Some links in this article are affiliate links. We earn a commission at no extra cost to you when you purchase through them. Full disclosure.
Click any command to expand the explanation and examples. Comparing cloud providers? See AWS vs GCP vs Azure. For infrastructure as code, check out what is Terraform.
🔧 Setup & Config
aws configure setup
# Interactive setup aws configureSet specific profile
aws configure —profile staging
Check current identity
aws sts get-caller-identity
Use a profile
aws s3 ls —profile staging export AWS_PROFILE=staging # Set for entire session
Check current region
aws configure get region
Output formats setup
# Set default output format aws configure set output jsonOverride per command
aws ec2 describe-instances —output table aws ec2 describe-instances —output text aws ec2 describe-instances —output yaml
Filter with —query (JMESPath)
aws ec2 describe-instances —query ‘Reservations[].Instances[].InstanceId’
📦 S3 — Storage
aws s3 — high-level commands s3
# List buckets aws s3 lsList objects in bucket
aws s3 ls s3://my-bucket/ aws s3 ls s3://my-bucket/folder/ —recursive
Copy files
aws s3 cp file.txt s3://my-bucket/ aws s3 cp s3://my-bucket/file.txt ./ aws s3 cp s3://bucket-a/ s3://bucket-b/ —recursive
Sync (like rsync)
aws s3 sync ./dist s3://my-bucket/ —delete aws s3 sync s3://my-bucket/ ./backup/
Remove
aws s3 rm s3://my-bucket/file.txt aws s3 rm s3://my-bucket/ —recursive # Empty bucket
Create bucket
aws s3 mb s3://my-new-bucket —region eu-west-1
Delete bucket
aws s3 rb s3://my-bucket —force # Force removes contents too
Presigned URL (temporary access)
aws s3 presign s3://my-bucket/file.pdf —expires-in 3600
🖥️ EC2 — Compute
aws ec2 — instances ec2
# List instances aws ec2 describe-instances aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,State.Name,InstanceType]' --output tableFilter by tag
aws ec2 describe-instances —filters “Name=tag:Name,Values=web-server”
Filter by state
aws ec2 describe-instances —filters “Name=instance-state-name,Values=running”
Start / stop / terminate
aws ec2 start-instances —instance-ids i-1234567890abcdef0 aws ec2 stop-instances —instance-ids i-1234567890abcdef0 aws ec2 terminate-instances —instance-ids i-1234567890abcdef0
Get public IP
aws ec2 describe-instances —instance-ids i-123 —query ‘Reservations[0].Instances[0].PublicIpAddress’ —output text
Security groups ec2
# List security groups aws ec2 describe-security-groupsCreate security group
aws ec2 create-security-group —group-name my-sg —description “My SG” —vpc-id vpc-123
Allow inbound SSH
aws ec2 authorize-security-group-ingress —group-id sg-123 —protocol tcp —port 22 —cidr 0.0.0.0/0
Allow inbound HTTP/HTTPS
aws ec2 authorize-security-group-ingress —group-id sg-123 —protocol tcp —port 80 —cidr 0.0.0.0/0 aws ec2 authorize-security-group-ingress —group-id sg-123 —protocol tcp —port 443 —cidr 0.0.0.0/0
⚡ Lambda — Serverless
aws lambda lambda
# List functions aws lambda list-functions aws lambda list-functions --query 'Functions[].FunctionName'Invoke a function
aws lambda invoke —function-name my-func —payload ’{“key”: “value”}’ output.json cat output.json
Update function code
aws lambda update-function-code —function-name my-func —zip-file fileb://function.zip
View logs (last invocation)
aws lambda invoke —function-name my-func —log-type Tail output.json —query ‘LogResult’ —output text | base64 —decode
Update environment variables
aws lambda update-function-configuration —function-name my-func —environment “Variables={KEY=value,DB=prod}“
👤 IAM — Identity
aws iam iam
# List users aws iam list-usersList roles
aws iam list-roles —query ‘Roles[].RoleName’
List policies attached to a user
aws iam list-attached-user-policies —user-name alice
Create user
aws iam create-user —user-name deploy-bot
Create access key
aws iam create-access-key —user-name deploy-bot
Attach policy to user
aws iam attach-user-policy —user-name deploy-bot —policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
📊 CloudWatch — Logs & Monitoring
aws logs logs
# List log groups aws logs describe-log-groupsTail logs (live)
aws logs tail /aws/lambda/my-func —follow
Get recent logs
aws logs tail /aws/lambda/my-func —since 1h
Filter logs
aws logs filter-log-events —log-group-name /aws/lambda/my-func —filter-pattern “ERROR”
🏗️ CloudFormation / Infrastructure
aws cloudformation infra
# List stacks aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETEDeploy stack
aws cloudformation deploy —template-file template.yaml —stack-name my-stack —capabilities CAPABILITY_IAM
Describe stack
aws cloudformation describe-stacks —stack-name my-stack
Stack events (debugging)
aws cloudformation describe-stack-events —stack-name my-stack
Delete stack
aws cloudformation delete-stack —stack-name my-stack
Validate template
aws cloudformation validate-template —template-body file://template.yaml
🔍 Useful Patterns
Common one-liners tips
# Who am I? aws sts get-caller-identityGet account ID
aws sts get-caller-identity —query Account —output text
List all regions
aws ec2 describe-regions —query ‘Regions[].RegionName’ —output text
Estimate S3 bucket size
aws s3 ls s3://my-bucket —recursive —summarize | tail -2
Find unattached EBS volumes
aws ec2 describe-volumes —filters “Name=status,Values=available” —query ‘Volumes[].VolumeId’
Export to JSON for scripting
aws ec2 describe-instances —output json > instances.json
Quick access: Raycast lets you search commands, snippets, and cheat sheets instantly from your keyboard. Free for Mac.
Related:* Azure CLI Cheat Sheet — Commands You’ll Actually Use
Quick access: Raycast lets you search commands, snippets, and cheat sheets instantly from your keyboard. Free for Mac.
Related:* Google Cloud (gcloud) CLI Cheat Sheet — Commands You’ll Actually Use