What it is
A command-line interface for interacting with Amazon Web Services (AWS) services, allowing you to manage resources programmatically.
Installation
Linux
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
macOS
curl "https://awscli.amazonaws.com/awscli-exe-macos.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Windows
Download the installer from the AWS CLI documentation and run it.
Configuration
After installation, configure your AWS credentials and default region:
aws configure
This will prompt you for your AWS Access Key ID, Secret Access Key, default region name, and default output format.
Core Concepts
- Services: AWS offers a vast array of services (e.g., S3, EC2, Lambda, IAM). The AWS CLI interacts with these services.
- Resources: These are the actual components within AWS services that you manage (e.g., an S3 bucket, an EC2 instance, a Lambda function).
- Regions: AWS services are hosted in geographical regions (e.g.,
us-east-1,eu-west-2). You can specify a region for most operations. - Output Formats: The CLI can output data in various formats, commonly JSON, text, and table.
Commands / Usage
Managing EC2 Instances
Launching an instance:
aws ec2 run-instances --image-id ami-0abcdef1234567890 --instance-type t2.micro --count 1 --key-name my-key-pair --security-group-ids sg-0123456789abcdef0
Launches one t2.micro EC2 instance using a specified AMI, key pair, and security group.
Listing instances:
aws ec2 describe-instances
Retrieves a list of all EC2 instances in your default region.
Stopping an instance:
aws ec2 stop-instances --instance-ids i-0123456789abcdef0
Stops the EC2 instance with the specified ID.
Starting an instance:
aws ec2 start-instances --instance-ids i-0123456789abcdef0
Starts the EC2 instance with the specified ID.
Terminating an instance:
aws ec2 terminate-instances --instance-ids i-0123456789abcdef0
Terminates the EC2 instance with the specified ID.
Attaching a volume:
aws ec2 attach-volume --volume-id vol-0abcdef1234567890 --instance-id i-0123456789abcdef0 --device /dev/sdf
Attaches an EBS volume to an EC2 instance.
Managing S3 Buckets and Objects
Listing buckets:
aws s3 ls
Lists all S3 buckets in your account.
Creating a bucket:
aws s3 mb s3://my-unique-bucket-name-12345 --region us-east-1
Creates a new S3 bucket with a globally unique name in the specified region.
Deleting a bucket:
aws s3 rb s3://my-bucket-to-delete --force
Recursively deletes all objects in the bucket and then deletes the bucket. Use with caution.
Uploading a file:
aws s3 cp local/path/to/my-file.txt s3://my-bucket-name/destination/path/my-file.txt
Copies a local file to an S3 bucket.
Downloading a file:
aws s3 cp s3://my-bucket-name/path/to/my-file.txt local/path/to/save/my-file.txt
Copies a file from an S3 bucket to a local path.
Syncing directories:
aws s3 sync local/directory/ s3://my-bucket-name/destination/prefix/
Synchronizes the contents of a local directory to an S3 prefix.
Listing objects in a bucket:
aws s3 ls s3://my-bucket-name/
Lists all objects within a specified S3 bucket.
Deleting an object:
aws s3 rm s3://my-bucket-name/path/to/object.txt
Deletes a specific object from an S3 bucket.
Managing IAM Users
Listing users:
aws iam list-users
Lists all IAM users in your account.
Creating a user:
aws iam create-user --user-name my-new-iam-user
Creates a new IAM user.
Attaching a policy to a user:
aws iam attach-user-policy --user-name my-iam-user --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
Attaches a managed IAM policy to a user.
Managing Lambda Functions
Listing functions:
aws lambda list-functions
Lists all Lambda functions in your account.
Invoking a function:
aws lambda invoke --function-name my-lambda-function --payload '{"key1": "value1"}' output.json
Invokes a Lambda function with the specified payload and saves the response to output.json.
Deploying a function package:
aws lambda update-function-code --function-name my-lambda-function --zip-file fileb://path/to/function.zip
Updates the code for a Lambda function from a zip file.
General Usage Flags
Specifying a region:
aws ec2 describe-instances --region us-west-2
Performs the operation in the us-west-2 region instead of the default.
Specifying an output format:
aws s3 ls --output text
Outputs the result in plain text format.
Filtering results (using JMESPath):
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*].InstanceId'
Retrieves only the IDs of running EC2 instances.
Querying specific fields:
aws s3 ls --query 'Buckets[*].Name'
Lists only the names of S3 buckets.
Specifying a profile:
aws --profile my-aws-profile ec2 describe-instances
Uses the AWS credentials and configuration defined in the my-aws-profile section of your ~/.aws/credentials or ~/.aws/config file.
Specifying a profile and region:
aws --profile production --region eu-central-1 s3 ls
Combines profile and region specification.
Common Patterns
Finding the public IP of a running EC2 instance:
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text
Lists the public IP addresses of all running EC2 instances.
Listing all objects in an S3 bucket and their sizes:
aws s3 ls s3://my-bucket-name/ --recursive --human-readable --summarize
Provides a detailed listing of objects, including sizes, in a human-readable format.
Uploading all files from a local directory to S3:
aws s3 sync ./my-local-data/ s3://my-bucket-name/data/
Copies all files and subdirectories from my-local-data to the data/ prefix in my-bucket-name.
Downloading all objects from an S3 prefix to a local directory:
aws s3 sync s3://my-bucket-name/data/ ./my-local-data/
Copies all objects from the data/ prefix in my-bucket-name to the my-local-data directory.
Getting the ARN of an IAM user:
aws iam get-user --user-name my-iam-user --query 'User.Arn' --output text
Retrieves the Amazon Resource Name (ARN) for a specific IAM user.
Counting the number of running EC2 instances:
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*]' | jq 'length'
Uses jq (a JSON processor) to count the number of running instances.
Getting the latest AMI ID for Amazon Linux 2:
aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" "Name=state,Values=available" --query 'sort_by(Images, &Name)[-1].ImageId' --output text
Finds the most recent Amazon Linux 2 AMI ID.
Gotchas
- Permissions: The AWS CLI operates with the permissions of the configured AWS credentials. If you encounter "Access Denied" errors, check your IAM policies.
- Region Specificity: Many operations are region-specific. If a command doesn’t work as expected, ensure you’ve specified the correct region or that your default region is set appropriately.
- Resource Naming: S3 bucket names must be globally unique. Other resource names might have specific constraints.
- Idempotency: Some commands are idempotent (running them multiple times has the same effect as running them once), while others are not. Be mindful when scripting.
--forceflag: Use flags like--forcewith caution, especially when deleting resources. There’s often no going back.- Output Parsing: While JSON output is standard, parsing it with shell tools requires care. Using the
--queryargument with JMESPath or piping tojqis often more robust than simple text parsing. aws configurevs. Environment Variables: Credentials can be set viaaws configure, environment variables (AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_DEFAULT_REGION), or IAM roles (on EC2 instances or ECS tasks). The CLI prioritizes them in a specific order.- Service Quotas: Be aware of AWS service quotas (limits). You might hit these limits unexpectedly when performing operations at scale.