Common AWS CLI v2 commands for S3, EC2, IAM, Lambda, CloudWatch, and more.
aws configure
Interactive prompt: access key, secret, region, output format
aws configure --profile myprofile
Configure a named profile
aws configure list
Show the active credentials and config source
aws sts get-caller-identity
Print the account ID and ARN for the current credentials
AWS_PROFILE=myprofile aws ...
Use a named profile for one command via env var
aws sso login --profile myprofile
Browser-based SSO login for a profile
--output json|yaml|text|table to any command, or set it once with aws configure. --query accepts JMESPath expressions to filter output.
aws s3 ls
List all buckets
aws s3 ls s3://bucket/prefix/
List objects under a prefix
aws s3 cp file.txt s3://bucket/key
Upload a local file
aws s3 cp s3://bucket/key ./file.txt
Download an object to a local file
aws s3 sync ./local/ s3://bucket/prefix/
Sync a local directory to S3 (only uploads changed files)
aws s3 sync s3://bucket/ ./local/ --delete
Sync S3 to local, removing files not in S3
aws s3 mv s3://bucket/old s3://bucket/new
Move/rename an object
aws s3 rm s3://bucket/key
Delete an object
aws s3 rm s3://bucket/prefix/ --recursive
Delete all objects under a prefix
aws s3 presign s3://bucket/key --expires-in 3600
Generate a pre-signed URL valid for 1 hour
aws s3api get-object --bucket b --key k out.bin
Low-level download (exposes metadata)
aws ec2 describe-instances
List all instances in the current region
aws ec2 describe-instances --filters "Name=tag:Env,Values=prod"
Filter instances by tag
aws ec2 describe-instances --query "Reservations[].Instances[].[InstanceId,State.Name,PublicIpAddress]" --output table
Print instance ID, state, and IP as a table
aws ec2 start-instances --instance-ids i-xxxx
Start a stopped instance
aws ec2 stop-instances --instance-ids i-xxxx
Stop a running instance
aws ec2 terminate-instances --instance-ids i-xxxx
Permanently terminate an instance
aws ec2 describe-security-groups --group-ids sg-xxxx
Inspect a security group's rules
aws ec2 describe-key-pairs
List EC2 key pairs
aws ec2 create-ami --instance-id i-xxxx --name "my-ami"
Create an AMI from a running instance
--region us-east-1 to any command or set AWS_DEFAULT_REGION as an environment variable.
aws iam list-users
List all IAM users
aws iam list-roles
List all IAM roles
aws iam get-user --user-name alice
Get details about a specific user
aws iam list-attached-user-policies --user-name alice
Show policies attached to a user
aws iam create-user --user-name bob
Create a new IAM user
aws iam create-access-key --user-name bob
Create access keys for a user
aws iam attach-user-policy --user-name bob --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
Attach an AWS-managed policy to a user
aws iam simulate-principal-policy --policy-source-arn <role-arn> --action-names s3:GetObject
Dry-run: test whether a principal can perform an action
aws lambda list-functions
List all Lambda functions
aws lambda invoke --function-name my-fn --payload '{"key":"val"}' out.json
Invoke a function synchronously, save response to file
aws lambda invoke --invocation-type Event --function-name my-fn out.json
Invoke asynchronously (fire-and-forget)
aws lambda update-function-code --function-name my-fn --zip-file fileb://fn.zip
Deploy a new code package
aws lambda update-function-configuration --function-name my-fn --timeout 30
Update a function's configuration
aws lambda get-function --function-name my-fn
Show function details including the code download URL
aws lambda list-event-source-mappings --function-name my-fn
Show triggers (SQS, DynamoDB streams, etc.)
aws logs describe-log-groups
List log groups
aws logs tail /aws/lambda/my-fn --follow
Stream live logs for a log group (aws logs tail requires CLI v2)
aws logs tail /aws/lambda/my-fn --since 5m
Show logs from the last 5 minutes
aws logs filter-log-events --log-group-name /my/group --filter-pattern "ERROR"
Search log events for a pattern
aws logs get-log-events --log-group-name /my/group --log-stream-name stream-id
Read a specific log stream
aws ssm get-parameter --name /my/param --with-decryption
Read a SecureString parameter (decrypted)
aws ssm put-parameter --name /my/param --value "secret" --type SecureString --overwrite
Write or update a SecureString parameter
aws ssm get-parameters-by-path --path /my/app/ --recursive --with-decryption
Read all parameters under a path
aws ssm start-session --target i-xxxx
Open a shell on an EC2 instance without SSH (requires SSM agent)
aws ssm send-command --instance-ids i-xxxx --document-name AWS-RunShellScript --parameters '{"commands":["df -h"]}'
Run a shell command on an instance without SSH
--query "Parameter.Value" --output text to get a raw parameter value suitable for scripting — no JSON wrapping.
aws ecr get-login-password | docker login --username AWS --password-stdin <account>.dkr.ecr.<region>.amazonaws.com
Authenticate Docker with ECR
aws ecr describe-repositories
List ECR repositories
aws ecr list-images --repository-name my-repo
List image tags in a repository
aws ecs list-clusters
List ECS clusters
aws ecs list-services --cluster my-cluster
List services in a cluster
aws ecs update-service --cluster my-cluster --service my-svc --force-new-deployment
Trigger a redeployment of a service (pulls latest image)
aws ecs describe-tasks --cluster my-cluster --tasks <task-arn>
Get details of a running task
aws ec2 describe-regions --query "Regions[].RegionName" --output text
List all available AWS regions as plain text
aws s3 ls --recursive s3://bucket | awk '{sum+=$3} END {print sum/1024/1024 " MB"}'
Calculate total size of a bucket in MB
for r in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do echo $r; aws ec2 describe-instances --region $r --query "Reservations[].Instances[].InstanceId" --output text; done
List all EC2 instances across every region
aws cloudformation describe-stacks --query "Stacks[?StackStatus!='DELETE_COMPLETE'].[StackName,StackStatus]" --output table
List all non-deleted CloudFormation stacks