DevOpsil
AWS
85%
Needs Review

AWS CLI: Cheat Sheet

Dev PatelDev Patel3 min read

Identity & Config

aws sts get-caller-identity           # Who am I?
aws configure                         # Set default credentials
aws configure --profile staging       # Named profile
export AWS_PROFILE=staging            # Switch profile

EC2

# List running instances (name, ID, type)
aws ec2 describe-instances \
  --filters "Name=instance-state-name,Values=running" \
  --query "Reservations[].Instances[].[InstanceId,InstanceType,Tags[?Key=='Name'].Value|[0]]" \
  --output table

aws ec2 start-instances --instance-ids i-0abc123
aws ec2 stop-instances --instance-ids i-0abc123
aws ec2 terminate-instances --instance-ids i-0abc123

S3

aws s3 ls                             # List buckets
aws s3 ls s3://my-bucket/path/        # List objects
aws s3 cp file.tar.gz s3://my-bucket/ # Upload
aws s3 cp s3://my-bucket/file.tar.gz . # Download
aws s3 sync ./dist s3://my-bucket/ --delete  # Sync directory
aws s3 presign s3://my-bucket/report.pdf --expires-in 3600

IAM

aws iam list-users --query "Users[].[UserName,CreateDate]" --output table
aws iam list-roles --query "Roles[].RoleName" --output text
aws iam list-attached-role-policies --role-name MyRole

Lambda

aws lambda list-functions --query "Functions[].[FunctionName,Runtime]" --output table
aws lambda invoke --function-name my-func --payload '{"key":"val"}' out.json
aws lambda update-function-code --function-name my-func --zip-file fileb://function.zip
aws logs tail /aws/lambda/my-func --since 1h --follow

ECS

aws ecs list-clusters --output text
aws ecs list-services --cluster my-cluster --output text
aws ecs update-service --cluster my-cluster --service my-svc --force-new-deployment
aws ecs describe-services --cluster my-cluster --services my-svc \
  --query "services[0].runningCount"

CloudFormation

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name my-stack \
  --capabilities CAPABILITY_IAM \
  --parameter-overrides Env=prod

aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE
aws cloudformation delete-stack --stack-name my-stack

SSM & Secrets

aws ssm get-parameter --name /app/db-host --with-decryption \
  --query "Parameter.Value" --output text
aws ssm put-parameter --name /app/db-host --value "db.example.com" \
  --type SecureString --overwrite
aws ssm start-session --target i-0abc123
aws secretsmanager get-secret-value --secret-id my-secret \
  --query "SecretString" --output text

CloudWatch

# Get recent log events
aws logs get-log-events --log-group-name /ecs/my-app \
  --log-stream-name ecs/my-app/abc123 --limit 50

# List log groups
aws logs describe-log-groups --query "logGroups[].logGroupName" --output table

# Put a custom metric
aws cloudwatch put-metric-data --namespace "MyApp" \
  --metric-name RequestCount --value 1 --unit Count

# Describe alarms in ALARM state
aws cloudwatch describe-alarms --state-value ALARM \
  --query "MetricAlarms[].[AlarmName,StateReason]" --output table

Route 53

# List hosted zones
aws route53 list-hosted-zones --query "HostedZones[].[Name,Id]" --output table

# List records in a zone
aws route53 list-resource-record-sets --hosted-zone-id Z1234567890 \
  --query "ResourceRecordSets[].[Name,Type]" --output table

ECR

# Authenticate Docker to ECR
aws ecr get-login-password --region us-east-1 | \
  docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com

# List repositories
aws ecr describe-repositories --query "repositories[].repositoryName" --output table

# List image tags in a repo
aws ecr list-images --repository-name my-app \
  --query "imageIds[].imageTag" --output table

# Delete untagged images
aws ecr batch-delete-image --repository-name my-app \
  --image-ids "$(aws ecr list-images --repository-name my-app \
  --filter tagStatus=UNTAGGED --query 'imageIds' --output json)"

SQS

# List queues
aws sqs list-queues --output table

# Send a message
aws sqs send-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue \
  --message-body '{"event":"deploy"}'

# Receive and delete messages
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue
aws sqs purge-queue --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue

Useful Flags

FlagPurpose
--output tableHuman-readable tables
--query "..."JMESPath filter
--dry-runCheck permissions without executing
--no-paginateGet all results at once
--region us-west-2Override region
--profile prodUse named profile
Share:

Was this article helpful?

Dev Patel
Dev Patel

Cloud Cost Optimization Specialist

I find the money your cloud is wasting. FinOps practitioner, data-driven analyst, and the person your CFO wishes they'd hired sooner. Every dollar saved is a dollar earned.

Related Articles

AWSQuick RefBeginnerNeeds Review

Fix AWS S3 'Access Denied' Errors

Systematically troubleshoot and fix AWS S3 Access Denied errors caused by IAM policies, bucket policies, ACLs, and encryption settings.

Sarah Chen·
3 min read
TerraformQuick RefBeginnerNeeds Review

Terraform CLI: Cheat Sheet

Terraform CLI cheat sheet with commands organized by workflow — init, plan, apply, destroy, state manipulation, imports, and workspace management.

Zara Blackwood·
3 min read

More in AWS

View all →
AWSTutorialBeginnerNeeds Review

AWS EKS: Production Kubernetes Cluster Setup from Scratch

Step-by-step guide to launching a production-ready EKS cluster on AWS — node groups, IAM roles, VPC configuration, managed add-ons, kubeconfig setup, and cost optimization. Both eksctl and Terraform approaches covered.

Aareez Asif·
6 min read

Discussion