Installing AWS CLI
pip install awscli
aws configure
AWS S3 Commands
Bucket Operations
# Create a new bucket
aws s3 mb s3://bucket-name
# Remove an empty bucket
aws s3 rb s3://bucket-name
# Remove bucket and all contents
aws s3 rb s3://bucket-name --force
# List all buckets
aws s3 ls
# List contents of a bucket
aws s3 ls s3://bucket-name
File Operations
# Copy local file to S3
aws s3 cp file.txt s3://bucket-name/
# Copy S3 file to local directory
aws s3 cp s3://bucket-name/file.txt .
# Copy between S3 buckets
aws s3 cp s3://bucket1/file.txt s3://bucket2/
# Move local file to S3
aws s3 mv file.txt s3://bucket-name/
# Move S3 file to local directory
aws s3 mv s3://bucket-name/file.txt .
# Delete a file from S3
aws s3 rm s3://bucket-name/file.txt
Directory Operations
# Sync local directory to S3
aws s3 sync ./local-folder s3://bucket-name/folder/
# Sync S3 directory to local
aws s3 sync s3://bucket-name/folder/ ./local-folder
# Copy directory recursively
aws s3 cp ./local-folder s3://bucket-name/folder/ --recursive
# Delete directory and contents
aws s3 rm s3://bucket-name/folder/ --recursive
Useful S3 Options
--dryrun
- Preview operations without executing--exclude "pattern"
- Exclude files matching pattern--include "pattern"
- Include only files matching pattern--delete
- Delete files in destination that donβt exist in source (with sync)--storage-class STANDARD_IA
- Specify storage class--acl public-read
- Set access control list
Advanced S3 Commands
# List buckets with detailed information
aws s3api list-buckets
# Get bucket region
aws s3api get-bucket-location --bucket bucket-name
# Enable versioning
aws s3api put-bucket-versioning --bucket bucket-name --versioning-configuration Status=Enabled
# Generate presigned URL
aws s3 presign s3://bucket-name/file.txt --expires-in 3600
AWS EC2 Commands
Instance Management
# Launch new instance
aws ec2 run-instances --image-id ami-12345678 --instance-type t2.micro
# List all instances
aws ec2 describe-instances
# Get specific instance details
aws ec2 describe-instances --instance-ids i-1234567890abcdef0
# Start stopped instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0
# Stop running instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
# Reboot instance
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0
# Terminate instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
AMI (Amazon Machine Image) Operations
# List your AMIs
aws ec2 describe-images --owners self
# Find Amazon Linux AMIs
aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn2-ami-hvm-*"
# Create AMI from instance
aws ec2 create-image --instance-id i-1234567890abcdef0 --name "My-AMI"
# Delete AMI
aws ec2 deregister-image --image-id ami-12345678
Security Groups
# List all security groups
aws ec2 describe-security-groups
# Create security group
aws ec2 create-security-group --group-name my-sg --description "My security group"
# Add inbound rule
aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 80 --cidr 0.0.0.0/0
# Remove inbound rule
aws ec2 revoke-security-group-ingress --group-id sg-12345678 --protocol tcp --port 80 --cidr 0.0.0.0/0
# Delete security group
aws ec2 delete-security-group --group-id sg-12345678
Key Pairs
# List key pairs
aws ec2 describe-key-pairs
# Create key pair and save to file
aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem
# Delete key pair
aws ec2 delete-key-pair --key-name my-key
Volumes and Storage
# List EBS volumes
aws ec2 describe-volumes
# Create EBS volume
aws ec2 create-volume --size 10 --availability-zone us-east-1a --volume-type gp2
# Attach volume
aws ec2 attach-volume --volume-id vol-12345678 --instance-id i-1234567890abcdef0 --device /dev/sdf
# Detach volume
aws ec2 detach-volume --volume-id vol-12345678
# Delete volume
aws ec2 delete-volume --volume-id vol-12345678
Network and VPC
# List VPCs
aws ec2 describe-vpcs
# List subnets
aws ec2 describe-subnets
# List internet gateways
aws ec2 describe-internet-gateways
# List Elastic IPs
aws ec2 describe-addresses
# Allocate Elastic IP
aws ec2 allocate-address --domain vpc
# Associate Elastic IP
aws ec2 associate-address --instance-id i-1234567890abcdef0 --allocation-id eipalloc-12345678
Useful EC2 Filters and Options
# Filter by instance state
--filters "Name=instance-state-name,Values=running"
# Filter by tag
--filters "Name=tag:Name,Values=MyServer"
# Custom output format
--query 'Instances[*].[InstanceId,State.Name,InstanceType]' --output table
# Validate without executing
--dry-run
AWS IAM Commands
User Management
# List all users
aws iam list-users
# Create new user
aws iam create-user --user-name louie-ck
# Get user details
aws iam get-user --user-name louie-ck
# Update user name
aws iam update-user --user-name louie-ck --new-user-name jane-doe
# Delete user
aws iam delete-user --user-name louie-ck
# Add user to group
aws iam add-user-to-group --user-name louie-ck --group-name developers
# Remove user from group
aws iam remove-user-from-group --user-name louie-ck --group-name developers
Access Keys
# List user's access keys
aws iam list-access-keys --user-name louie-ck
# Create access key for user
aws iam create-access-key --user-name louie-ck
# Deactivate access key
aws iam update-access-key --access-key-id AKIAIOSFODNN7EXAMPLE --status Inactive --user-name louie-ck
# Delete access key
aws iam delete-access-key --access-key-id AKIAIOSFODNN7EXAMPLE --user-name louie-ck
Groups
# List all groups
aws iam list-groups
# Create new group
aws iam create-group --group-name developers
# Get group details and members
aws iam get-group --group-name developers
# Delete group
aws iam delete-group --group-name developers
# List groups for user
aws iam get-groups-for-user --user-name louie-ck
Policies
# List all policies
aws iam list-policies
# List customer-managed policies
aws iam list-policies --scope Local
# Create policy from file
aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json
# Get policy details
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy
# Get policy version
aws iam get-policy-version --policy-arn arn:aws:iam::123456789012:policy/MyPolicy --version-id v1
# Delete policy
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy
Attach/Detach Policies
# Attach policy to user
aws iam attach-user-policy --user-name louie-ck --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
# Detach policy from user
aws iam detach-user-policy --user-name louie-ck --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
# Attach policy to group
aws iam attach-group-policy --group-name developers --policy-arn arn:aws:iam::aws:policy/PowerUserAccess
# Attach policy to role
aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/S3ReadOnlyAccess
List Attached Policies
# List policies attached to user
aws iam list-attached-user-policies --user-name louie-ck
# List policies attached to group
aws iam list-attached-group-policies --group-name developers
# List policies attached to role
aws iam list-attached-role-policies --role-name MyRole
# List inline policies for user
aws iam list-user-policies --user-name louie-ck
Roles
# List all roles
aws iam list-roles
# Create role
aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json
# Get role details
aws iam get-role --role-name MyRole
# Delete role
aws iam delete-role --role-name MyRole
# Create instance profile
aws iam create-instance-profile --instance-profile-name MyProfile
# Add role to instance profile
aws iam add-role-to-instance-profile --instance-profile-name MyProfile --role-name MyRole
Password and Login Management
# Create login profile
aws iam create-login-profile --user-name louie-ck --password MyPassword123
# Get login profile
aws iam get-login-profile --user-name louie-ck
# Update password
aws iam update-login-profile --user-name louie-ck --password NewPassword123
# Delete login profile
aws iam delete-login-profile --user-name louie-ck
# Get password policy
aws iam get-account-password-policy
# Update password policy
aws iam update-account-password-policy --minimum-password-length 12 --require-symbols
MFA (Multi-Factor Authentication)
# List MFA devices for user
aws iam list-mfa-devices --user-name louie-ck
# Enable MFA device
aws iam enable-mfa-device --user-name louie-ck --serial-number arn:aws:iam::123456789012:mfa/louie-ck --authentication-code-1 123456 --authentication-code-2 789012
# Deactivate MFA device
aws iam deactivate-mfa-device --user-name louie-ck --serial-number arn:aws:iam::123456789012:mfa/louie-ck
Best Practices
1. Use Profiles for Multiple Accounts
# Configure named profile
aws configure --profile production
# Use profile in commands
aws s3 ls --profile production
2. Output Formatting
# Table format for better readability
aws ec2 describe-instances --output table
# JSON format for programmatic use
aws ec2 describe-instances --output json
# Text format for simple parsing
aws ec2 describe-instances --output text
3. Filtering and Querying
# Use JMESPath for complex queries
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]'
# Combine filters for precise results
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Environment,Values=production"
Best Practices
- Always use
--dry-run
when available to preview changes - Test commands in development environments first
- Regularly rotate access keys
- Automation and Scripting
# Store frequently used commands as shell functions
get_running_instances() {
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*].[InstanceId,Tags[?Key==`Name`].Value|[0]]' --output table
}
# Use variables for reusable values
BUCKET_NAME="my-company-backups"
aws s3 sync ./data s3://$BUCKET_NAME/$(date +%Y-%m-%d)/