro | Launch instance |
aws ec2 start-instances --instance-ids i-1234567890abcdef0 | Start instance |
aws ec2 stop-instances --instance-ids i-1234567890abcdef0 | Stop instance |
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 | Terminate instance |
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0 | Reboot instance |
Security Groups
| Command | Description |
|---|---|
aws ec2 describe-security-groups | List security groups |
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" | Create security group |
aws ec2 authorize-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 | Add inbound rule |
aws ec2 revoke-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 | Remove inbound rule |
Key Pairs
| Command | Description |
|---|---|
aws ec2 describe-key-pairs | List key pairs |
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem | Create key pair |
aws ec2 delete-key-pair --key-name MyKeyPair | Delete key pair |
S3 (Simple Storage Service)
Bucket Operations
| Command | Description |
|---|---|
aws s3 ls | List all buckets |
aws s3 mb s3://my-bucket | Create bucket |
aws s3 rb s3://my-bucket | Remove empty bucket |
aws s3 rb s3://my-bucket --force | Remove bucket and all contents |
aws s3 ls s3://my-bucket | List objects in bucket |
aws s3 ls s3://my-bucket --recursive | List all objects recursively |
File Operations
| Command | Description |
|---|---|
aws s3 cp file.txt s3://my-bucket/ | Upload file |
aws s3 cp s3://my-bucket/file.txt . | Download file |
aws s3 sync ./local-folder s3://my-bucket/ | Sync local folder to S3 |
aws s3 sync s3://my-bucket/ ./local-folder | Sync S3 to local folder |
aws s3 rm s3://my-bucket/file.txt | Delete file |
aws s3 rm s3://my-bucket/ --recursive | Delete all files in bucket |
Advanced S3 Operations
| Command | Description |
|---|---|
aws s3api get-bucket-versioning --bucket my-bucket | Check versioning status |
aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled | Enable versioning |
aws s3api get-bucket-encryption --bucket my-bucket | Check encryption |
aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration file://encryption.json | Enable encryption |
Lambda
Function Management
| Command | Description |
|---|---|
aws lambda list-functions | List all functions |
aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip | Create function |
aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip | Update function code |
aws lambda invoke --function-name my-function output.txt | Invoke function |
aws lambda delete-function --function-name my-function | Delete function |
Function Configuration
| Command | Description |
|---|---|
aws lambda get-function --function-name my-function | Get function details |
aws lambda update-function-configuration --function-name my-function --timeout 30 | Update timeout |
aws lambda update-function-configuration --function-name my-function --memory-size 256 | Update memory |
aws lambda put-function-event-invoke-config --function-name my-function --maximum-retry-attempts 1 | Configure retries |
IAM (Identity and Access Management)
User Management
| Command | Description |
|---|---|
aws iam list-users | List all users |
aws iam create-user --user-name myuser | Create user |
aws iam delete-user --user-name myuser | Delete user |
aws iam get-user --user-name myuser | Get user details |
aws iam create-access-key --user-name myuser | Create access key |
aws iam delete-access-key --user-name myuser --access-key-id AKIAIOSFODNN7EXAMPLE | Delete access key |
Role Management
| Command | Description |
|---|---|
aws iam list-roles | List all roles |
aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json | Create role |
aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess | Attach policy to role |
aws iam detach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess | Detach policy from role |
Policy Management
| Command | Description |
|---|---|
aws iam list-policies | List all policies |
aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json | Create policy |
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy | Delete policy |
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy | Get policy details |
CloudFormation
Stack Management
| Command | Description |
|---|---|
aws cloudformation list-stacks | List all stacks |
aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml | Create stack |
aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml | Update stack |
aws cloudformation delete-stack --stack-name my-stack | Delete stack |
aws cloudformation describe-stacks --stack-name my-stack | Get stack details |
aws cloudformation describe-stack-events --stack-name my-stack | Get stack events |
Template Operations
| Command | Description |
|---|---|
aws cloudformation validate-template --template-body file://template.yaml | Validate template |
aws cloudformation estimate-template-cost --template-body file://template.yaml | Estimate costs |
aws cloudformation get-template --stack-name my-stack | Get stack template |
RDS (Relational Database Service)
Database Instance Management
| Command | Description |
|---|---|
aws rds describe-db-instances | List all DB instances |
aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro --engine mysql --master-username admin --master-user-password mypassword --allocated-storage 20 | Create DB instance |
aws rds start-db-instance --db-instance-identifier mydb | Start DB instance |
aws rds stop-db-instance --db-instance-identifier mydb | Stop DB instance |
aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot | Delete DB instance |
Database Snapshots
| Command | Description |
|---|---|
aws rds describe-db-snapshots | List all snapshots |
aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot | Create snapshot |
aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mydb-restored --db-snapshot-identifier mydb-snapshot | Restore from snapshot |
aws rds delete-db-snapshot --db-snapshot-identifier mydb-snapshot | Delete snapshot |
VPC (Virtual Private Cloud)
VPC Management
| Command | Description |
|---|---|
aws ec2 describe-vpcs | List all VPCs |
aws ec2 create-vpc --cidr-block 10.0.0.0/16 | Create VPC |
aws ec2 delete-vpc --vpc-id vpc-12345678 | Delete VPC |
aws ec2 describe-subnets | List all subnets |
aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24 | Create subnet |
Route Tables
| Command | Description |
|---|---|
aws ec2 describe-route-tables | List route tables |
aws ec2 create-route-table --vpc-id vpc-12345678 | Create route table |
aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678 | Add route |
aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678 | Associate route table |
CloudWatch
Metrics and Alarms
| Command | Description |
|---|---|
aws cloudwatch list-metrics | List all metrics |
aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistics Average --start-time 2023-01-01T00:00:00Z --end-time 2023-01-02T00:00:00Z --period 3600 | Get metric statistics |
aws cloudwatch describe-alarms | List all alarms |
aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70%" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70.0 --comparison-operator GreaterThanThreshold | Create alarm |
Logs
| Command | Description |
|---|---|
aws logs describe-log-groups | List log groups |
aws logs create-log-group --log-group-name my-log-group | Create log group |
aws logs describe-log-streams --log-group-name my-log-group | List log streams |
aws logs get-log-events --log-group-name my-log-group --log-stream-name my-log-stream | Get log events |
Best Practices
Security
- Use IAM Roles: Prefer IAM roles over access keys for EC2 instances
- Least Privilege: Grant minimum required permissions
- MFA: Enable multi-factor authentication for sensitive operations
- Rotate Keys: Regularly rotate access keys and passwords
Cost Optimization
- Resource Tagging: Tag all resources for cost tracking
- Right Sizing: Monitor and adjust instance sizes based on usage
- Reserved Instances: Use reserved instances for predictable workloads
- Spot Instances: Use spot instances for fault-tolerant workloads
Automation
- CloudFormation: Use Infrastructure as Code for reproducible deployments
- AWS CLI Scripts: Automate repetitive tasks with shell scripts
- AWS SDK: Use AWS SDKs for application integration
- CI/CD: Integrate AWS CLI into continuous integration pipelines