AWS CLI: Cheat Sheet
Identity & Config
aws sts get-caller-identity # Who am I?
aws configure # Set default credentials
aws configure --profile staging # Named profile
export AWS_PROFILE=staging # Switch profile
EC2
# List running instances (name, ID, type)
aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" \
--query "Reservations[].Instances[].[InstanceId,InstanceType,Tags[?Key=='Name'].Value|[0]]" \
--output table
aws ec2 start-instances --instance-ids i-0abc123
aws ec2 stop-instances --instance-ids i-0abc123
aws ec2 terminate-instances --instance-ids i-0abc123
S3
aws s3 ls # List buckets
aws s3 ls s3://my-bucket/path/ # List objects
aws s3 cp file.tar.gz s3://my-bucket/ # Upload
aws s3 cp s3://my-bucket/file.tar.gz . # Download
aws s3 sync ./dist s3://my-bucket/ --delete # Sync directory
aws s3 presign s3://my-bucket/report.pdf --expires-in 3600
IAM
aws iam list-users --query "Users[].[UserName,CreateDate]" --output table
aws iam list-roles --query "Roles[].RoleName" --output text
aws iam list-attached-role-policies --role-name MyRole
Lambda
aws lambda list-functions --query "Functions[].[FunctionName,Runtime]" --output table
aws lambda invoke --function-name my-func --payload '{"key":"val"}' out.json
aws lambda update-function-code --function-name my-func --zip-file fileb://function.zip
aws logs tail /aws/lambda/my-func --since 1h --follow
ECS
aws ecs list-clusters --output text
aws ecs list-services --cluster my-cluster --output text
aws ecs update-service --cluster my-cluster --service my-svc --force-new-deployment
aws ecs describe-services --cluster my-cluster --services my-svc \
--query "services[0].runningCount"
CloudFormation
aws cloudformation deploy \
--template-file template.yaml \
--stack-name my-stack \
--capabilities CAPABILITY_IAM \
--parameter-overrides Env=prod
aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE
aws cloudformation delete-stack --stack-name my-stack
SSM & Secrets
aws ssm get-parameter --name /app/db-host --with-decryption \
--query "Parameter.Value" --output text
aws ssm put-parameter --name /app/db-host --value "db.example.com" \
--type SecureString --overwrite
aws ssm start-session --target i-0abc123
aws secretsmanager get-secret-value --secret-id my-secret \
--query "SecretString" --output text
CloudWatch
# Get recent log events
aws logs get-log-events --log-group-name /ecs/my-app \
--log-stream-name ecs/my-app/abc123 --limit 50
# List log groups
aws logs describe-log-groups --query "logGroups[].logGroupName" --output table
# Put a custom metric
aws cloudwatch put-metric-data --namespace "MyApp" \
--metric-name RequestCount --value 1 --unit Count
# Describe alarms in ALARM state
aws cloudwatch describe-alarms --state-value ALARM \
--query "MetricAlarms[].[AlarmName,StateReason]" --output table
Route 53
# List hosted zones
aws route53 list-hosted-zones --query "HostedZones[].[Name,Id]" --output table
# List records in a zone
aws route53 list-resource-record-sets --hosted-zone-id Z1234567890 \
--query "ResourceRecordSets[].[Name,Type]" --output table
ECR
# Authenticate Docker to ECR
aws ecr get-login-password --region us-east-1 | \
docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
# List repositories
aws ecr describe-repositories --query "repositories[].repositoryName" --output table
# List image tags in a repo
aws ecr list-images --repository-name my-app \
--query "imageIds[].imageTag" --output table
# Delete untagged images
aws ecr batch-delete-image --repository-name my-app \
--image-ids "$(aws ecr list-images --repository-name my-app \
--filter tagStatus=UNTAGGED --query 'imageIds' --output json)"
SQS
# List queues
aws sqs list-queues --output table
# Send a message
aws sqs send-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue \
--message-body '{"event":"deploy"}'
# Receive and delete messages
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue
aws sqs purge-queue --queue-url https://sqs.us-east-1.amazonaws.com/123/my-queue
Useful Flags
| Flag | Purpose |
|---|---|
--output table | Human-readable tables |
--query "..." | JMESPath filter |
--dry-run | Check permissions without executing |
--no-paginate | Get all results at once |
--region us-west-2 | Override region |
--profile prod | Use named profile |
Related Articles
Was this article helpful?
Related Articles
AWS Core Services: The DevOps Engineer's Essential Guide
Navigate the essential AWS building blocks — EC2, S3, VPC, IAM, RDS, Lambda, and EKS explained for DevOps engineers with practical examples.
Fix AWS S3 'Access Denied' Errors
Systematically troubleshoot and fix AWS S3 Access Denied errors caused by IAM policies, bucket policies, ACLs, and encryption settings.
Fix AWS EC2 Instance 'Status Check Failed' Errors
Diagnose and recover AWS EC2 instances with failed system or instance status checks using stop/start, volume rescue, and auto-recovery techniques.
AWS IAM Least Privilege: Policies That Won't Lock You Out
Build AWS IAM policies using least privilege without locking yourself out — practical patterns for roles, service accounts, and permission boundaries.
The Complete AWS Cost Optimization Playbook: Compute, Storage, Networking, and Reserved Capacity
A data-driven playbook for cutting AWS costs across compute, storage, networking, and reserved capacity with real numbers and actions.
Terraform CLI: Cheat Sheet
Terraform CLI cheat sheet with commands organized by workflow — init, plan, apply, destroy, state manipulation, imports, and workspace management.
More in AWS
View all →AWS Lambda Cold Start Optimization Using Provisioned Concurrency And SnapStart
Cold starts are the silent SLO killer in serverless architectures. You've built a beautiful Lambda function, deployed it, and everything looks great in you...
AWS ECS Fargate: Serverless Container Deployment Without Managing Nodes
Deploy containers on AWS ECS Fargate — no EC2 instances to manage. Covers task definitions, services, load balancers, environment variables, secrets from SSM/Secrets Manager, auto-scaling, and CI/CD integration.
AWS EKS: Production Kubernetes Cluster Setup from Scratch
Step-by-step guide to launching a production-ready EKS cluster on AWS — node groups, IAM roles, VPC configuration, managed add-ons, kubeconfig setup, and cost optimization. Both eksctl and Terraform approaches covered.
Cloud Landing Zone Architecture: Account Structure Done Right
How to design an AWS Landing Zone with Organizations, SCPs, and account vending that scales from 5 to 500 accounts without becoming a mess.