AWS CLI Cheat Sheet

Setup

# Install (macOS)
brew install awscli

# Configure
aws configure
# AWS Access Key ID: AKIAIOSFODNN7EXAMPLE
# AWS Secret Access Key: ****
# Default region name: ap-northeast-1
# Default output format: json

# Switch profile
aws configure --profile production
export AWS_PROFILE=production

# Check current configuration
aws configure list
aws sts get-caller-identity

S3

Bucket Operations

# List buckets
aws s3 ls

# Create bucket
aws s3 mb s3://my-bucket

# Delete bucket (empty)
aws s3 rb s3://my-bucket

# Delete bucket (including contents)
aws s3 rb s3://my-bucket --force

File Operations

# List files
aws s3 ls s3://my-bucket/
aws s3 ls s3://my-bucket/path/ --recursive

# Upload
aws s3 cp file.txt s3://my-bucket/
aws s3 cp file.txt s3://my-bucket/path/file.txt

# Download
aws s3 cp s3://my-bucket/file.txt ./
aws s3 cp s3://my-bucket/path/ ./ --recursive

# Sync directories
aws s3 sync ./local s3://my-bucket/remote
aws s3 sync s3://my-bucket/remote ./local
aws s3 sync ./local s3://my-bucket/remote --delete

# Delete
aws s3 rm s3://my-bucket/file.txt
aws s3 rm s3://my-bucket/path/ --recursive

# Move
aws s3 mv s3://my-bucket/old.txt s3://my-bucket/new.txt

# Pre-signed URL
aws s3 presign s3://my-bucket/file.txt --expires-in 3600

EC2

Instances

# List instances
aws ec2 describe-instances

# Specific information only
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]' --output table

# Running instances only
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Start instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0

# Stop instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Terminate instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Launch instance
aws ec2 run-instances \
  --image-id ami-12345678 \
  --instance-type t3.micro \
  --key-name my-key \
  --security-group-ids sg-12345678 \
  --subnet-id subnet-12345678

Security Groups

# List
aws ec2 describe-security-groups

# Create
aws ec2 create-security-group \
  --group-name my-sg \
  --description "My security group"

# Add rule
aws ec2 authorize-security-group-ingress \
  --group-id sg-12345678 \
  --protocol tcp \
  --port 443 \
  --cidr 0.0.0.0/0

Lambda

# List functions
aws lambda list-functions

# Get function info
aws lambda get-function --function-name my-function

# Invoke function
aws lambda invoke \
  --function-name my-function \
  --payload '{"key": "value"}' \
  output.json

# Update function code
aws lambda update-function-code \
  --function-name my-function \
  --zip-file fileb://function.zip

# Update environment variables
aws lambda update-function-configuration \
  --function-name my-function \
  --environment "Variables={KEY1=value1,KEY2=value2}"

# View logs
aws logs tail /aws/lambda/my-function --follow

IAM

# List users
aws iam list-users

# List roles
aws iam list-roles

# List policies
aws iam list-policies --scope Local

# List access keys
aws iam list-access-keys --user-name my-user

# Create access key
aws iam create-access-key --user-name my-user

# Delete access key
aws iam delete-access-key --user-name my-user --access-key-id AKIAIOSFODNN7EXAMPLE

CloudFormation

# List stacks
aws cloudformation list-stacks

# Create stack
aws cloudformation create-stack \
  --stack-name my-stack \
  --template-body file://template.yaml \
  --parameters ParameterKey=Env,ParameterValue=prod

# Update stack
aws cloudformation update-stack \
  --stack-name my-stack \
  --template-body file://template.yaml

# Delete stack
aws cloudformation delete-stack --stack-name my-stack

# View events
aws cloudformation describe-stack-events --stack-name my-stack

RDS

# List instances
aws rds describe-db-instances

# Create snapshot
aws rds create-db-snapshot \
  --db-instance-identifier my-db \
  --db-snapshot-identifier my-snapshot

# List snapshots
aws rds describe-db-snapshots --db-instance-identifier my-db

CloudWatch

# View logs
aws logs tail /aws/lambda/my-function --since 1h
aws logs tail /aws/lambda/my-function --follow

# List log groups
aws logs describe-log-groups

# Get metrics
aws cloudwatch get-metric-statistics \
  --namespace AWS/EC2 \
  --metric-name CPUUtilization \
  --dimensions Name=InstanceId,Value=i-1234567890abcdef0 \
  --start-time 2025-01-01T00:00:00Z \
  --end-time 2025-01-02T00:00:00Z \
  --period 3600 \
  --statistics Average

Secrets Manager

# List secrets
aws secretsmanager list-secrets

# Get secret
aws secretsmanager get-secret-value --secret-id my-secret

# Create secret
aws secretsmanager create-secret \
  --name my-secret \
  --secret-string '{"username":"admin","password":"secret"}'

# Update secret
aws secretsmanager update-secret \
  --secret-id my-secret \
  --secret-string '{"username":"admin","password":"newsecret"}'

Useful Options

# Output format
--output json    # JSON (default)
--output table   # Table
--output text    # Text

# Filtering (JMESPath)
--query 'Items[*].{Name:name,ID:id}'
--query 'Items[?status==`active`]'

# Dry run
--dry-run

# Specify region
--region us-east-1

Related Articles

• AWS Lambda in Practice - Lambda details
• Bash Cheat Sheet - Shell operations
• Docker Cheat Sheet - Container operations