AWS cli cheatsheet

Section 1: General
aws [options]   [parameters]
Options:
Turn on debug logging.
--debug (boolean)
Override command's default URL with the given URL.
--endpoint-url (string)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-verify-ssl (boolean)
Output format
--output (json/text/table)
A JMESPath query to use in filtering the response data.
--query (string)
Use a specific profile from your credential file.
--profile (string)
The region to use. Overrides config/env settings.
--region (string)
Display the version of this tool.
--version (string)
Section 2: Configure
Configures AWS CLI with AWS access keys. aws configure
Section 3: IAM
Lists all the iam users.
aws iam list-users
Lists all the iam groups.
aws iam list-groups
Lists all the iam roles.
aws iam list-roles
Lists all the iam policies.
aws iam list-policies
Creates an IAM user in the current account.
aws iam create-user --user-name 
Creates an IAM group in the current account.
aws iam create-group --group-name 
Creates an IAM role in the current account.
aws iam create-role --role-name  --assume-role-policy-document file://
Creates an IAM policy in the current account.
aws iam create-policy --policy-name  --policy-document file://
Lists policies attached to the group.
aws iam list-attached-group-policies --group-name 
Lists policies attached to the role.
aws iam list-attached-role-policies --role-name 
Lists policies attached to the user.
aws iam list-attached-user-policies --user-name 
Lists managed policies attached to the group.
aws iam list-group-policies --group-name 
Lists managed policies attached to the user.
aws iam list-user-policies --user-name 
Lists managed policies attached to the role.
aws iam list-role-policies --role-name 
Lists groups attached to the user.
aws iam list-groups-for-user --user-name 
Lists signing certificates for the user.
aws iam list-signing-certificates --user-name 
Lists public ssh keys for the user.
aws iam list-ssh-public-keys --user-name 
Lists all virtual-mfa devices present.
aws iam list-virtual-mfa-devices
Retrieves information about the specified managed policy
aws iam get-policy --policy-arn  --version-id 
Retrieves information about the specified version of the specified managed policy, including the policy document.
aws iam get-policy-version --policy-arn arn:aws:iam::123456789012:policy/MyPolicy --version-id v2
Retrieves information about the specified IAM user.
aws iam get-user --user-name 
Retrieves information about the specified role.
aws iam get-role --role-name 
Retrieves information about the specified group.
aws iam get-group --group-name 
Retrieves the specified inline policy document that is embedded in the specified IAM user.
aws iam get-user-policy --user-name  --policy-name 
Retrieves the specified inline policy document that is embedded with the specified IAM role.
aws iam get-role-policy --role-name  --policy-name 
Retrieves the specified inline policy document that is embedded with the specified IAM group.
aws iam get-group-policy --group-name  --policy-name 
Attaches the specified managed policy to the specified IAM group.
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --group-name Finance
Attaches the specified managed policy to the specified IAM role.
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --role-name ReadOnlyRole
Attaches the specified managed policy to the specified user.
aws iam attach-user-policy --policy-arn arn:aws:iam:ACCOUNT-ID:aws:policy/AdministratorAccess --user-name Alice
Creates a password for the specified IAM user.
aws iam create-login-profile --user-name  --password 
Retrieves the username and password creation date for the specified IAM user.
aws iam get-login-profile --user-name 
Lists the instance profiles that have the specified path prefix.
aws iam list-instance-profiles
Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role.
aws iam get-instance-profile --instance-profile-name ExampleInstanceProfile
Adds or updates an inline policy document that is embedded in the specified IAM group.
aws iam put-group-policy --group-name  --policy-document file:// --policy-name 
Adds or updates an inline policy document that is embedded in the specified IAM role.
aws iam put-role-policy --role-name  --policy-name  --policy-document file://
Adds or updates an inline policy document that is embedded in the specified IAM user.
aws iam put-user-policy --user-name  --policy-name  --policy-document file://
Removes the specified user from the specified group.
aws iam remove-user-from-group --user-name Bob --group-name Admins
Updates the name and/or the path of the specified IAM group.
aws iam update-group --group-name Test --new-group-name Test-1
Section 4: API Gateway
Gets information about the current Account resource.
aws apigateway get-account
Lists the RestApis resources for your collection.
aws apigateway get-rest-apis
Lists the RestApi resource in the collection.
aws apigateway get-rest-api
Gets information about the current ApiKeys resource.
aws apigateway get-api-keys
Gets information about the current ApiKey resource.
aws apigateway get-api-key --api-key 
Describe an existing Method resource.
aws apigateway get-method --rest-api-id  --http-method  --resource-id 
Describes a MethodResponse resource.
aws apigateway get-method-response --rest-api-id  --resource-id  --http-method  --status-code 
Describe an existing Authorizers resource.
aws apigateway get-authorizers --rest-api-id 
Describe an existing Authorizer resource.
aws apigateway get-authorizer --rest-api-id  --authorizer-id 
Gets a collection of ClientCertificate resources.
aws apigateway get-client-certificates
Lists information about a collection of Resource resources.
aws apigateway get-resources --rest-api-id 
Lists information about a resource.
aws apigateway get-resource --rest-api-id  --resource-id 
Gets a collection of ClientCertificate resources.
aws apigateway get-client-certificates
Gets information about the current ClientCertificate resource.
aws apigateway get-client-certificate --client-certificate-id 
Get the integration settings.
aws apigateway get-integration --rest-api-id  --resource-id  --http-method 
Represents a get integration response.
aws apigateway get-integration-response --rest-api-id  --resource-id  --http-method  --status-code 200
Gets all the usage plans of the caller's account.
aws apigateway get-usage-plans
Gets a usage plan of a given plan identifier.
aws apigateway get-usage-plan --usage-plan-id 
Gets all the usage plan keys representing the API keys added to a specified usage plan.
aws apigateway get-usage-plan-keys --usage-plan-id 
Gets a usage plan key of a given key identifier.
aws apigateway get-usage-plan-key --usage-plan-id  --key-id 
Add a method to an existing Resource resource.
aws apigateway put-method --rest-api-id  --resource-id  --http-method  --authorization-type "NONE" --no-api-key-required --request-parameters "method.request.header.custom-header=false"
updates an existing API with an input of external API definitions.
aws apigateway put-rest-api --rest-api-id  --mode overwrite --body 'file:///'
Create an ApiKey resource.
aws apigateway create-api-key --name '' --description '' --enabled --stage-keys restApiId='',stageName=''
Creates a new RestApi resource.
aws apigateway create-rest-api --name '' --description ''
Changes information about an ApiKey resource.
aws apigateway update-api-key --api-key 
Changes information about the specified API.
aws apigateway update-rest-api --rest-api-id 
Section 5: Lambda
Returns a list of aliases for a Lambda function.
aws lambda list-aliases --function-name 
Returns details about a Lambda function alias.
aws lambda get-alias --function-name  --name 
Returns a list of Lambda functions, with the version-specific configuration of each.
aws lambda list-functions
Returns information about the function or function version.
aws lambda get-function --function-name 
Returns the resource-based IAM policy for a function, version, or alias.
aws lambda get-policy --function-name 
Lists AWS Lambda layers and shows information about the latest version of each.
aws lambda list-layers
Returns information about a version of an AWS Lambda layer.
aws lambda get-layer-version --layer-name  --version-number 
Returns information about a version of an AWS Lambda layer
aws lambda get-layer-version-by-arn --arn 
Returns the permission policy for a version of an AWS Lambda layer.
aws lambda get-layer-version-policy --layer-name  --version-number 
Lists event source mappings.
aws lambda list-event-source-mappings
Invokes a Lambda function.
aws lambda invoke --function-name 
Retrieves details about your account's limits and usage in an AWS Region.
aws lambda get-account-settings
Returns a list of code signing configurations.
aws lambda list-code-signing-configs
Returns information about the specified code signing configuration.
aws lambda get-code-signing-config --code-signing-config-arn 
Returns a list of versions , with the version-specific configuration of each.
aws lambda list-versions-by-function --function-name 
Creates a Lambda function.
aws lambda create-function --function-name  --runtime  --zip-file fileb:// --handler evil.handler --role 
Creates an alias for a Lambda function version.
aws lambda --function-name  --name  --function-version 
Creates an AWS Lambda layer from a ZIP archive.
aws lambda publish-layer-version --layer-name 
Creates a version from the current code and configuration of a function.
aws lambda publish-version --function-name 
Updates the configuration of a Lambda function alias.
aws lambda update-alias --function-name 
Updates an event source mapping.
aws lambda update-event-source-mapping --uuid 
Deletes a Lambda function alias.
aws lambda delete-alias --function-name  --name 
Deletes a Lambda function.
aws lambda delete-function --function-name 
Deletes a version of an AWS Lambda layer.
aws lambda delete-layer-version --layer-name  --version-number 
Deletes an event source mapping.
aws lambda delete-event-source-mapping --uuid 
Section 6: Databases
RDS:
Returns a list of the available DB engines.
aws rds describe-db-engine-versions
Lists all of the attributes for a customer account.
aws rds describe-account-attributes
Returns information about provisioned Aurora DB clusters.
aws rds describe-db-clusters
Returns a list of DBClusterParameterGroup descriptions.
aws rds describe-db-cluster-parameter-groups
Returns the detailed parameter list for a particular DB cluster parameter group.
aws rds describe-db-cluster-parameters --db-cluster-parameter-group-name 
Returns information about DB cluster snapshots.
aws rds describe-db-cluster-snapshots
Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.
aws rds describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier 
Returns information about provisioned RDS instances.
aws rds describe-db-instances
Returns a list of DBSecurityGroup descriptions.
aws rds describe-db-security-groups
Returns a list of DBSubnetGroup descriptions.
aws rds describe-db-subnet-groups
Lists the set of CA certificates provided by Amazon RDS for this AWS account.
aws rds describe-certificates
Returns information about endpoints for an Amazon Aurora DB cluster.
aws rds describe-db-cluster-endpoints
Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots
aws rds describe-events
Returns a list of the source AWS Regions where the current AWS Region can create a read replica, copy a DB snapshot from, or replicate automated backups from.
aws rds describe-source-regions
Returns a list of DB log files for the DB instance.
aws rds describe-db-log-files --db-instance-identifier 
Modifies an existing option group.
aws rds add-option-to-option-group --option-group-name 
Associates an Identity and Access Management (IAM) role from an Amazon Aurora DB cluster.
aws rds add-role-to-db-cluster --db-cluster-identifier 
Creates a new Amazon Aurora DB cluster.
aws rds create-db-cluster --db-cluster-identifier  --engine 
Creates a new DB instance.
aws rds create-db-instance --db-cluster-identifier  --engine  --db-instance-class 
Creates a snapshot of a DB instance.
aws rds create-db-snapshot --db-snapshot-identifier  --db-instance-identifier 
Creates a new DB subnet group.
aws rds create-db-subnet-group --db-subnet-group-name  --db-subnet-group-description  --subnet-ids 
Override the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances temporarily.
aws rds modify-certificates --certificate-identifier 
Modify a setting for an Amazon Aurora DB cluster.
aws rds modify-db-cluster --db-cluster-identifier 
Modifies settings for a DB instance.
aws rds modify-db-instance --db-instance-identifier 
Updates a manual DB snapshot with a new engine version.
aws rds modify-db-snapshot --db-snapshot-identifier  --engine-version 
Creates a new DB cluster from a DB snapshot or DB cluster snapshot.
aws rds restore-db-cluster-from-snapshot --db-cluster-identifier  --snapshot-identifier  --engine 
Stops an Amazon RDS DB instance.
aws rds stop-db-instance --db-instance-identifier 
Document DB:
Creates a new Amazon DocumentDB cluster.
aws docdb create-db-cluster --db-cluster-identifier  --db-cluster-identifier --engine  --master-username  --master-user-password  --preferred-maintenance-window 
Creates a new DB instance.
aws docdb create-db-instance --db-cluster-identifier  --engine  --db-instance-class 
Returns information about provisioned DocumentDB instances.
aws docdb describe-db-instances
Returns information about provisioned Amazon DocumentDB clusters.
aws rds describe-db-clusters
Returns a list of DBClusterParameterGroup descriptions.
aws docdb describe-db-cluster-parameter-groups
Returns the detailed parameter list for a particular DB cluster parameter group.
aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name 
Returns information about DB cluster snapshots.
aws docdb describe-db-cluster-snapshots
Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.
aws docdb describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier 
Returns a list of the available engines.
aws docdb describe-db-engine-versions
Returns a list of DBSubnetGroup descriptions.
aws docdb describe-db-subnet-groups
Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots.
aws docdb describe-events
DynamoDB:
To perform batch reads and writes on data stored in DynamoDB.
aws dynamodb batch-execute-statement --statements 
The BatchGetItem operation returns the attributes of one or more items from one or more tables.
aws dynamodb batch-get-item --request-items 
Puts or deletes multiple items in one or more tables.
aws dynamodb batch-write-item --request-items 
Adds a new table to your account. In an AWS account.
aws dynamodb create-table --attribute-definitions  --table-name  --key-schema 
Describes an existing backup of a table.
aws dynamodb describe-backup --backup-arn 
Returns information about the table, including the current status of the table.
aws dynamodb describe-table --table-name 
Returns the current provisioned-capacity quotas for your AWS account in a Region.
aws dynamodb describe-limits
This operation allows you to perform reads and singleton writes on data stored in DynamoDB.
aws dynamodb execute-statement --statement 
This operation allows you to perform transactional reads or writes on data stored in DynamoDB.
aws dynamodb execute-transaction --transact-statements 
The GetItem operation returns a set of attributes for the item with the given primary key.
aws dynamodb get-item --table-name  --key 
List backups associated with an AWS account.
aws dynamodb list-backups
Lists completed exports within the past 90 days.
aws dynamodb list-exports
Returns an array of table names associated with the current account and endpoint.
aws dynamodb list-tables
Creates a new item, or replaces an old item with a new item.
aws dynamodb put-item --table-name  --item 
Creates a new table from an existing backup.
aws dynamodb restore-table-from-backup --target-table-name  --backup-arn 
Returns one or more items and item attributes by accessing every item in a table
aws dynamodb scan --table-name 
Edits an existing item's attributes, or adds a new item to the table if it does not already exist.
aws dynamodb update-item --table-name  --key 
Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table.
aws dynamodb update-table --table-name 
Section 6: S3
Copies a local file or S3 object to another location locally or in S3.
aws s3 cp   or   or  
List S3 objects and common prefixes under a prefix or all S3 buckets.
aws s3 ls 
Creates an S3 bucket.
aws s3 mb 
Moves a local file or S3 object to another location locally or in S3.
aws s3 mv   or   or  
Generate a pre-signed URL for an Amazon S3 object.
aws s3 presign 
Deletes an empty S3 bucket.
aws s3 rb 
Deletes an S3 object.
aws s3 rm 
Syncs directories and S3 prefixes.
aws s3 sync   or   or  
Set the website configuration for a bucket.
aws s3 website 
List buckets.
aws s3api list-buckets
List bucket objects.
aws s3api list-objects --bucket 
Retrieves bucket location.
aws s3api get-bucket-location --bucket 
Returns some or all (up to 1,000) of the objects in a bucket.
aws s3api list-objects-v2 --bucket data-extractor-repo
List object versions.
aws s3api list-object-versions --bucket 
Return the ACL of the bucket.
aws s3api get-bucket-acl --bucket 
Returns the cors configuration information set for the bucket.
aws s3api get-bucket-cors --bucket 
Returns the logging status of a bucket and the permissions users have to view and modify that status.
aws s3api get-bucket-logging --bucket 
Retrieves the policy status for an Amazon S3 bucket.
aws s3api get-bucket-policy-status --bucket 
Returns the policy of a specified bucket.
aws s3api get-bucket-policy --bucket 
Retrieves OwnershipControls for an Amazon S3 bucket.
aws s3api get-bucket-ownership-controls --bucket 
Retrieves objects from Amazon S3.
aws s3api get-object --bucket  --key  
Returns the access control list (ACL) of an object.
aws s3api get-object-acl --bucket  --key 
Returns the tag-set of an object.
aws s3api get-object-tagging --bucket  --key 
Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket.
aws s3api get-public-access-block --bucket 
Sets the permissions on an existing bucket using access control lists (ACL).
aws s3api put-bucket-acl --bucket  --access-control-policy file://
Sets the cors configuration for the bucket.
aws s3api put-bucket-cors --bucket  --cors-configuration 
Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
aws s3api put-bucket-policy --bucket  --policy file://
Use tags to organize your AWS bill to reflect your own cost structure.
aws s3api put-bucket-tagging --bucket  --tagging 
Adds an object to a bucket.
aws s3api put-object --bucket  --key  --body 
Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object for s3 bucket.
aws s3api put-object-acl --bucket  --key  --access-control-policy file://
Sets the supplied tag-set to an object that already exists in a bucket.
aws s3api put-object-tagging --bucket  --key  --tagging 
Creates or modifies OwnershipControls for an Amazon S3 bucket.
aws s3api put-bucket-ownership-controls --bucket  --ownership-controls 
Creates a copy of an object that is already stored in Amazon S3.
aws s3api copy-object --bucket  --copy-source  --key 
Creates a new S3 bucket.
aws s3api create-bucket --bucket 
Deletes the S3 bucket.
aws s3api delete-bucket --bucket 
Deletes the S3 bucket cors configuration information set.
aws s3api delete-bucket-cors --bucket 
Delete the policy of a specified bucket.
aws s3api delete-bucket-policy --bucket 
Deletes the tags from the bucket.
aws s3api delete-bucket-tagging --bucket 
Removes the null version (if there is one) of an object and inserts a delete marker.
aws s3api delete-bucket-tagging --bucket  --key 
Delete multiple objects from a bucket using a single HTTP request.
aws s3api delete-bucket-tagging --bucket  --delete file://
Removes OwnershipControls for an Amazon S3 bucket.
aws s3api delete-bucket-ownership-controls --bucket 
SQL vs NoSQL Cheetsheet Cloud
Tools to install
Last modified 1yr ago