AWS CLI: Cheat Sheet
Dev Patel3 min readIdentity & Config
aws sts get-caller-identity # Who am I?
aws configure # Set default credentials
aws configure --profile staging # Named profile
export AWS_PROFILE=staging # Switch profile
EC2
# List running instances (name, ID, type)
aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" \
--query "Reservations[].Instances[].[InstanceId,InstanceType,Tags[?Key=='Name'].Value|[0]]" \
--output table
aws ec2 start-instances --instance-ids i-0abc123
aws ec2 stop-instances --instance-ids i-0abc123
aws ec2 terminate-instances --instance-ids i-0abc123
S3
aws s3 ls # List buckets
aws s3 ls s3://my-bucket/path/ # List objects
aws s3 cp file.tar.gz s3://my-bucket/ # Upload
aws s3 cp s3://my-bucket/file.tar.gz . # Download
aws s3 sync ./dist s3://my-bucket/ --delete # Sync directory
aws s3 presign s3://my-bucket/report.pdf --expires-in 3600
IAM
aws iam list-users --query "Users[].[UserName,CreateDate]" --output table
aws iam list-roles --query "Roles[].RoleName" --output text
aws iam list-attached-role-policies --role-name MyRole
Lambda
aws lambda list-functions --query "Functions[].[FunctionName,Runtime]" --output table
aws lambda invoke --function-name my-func --payload '{"key":"val"}' out.json
aws lambda update-function-code --function-name my-func --zip-file fileb://function.zip
aws logs tail /aws/lambda/my-func --since 1h --follow
ECS
aws ecs list-clusters --output text
aws ecs list-services --cluster my-cluster --output text
aws ecs update-service --cluster my-cluster --service my-svc --force-new-deployment
aws ecs describe-services --cluster my-cluster --services my-svc \
--query "services[0].runningCount"
CloudFormation
aws cloudformation deploy \
--template-file template.yaml \
--stack-name my-stack \
--capabilities CAPABILITY_IAM \
--parameter-overrides Env=prod
aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE
aws cloudformation delete-stack --stack-name my-stack
SSM & Secrets
aws ssm get-parameter --name /app/db-host --with-decryption \
--query "Parameter.Value" --output text
aws ssm put-parameter --name /app/db-host --value "db.example.com" \
--type SecureString --overwrite
aws ssm start-session --target i-0abc123
aws secretsmanager get-secret-value --secret-id my-secret \
--query "SecretString" --output text
CloudWatch
# Get recent log events
aws logs get-log-events --log-group-name /ecs/my-app \
--log-stream-name ecs/my-app/abc123 --limit 50
# List log groups
aws logs describe-log-groups --query "logGroups[].logGroupName" --output table
# Put a custom metric
aws cloudwatch put-metric-data --namespace "MyApp" \
--metric-name RequestCount --value 1 --unit Count
# Describe alarms in ALARM state
aws cloudwatch describe-alarms --state-value ALARM \
--query "MetricAlarms[].[AlarmName,StateReason]" --output table
Route 53
# List hosted zones
aws route53 list-hosted-zones --query "HostedZones[].[Name,Id]" --output table
# List records in a zone
aws route53 list-resource-record-sets --hosted-zone-id Z1234567890 \
--query "ResourceRecordSets[].[Name,Type]" --output table
ECR
# Authenticate Docker to ECR
aws ecr get-login-password --region us-east-1 | \
docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
# List repositories
aws ecr describe-repositories --query "repositories[].repositoryName" --output table
# List image tags in a repo
aws ecr list-images --repository-name my-app \
--query "imageIds[].imageTag" --output table
# Delete untagged images
aws ecr batch-delete-image --repository-name my-app \
--image-ids "$(aws ecr list-images --repository-name my-app \
--filter tagStatus=UNTAGGED --query 'imageIds' --output json)"
SQS
# List queues
aws sqs list-queues --output table
# Send a message
aws sqs send-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue \
--message-body '{"event":"deploy"}'
# Receive and delete messages
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue
aws sqs purge-queue --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue
Useful Flags
| Flag | Purpose |
|---|---|
--output table | Human-readable tables |
--query "..." | JMESPath filter |
--dry-run | Check permissions without executing |
--no-paginate | Get all results at once |
--region us-west-2 | Override region |
--profile prod | Use named profile |
Related Articles
Related Articles
AWSTutorialFresh
AWS Core Services: The DevOps Engineer's Essential Guide
Navigate the essential AWS building blocks — EC2, S3, VPC, IAM, RDS, Lambda, and EKS explained for DevOps engineers with practical examples.
26 min read
Cloud CostDeep DiveFresh
The Complete AWS Cost Optimization Playbook: Compute, Storage, Networking, and Reserved Capacity
A data-driven playbook for cutting AWS costs across compute, storage, networking, and reserved capacity with real numbers and actions.
15 min read
TerraformQuick RefFresh
Terraform CLI: Cheat Sheet
Terraform CLI cheat sheet with commands organized by workflow — init, plan, apply, destroy, state manipulation, imports, and workspace management.
3 min read