AWS CLI Cheat Sheet

The AWS CLI is a handy and extremely powerful tool for managing resources on AWS from a local shell. In this post we will walk through the process of setting up the AWS CLI on a Linux Machine ( I use the Linux Subsystem on Windows which gives me an Ubuntu bash). Then we begin using the AWS CLI to perform administrative tasks on the environment.

What you need

  • AWS Account
  • AWS IAM User with the correct permissions to administer EC2
  • The Access keys of said AWS IAM User with the correct permissions
  • Linux

Lets get started…

Setting Up The AWS CLI

Setup an IAM User with Permission to Administer EC2

I am always in the habit of thinking about what group a user should be in before I create the user account. In this case my new user is going to be a System Administrator with some elevated permissions. First we create a group called EC2SysAdmins and give it full access permission to EC2. Then we pull the user into that group.

  1. Log into the AWS Console
  2. Services > IAM > Groups
  3. Create New Group
    1. Group Name : EC2SysAdmins > Next Step
    2. Filter : AmazonEC2FullAccess > Check – AmazonEC2FullAccess > Next Step
    3. Review > Create Group
    4. You are returned to the Groups Screen
  4. Create a User
    1. Users > Add User
      1. User Name : EC2Admin
      2. Access Type : Check  – Programmatic Access > Next: Permissions
    2. Add user to group
      1. Check – EC2SysAdmin > Next: Review
    3. Review > Create user
    4. You then see a Success screen listing the Access key ID and the Secret Access Key. You will need  these to configure the AWS CLI later on. To make sure you have these credentials later (just in case you can not memorize long alphanumeric strings) download them.
      1. Click download CSV > Optionally, go to where the the file was downloaded and rename the file from credentials.csv to EC2Admin_AccessKey.csv or something a bit more fitting as you will refer to it shortly.

Install the AWS CLI Tools on Linux

In your bash shell (get bash set up on Windows 10)

sudo apt-get install awscli

Configure the AWS CLI Tools on Linux

In your bash shell

aws configure

Here you need to specify:

  1. Your access Key ID (refer the the csv file you downloaded)
  2. Your Secret Access Key (refer the the csv file you downloaded)
  3. Your preferred default region code (for example, us-east-1). Choose a region that is closest to you for now.
  4. Default output format. Choose json

There may be cases where you need to reconfigure the CLI tools, such as using different account credentials. You can always reconfigure any of these items later by

just re-running the aws configure command again.


AWS CLI Command Cheat Sheet  – 101

Here is a list of commands that I’ve found helpful. I’ve made an effort to describe their uses. I hope they are helpful to you too.

List Regions and Availability Zones

Let’s first see what regions are available

aws ec2 describe-regions --output table

You’ll get something like this.

|                     DescribeRegions                    |
||                        Regions                       ||
||             Endpoint              |   RegionName     ||
||  ec2.ap-south-1.amazonaws.com     |  ap-south-1      ||
||  ec2.eu-west-3.amazonaws.com      |  eu-west-3       ||
||  ec2.eu-west-2.amazonaws.com      |  eu-west-2       ||
||  ec2.eu-west-1.amazonaws.com      |  eu-west-1       ||
||  ec2.ap-northeast-2.amazonaws.com |  ap-northeast-2  ||
||  ec2.ap-northeast-1.amazonaws.com |  ap-northeast-1  ||
||  ec2.sa-east-1.amazonaws.com      |  sa-east-1       ||
||  ec2.ca-central-1.amazonaws.com   |  ca-central-1    ||
||  ec2.ap-southeast-1.amazonaws.com |  ap-southeast-1  ||
||  ec2.ap-southeast-2.amazonaws.com |  ap-southeast-2  ||
||  ec2.eu-central-1.amazonaws.com   |  eu-central-1    ||
||  ec2.us-east-1.amazonaws.com      |  us-east-1       ||
||  ec2.us-east-2.amazonaws.com      |  us-east-2       ||
||  ec2.us-west-1.amazonaws.com      |  us-west-1       ||
||  ec2.us-west-2.amazonaws.com      |  us-west-2       ||

With a list of regions in front of us, let’s take a look at which availability zones are present in a particular region. In this case lets check us-east-1.

aws ec2 describe-availability-zones --region us-east-1 --output text |grep -w AVAILABILITYZONES

We get a text list of availability zones. TAKE NOTE: Since we already configured the region in the AWS CLI, we could just omit the --region us-east-1 parameter in the command above which would return the same list of availability zones. Include the region parameter if you have not configured a preferred default region in the AWS CLI.

AVAILABILITYZONES       us-east-1       available       us-east-1a
AVAILABILITYZONES       us-east-1       available       us-east-1b
AVAILABILITYZONES       us-east-1       available       us-east-1c
AVAILABILITYZONES       us-east-1       available       us-east-1d
AVAILABILITYZONES       us-east-1       available       us-east-1e
AVAILABILITYZONES       us-east-1       available       us-east-1f

Get the Name, Instance ID, IP Addresses of EC2 Instances

Sometimes you just want a human readable list of instances that you can then take action on, like quickly stopping or starting an instance based on the InstanceID.

aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?Key==`Name`] | [0].Value, InstanceId, State.Name, PrivateIpAddress, PublicIpAddress ]' --output table

This command is handy for a tabular list of information that you can then take action on, like quickly stopping or starting an instance based on the InstanceID.

Stop and Start Instances

Starting an instance

aws ec2 start-instances --instance-ids i-XXXXXXXX --output text | grep -w CURRENTSTATE

Stopping an instance

aws ec2 stop-instances --instance-ids i-XXXXXXXX --output text | grep -w CURRENTSTATE

Launch an Instance in an Availability Zone

Spot Price History

aws ec2 describe-spot-price-history --start-time $(date -u +"%Y%m%dT%H0000") --product "Linux/UNIX" --instance-type "m3.medium" --region us-east-1 --output table



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *