AWS CLI Cheatsheet
AWS CLI commands for IAM, EC2, S3, EKS, Lambda, and CloudWatch Logs.
Identity & Auth
aws sts get-caller-identityShow current account, user ARN
aws configureSet up AWS credentials interactively
aws configure listShow active credentials and region
aws configure list-profilesList all configured profiles
aws --profile staging s3 lsRun command with specific profile
export AWS_PROFILE=stagingSet default profile for session
Show current account, user ARN
Set up AWS credentials interactively
Show active credentials and region
List all configured profiles
Run command with specific profile
Set default profile for session
IAM
aws iam list-usersList all IAM users
aws iam create-user --user-name devuserCreate IAM user
aws iam delete-user --user-name devuserDelete IAM user
aws iam list-rolesList all IAM roles
aws iam get-role --role-name MyRoleGet role details and trust policy
aws iam list-attached-role-policies --role-name MyRoleList policies attached to role
aws iam list-policies --scope LocalList customer-managed policies
aws iam create-access-key --user-name devuserCreate access key for user
aws iam list-access-keys --user-name devuserList user's access keys
List all IAM users
Create IAM user
Delete IAM user
List all IAM roles
Get role details and trust policy
List policies attached to role
List customer-managed policies
Create access key for user
List user's access keys
EC2
aws ec2 describe-instances --output tableList all EC2 instances as table
aws ec2 describe-instances --filters Name=instance-state-name,Values=runningFilter running instances only
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]' --output tableShow ID, state, public IP as table
aws ec2 start-instances --instance-ids i-1234567890abcdef0Start stopped instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0Stop running instance
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0Reboot instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0Terminate (delete) instance
aws ec2 describe-security-groupsList all security groups
aws ec2 describe-vpcsList all VPCs
aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-12345List subnets in a VPC
aws ec2 describe-key-pairsList EC2 key pairs
List all EC2 instances as table
Filter running instances only
Show ID, state, public IP as table
Start stopped instance
Stop running instance
Reboot instance
Terminate (delete) instance
List all security groups
List all VPCs
List subnets in a VPC
List EC2 key pairs
S3
aws s3 lsList all S3 buckets
aws s3 ls s3://my-bucket/List bucket contents
aws s3 ls s3://my-bucket/ --recursive --human-readableRecursive listing with human sizes
aws s3 cp file.txt s3://my-bucket/folder/Upload file to bucket
aws s3 cp s3://my-bucket/file.txt .Download file from bucket
aws s3 sync ./dist s3://my-bucket/Sync local directory to bucket
aws s3 sync s3://my-bucket/ ./backup/Sync bucket to local directory
aws s3 rm s3://my-bucket/file.txtDelete single object
aws s3 rm s3://my-bucket/folder/ --recursiveDelete all objects in prefix
aws s3 mb s3://new-bucket-nameCreate new bucket
aws s3 rb s3://bucket-name --forceDelete bucket and all its contents
aws s3 presign s3://my-bucket/file.txt --expires-in 3600Generate pre-signed URL valid for 1 hour
List all S3 buckets
List bucket contents
Recursive listing with human sizes
Upload file to bucket
Download file from bucket
Sync local directory to bucket
Sync bucket to local directory
Delete single object
Delete all objects in prefix
Create new bucket
Delete bucket and all its contents
Generate pre-signed URL valid for 1 hour
EKS
aws eks list-clustersList all EKS clusters
aws eks describe-cluster --name my-clusterCluster endpoint, version, status
aws eks update-kubeconfig --name my-cluster --region us-east-1Update kubeconfig to access cluster
aws eks list-nodegroups --cluster-name my-clusterList node groups in cluster
aws eks describe-nodegroup --cluster-name my-cluster --nodegroup-name ng-1Node group details, scaling config
aws eks update-nodegroup-config --cluster-name my-cluster --nodegroup-name ng-1 --scaling-config minSize=2,maxSize=5,desiredSize=3Update node group scaling
aws eks list-addons --cluster-name my-clusterList installed EKS add-ons
List all EKS clusters
Cluster endpoint, version, status
Update kubeconfig to access cluster
List node groups in cluster
Node group details, scaling config
Update node group scaling
List installed EKS add-ons
Lambda
aws lambda list-functionsList all Lambda functions
aws lambda invoke --function-name myFunc output.jsonInvoke function synchronously
aws lambda invoke --function-name myFunc --payload '{"key":"val"}' out.jsonInvoke with JSON payload
aws lambda get-function --function-name myFuncFunction config, code URL, runtime
aws lambda update-function-code --function-name myFunc --zip-file fileb://code.zipUpdate function code from zip
aws lambda update-function-configuration --function-name myFunc --timeout 30Update function settings (timeout, memory)
aws lambda list-event-source-mappings --function-name myFuncList triggers (SQS, DynamoDB, etc.)
List all Lambda functions
Invoke function synchronously
Invoke with JSON payload
Function config, code URL, runtime
Update function code from zip
Update function settings (timeout, memory)
List triggers (SQS, DynamoDB, etc.)
CloudWatch Logs
aws logs describe-log-groupsList all log groups
aws logs describe-log-streams --log-group-name /aws/lambda/myFuncList log streams in a group
aws logs tail /aws/lambda/myFunc --followFollow logs in real time (like tail -f)
aws logs tail /aws/lambda/myFunc --since 1hLogs from last 1 hour
aws logs filter-log-events --log-group-name /aws/lambda/myFunc --filter-pattern ERRORSearch logs for pattern
aws logs get-log-events --log-group-name /aws/ecs/myapp --log-stream-name stream-nameFetch specific log stream events
List all log groups
List log streams in a group
Follow logs in real time (like tail -f)
Logs from last 1 hour
Search logs for pattern
Fetch specific log stream events