# AWS cli cheatsheet ### Section 1: General aws \[options] \[parameters] Options: ## Turn on debug logging. \--debug (boolean) ## Override command's default URL with the given URL. \--endpoint-url (string) ## By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates. \--no-verify-ssl (boolean) ## Output format \--output (json/text/table) ## A JMESPath query to use in filtering the response data. \--query (string) ## Use a specific profile from your credential file. \--profile (string) ## The region to use. Overrides config/env settings. \--region (string) ## Display the version of this tool. \--version (string) ### Section 2: Configure Configures AWS CLI with AWS access keys. aws configure ### Section 3: IAM ## Lists all the iam users. aws iam list-users ## Lists all the iam groups. aws iam list-groups ## Lists all the iam roles. aws iam list-roles ## Lists all the iam policies. aws iam list-policies ## Creates an IAM user in the current account. aws iam create-user --user-name ## Creates an IAM group in the current account. aws iam create-group --group-name ## Creates an IAM role in the current account. aws iam create-role --role-name --assume-role-policy-document file:// ## Creates an IAM policy in the current account. aws iam create-policy --policy-name --policy-document file:// ## Lists policies attached to the group. aws iam list-attached-group-policies --group-name ## Lists policies attached to the role. aws iam list-attached-role-policies --role-name ## Lists policies attached to the user. aws iam list-attached-user-policies --user-name ## Lists managed policies attached to the group. aws iam list-group-policies --group-name ## Lists managed policies attached to the user. aws iam list-user-policies --user-name ## Lists managed policies attached to the role. aws iam list-role-policies --role-name ## Lists groups attached to the user. aws iam list-groups-for-user --user-name ## Lists signing certificates for the user. aws iam list-signing-certificates --user-name ## Lists public ssh keys for the user. aws iam list-ssh-public-keys --user-name ## Lists all virtual-mfa devices present. aws iam list-virtual-mfa-devices ## Retrieves information about the specified managed policy aws iam get-policy --policy-arn --version-id ## Retrieves information about the specified version of the specified managed policy, including the policy document. aws iam get-policy-version --policy-arn arn:aws:iam::123456789012:policy/MyPolicy --version-id v2 ## Retrieves information about the specified IAM user. aws iam get-user --user-name ## Retrieves information about the specified role. aws iam get-role --role-name ## Retrieves information about the specified group. aws iam get-group --group-name ## Retrieves the specified inline policy document that is embedded in the specified IAM user. aws iam get-user-policy --user-name --policy-name ## Retrieves the specified inline policy document that is embedded with the specified IAM role. aws iam get-role-policy --role-name --policy-name ## Retrieves the specified inline policy document that is embedded with the specified IAM group. aws iam get-group-policy --group-name --policy-name ## Attaches the specified managed policy to the specified IAM group. aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --group-name Finance ## Attaches the specified managed policy to the specified IAM role. aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --role-name ReadOnlyRole ## Attaches the specified managed policy to the specified user. aws iam attach-user-policy --policy-arn arn:aws:iam:ACCOUNT-ID:aws:policy/AdministratorAccess --user-name Alice ## Creates a password for the specified IAM user. aws iam create-login-profile --user-name --password ## Retrieves the username and password creation date for the specified IAM user. aws iam get-login-profile --user-name ## Lists the instance profiles that have the specified path prefix. aws iam list-instance-profiles ## Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. aws iam get-instance-profile --instance-profile-name ExampleInstanceProfile ## Adds or updates an inline policy document that is embedded in the specified IAM group. aws iam put-group-policy --group-name --policy-document file:// --policy-name ## Adds or updates an inline policy document that is embedded in the specified IAM role. aws iam put-role-policy --role-name --policy-name --policy-document file:// ## Adds or updates an inline policy document that is embedded in the specified IAM user. aws iam put-user-policy --user-name --policy-name --policy-document file:// ## Removes the specified user from the specified group. aws iam remove-user-from-group --user-name Bob --group-name Admins ## Updates the name and/or the path of the specified IAM group. aws iam update-group --group-name Test --new-group-name Test-1 ### Section 4: API Gateway ## Gets information about the current Account resource. aws apigateway get-account ## Lists the RestApis resources for your collection. aws apigateway get-rest-apis ## Lists the RestApi resource in the collection. aws apigateway get-rest-api ## Gets information about the current ApiKeys resource. aws apigateway get-api-keys ## Gets information about the current ApiKey resource. aws apigateway get-api-key --api-key ## Describe an existing Method resource. aws apigateway get-method --rest-api-id --http-method --resource-id ## Describes a MethodResponse resource. aws apigateway get-method-response --rest-api-id --resource-id --http-method --status-code ## Describe an existing Authorizers resource. aws apigateway get-authorizers --rest-api-id ## Describe an existing Authorizer resource. aws apigateway get-authorizer --rest-api-id --authorizer-id ## Gets a collection of ClientCertificate resources. aws apigateway get-client-certificates ## Lists information about a collection of Resource resources. aws apigateway get-resources --rest-api-id ## Lists information about a resource. aws apigateway get-resource --rest-api-id --resource-id ## Gets a collection of ClientCertificate resources. aws apigateway get-client-certificates ## Gets information about the current ClientCertificate resource. aws apigateway get-client-certificate --client-certificate-id ## Get the integration settings. aws apigateway get-integration --rest-api-id --resource-id --http-method ## Represents a get integration response. aws apigateway get-integration-response --rest-api-id --resource-id --http-method --status-code 200 ## Gets all the usage plans of the caller's account. aws apigateway get-usage-plans ## Gets a usage plan of a given plan identifier. aws apigateway get-usage-plan --usage-plan-id ## Gets all the usage plan keys representing the API keys added to a specified usage plan. aws apigateway get-usage-plan-keys --usage-plan-id ## Gets a usage plan key of a given key identifier. aws apigateway get-usage-plan-key --usage-plan-id --key-id ## Add a method to an existing Resource resource. aws apigateway put-method --rest-api-id --resource-id --http-method --authorization-type "NONE" --no-api-key-required --request-parameters "method.request.header.custom-header=false" ## updates an existing API with an input of external API definitions. aws apigateway put-rest-api --rest-api-id --mode overwrite --body 'file:///' ## Create an ApiKey resource. aws apigateway create-api-key --name '' --description '' --enabled --stage-keys restApiId='',stageName='' ## Creates a new RestApi resource. aws apigateway create-rest-api --name '' --description '' ## Changes information about an ApiKey resource. aws apigateway update-api-key --api-key ## Changes information about the specified API. aws apigateway update-rest-api --rest-api-id ### Section 5: Lambda ## Returns a list of aliases for a Lambda function. aws lambda list-aliases --function-name ## Returns details about a Lambda function alias. aws lambda get-alias --function-name --name ## Returns a list of Lambda functions, with the version-specific configuration of each. aws lambda list-functions ## Returns information about the function or function version. aws lambda get-function --function-name ## Returns the resource-based IAM policy for a function, version, or alias. aws lambda get-policy --function-name ## Lists AWS Lambda layers and shows information about the latest version of each. aws lambda list-layers ## Returns information about a version of an AWS Lambda layer. aws lambda get-layer-version --layer-name --version-number ## Returns information about a version of an AWS Lambda layer aws lambda get-layer-version-by-arn --arn ## Returns the permission policy for a version of an AWS Lambda layer. aws lambda get-layer-version-policy --layer-name --version-number ## Lists event source mappings. aws lambda list-event-source-mappings ## Invokes a Lambda function. aws lambda invoke --function-name ## Retrieves details about your account's limits and usage in an AWS Region. aws lambda get-account-settings ## Returns a list of code signing configurations. aws lambda list-code-signing-configs ## Returns information about the specified code signing configuration. aws lambda get-code-signing-config --code-signing-config-arn ## Returns a list of versions , with the version-specific configuration of each. aws lambda list-versions-by-function --function-name ## Creates a Lambda function. aws lambda create-function --function-name --runtime --zip-file fileb:// --handler evil.handler --role ## Creates an alias for a Lambda function version. aws lambda --function-name --name --function-version ## Creates an AWS Lambda layer from a ZIP archive. aws lambda publish-layer-version --layer-name ## Creates a version from the current code and configuration of a function. aws lambda publish-version --function-name ## Updates the configuration of a Lambda function alias. aws lambda update-alias --function-name ## Updates an event source mapping. aws lambda update-event-source-mapping --uuid ## Deletes a Lambda function alias. aws lambda delete-alias --function-name --name ## Deletes a Lambda function. aws lambda delete-function --function-name ## Deletes a version of an AWS Lambda layer. aws lambda delete-layer-version --layer-name --version-number ## Deletes an event source mapping. aws lambda delete-event-source-mapping --uuid ### Section 6: Databases ### RDS: ## Returns a list of the available DB engines. aws rds describe-db-engine-versions ## Lists all of the attributes for a customer account. aws rds describe-account-attributes ## Returns information about provisioned Aurora DB clusters. aws rds describe-db-clusters ## Returns a list of DBClusterParameterGroup descriptions. aws rds describe-db-cluster-parameter-groups ## Returns the detailed parameter list for a particular DB cluster parameter group. aws rds describe-db-cluster-parameters --db-cluster-parameter-group-name ## Returns information about DB cluster snapshots. aws rds describe-db-cluster-snapshots ## Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot. aws rds describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier ## Returns information about provisioned RDS instances. aws rds describe-db-instances ## Returns a list of DBSecurityGroup descriptions. aws rds describe-db-security-groups ## Returns a list of DBSubnetGroup descriptions. aws rds describe-db-subnet-groups ## Lists the set of CA certificates provided by Amazon RDS for this AWS account. aws rds describe-certificates ## Returns information about endpoints for an Amazon Aurora DB cluster. aws rds describe-db-cluster-endpoints ## Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots aws rds describe-events ## Returns a list of the source AWS Regions where the current AWS Region can create a read replica, copy a DB snapshot from, or replicate automated backups from. aws rds describe-source-regions ## Returns a list of DB log files for the DB instance. aws rds describe-db-log-files --db-instance-identifier ## Modifies an existing option group. aws rds add-option-to-option-group --option-group-name ## Associates an Identity and Access Management (IAM) role from an Amazon Aurora DB cluster. aws rds add-role-to-db-cluster --db-cluster-identifier ## Creates a new Amazon Aurora DB cluster. aws rds create-db-cluster --db-cluster-identifier --engine ## Creates a new DB instance. aws rds create-db-instance --db-cluster-identifier --engine --db-instance-class ## Creates a snapshot of a DB instance. aws rds create-db-snapshot --db-snapshot-identifier --db-instance-identifier ## Creates a new DB subnet group. aws rds create-db-subnet-group --db-subnet-group-name --db-subnet-group-description --subnet-ids ## Override the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances temporarily. aws rds modify-certificates --certificate-identifier ## Modify a setting for an Amazon Aurora DB cluster. aws rds modify-db-cluster --db-cluster-identifier ## Modifies settings for a DB instance. aws rds modify-db-instance --db-instance-identifier ## Updates a manual DB snapshot with a new engine version. aws rds modify-db-snapshot --db-snapshot-identifier --engine-version ## Creates a new DB cluster from a DB snapshot or DB cluster snapshot. aws rds restore-db-cluster-from-snapshot --db-cluster-identifier --snapshot-identifier --engine ## Stops an Amazon RDS DB instance. aws rds stop-db-instance --db-instance-identifier ### Document DB: ## Creates a new Amazon DocumentDB cluster. aws docdb create-db-cluster --db-cluster-identifier --db-cluster-identifier --engine --master-username --master-user-password --preferred-maintenance-window ## Creates a new DB instance. aws docdb create-db-instance --db-cluster-identifier --engine --db-instance-class ## Returns information about provisioned DocumentDB instances. aws docdb describe-db-instances ## Returns information about provisioned Amazon DocumentDB clusters. aws rds describe-db-clusters ## Returns a list of DBClusterParameterGroup descriptions. aws docdb describe-db-cluster-parameter-groups ## Returns the detailed parameter list for a particular DB cluster parameter group. aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name ## Returns information about DB cluster snapshots. aws docdb describe-db-cluster-snapshots ## Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot. aws docdb describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier ## Returns a list of the available engines. aws docdb describe-db-engine-versions ## Returns a list of DBSubnetGroup descriptions. aws docdb describe-db-subnet-groups ## Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots. aws docdb describe-events ### DynamoDB: ## To perform batch reads and writes on data stored in DynamoDB. aws dynamodb batch-execute-statement --statements ## The BatchGetItem operation returns the attributes of one or more items from one or more tables. aws dynamodb batch-get-item --request-items ## Puts or deletes multiple items in one or more tables. aws dynamodb batch-write-item --request-items ## Adds a new table to your account. In an AWS account. aws dynamodb create-table --attribute-definitions --table-name --key-schema ## Describes an existing backup of a table. aws dynamodb describe-backup --backup-arn ## Returns information about the table, including the current status of the table. aws dynamodb describe-table --table-name ## Returns the current provisioned-capacity quotas for your AWS account in a Region. aws dynamodb describe-limits ## This operation allows you to perform reads and singleton writes on data stored in DynamoDB. aws dynamodb execute-statement --statement ## This operation allows you to perform transactional reads or writes on data stored in DynamoDB. aws dynamodb execute-transaction --transact-statements ## The GetItem operation returns a set of attributes for the item with the given primary key. aws dynamodb get-item --table-name --key ## List backups associated with an AWS account. aws dynamodb list-backups ## Lists completed exports within the past 90 days. aws dynamodb list-exports ## Returns an array of table names associated with the current account and endpoint. aws dynamodb list-tables ## Creates a new item, or replaces an old item with a new item. aws dynamodb put-item --table-name --item ## Creates a new table from an existing backup. aws dynamodb restore-table-from-backup --target-table-name --backup-arn ## Returns one or more items and item attributes by accessing every item in a table aws dynamodb scan --table-name ## Edits an existing item's attributes, or adds a new item to the table if it does not already exist. aws dynamodb update-item --table-name --key ## Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table. aws dynamodb update-table --table-name ### Section 6: S3 ## Copies a local file or S3 object to another location locally or in S3. aws s3 cp or or ## List S3 objects and common prefixes under a prefix or all S3 buckets. aws s3 ls ## Creates an S3 bucket. aws s3 mb ## Moves a local file or S3 object to another location locally or in S3. aws s3 mv or or ## Generate a pre-signed URL for an Amazon S3 object. aws s3 presign ## Deletes an empty S3 bucket. aws s3 rb ## Deletes an S3 object. aws s3 rm ## Syncs directories and S3 prefixes. aws s3 sync or or ## Set the website configuration for a bucket. aws s3 website ## List buckets. aws s3api list-buckets ## List bucket objects. aws s3api list-objects --bucket ## Retrieves bucket location. aws s3api get-bucket-location --bucket ## Returns some or all (up to 1,000) of the objects in a bucket. aws s3api list-objects-v2 --bucket data-extractor-repo ## List object versions. aws s3api list-object-versions --bucket ## Return the ACL of the bucket. aws s3api get-bucket-acl --bucket ## Returns the cors configuration information set for the bucket. aws s3api get-bucket-cors --bucket ## Returns the logging status of a bucket and the permissions users have to view and modify that status. aws s3api get-bucket-logging --bucket ## Retrieves the policy status for an Amazon S3 bucket. aws s3api get-bucket-policy-status --bucket ## Returns the policy of a specified bucket. aws s3api get-bucket-policy --bucket ## Retrieves OwnershipControls for an Amazon S3 bucket. aws s3api get-bucket-ownership-controls --bucket ## Retrieves objects from Amazon S3. aws s3api get-object --bucket --key ## Returns the access control list (ACL) of an object. aws s3api get-object-acl --bucket --key ## Returns the tag-set of an object. aws s3api get-object-tagging --bucket --key ## Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. aws s3api get-public-access-block --bucket ## Sets the permissions on an existing bucket using access control lists (ACL). aws s3api put-bucket-acl --bucket --access-control-policy file:// ## Sets the cors configuration for the bucket. aws s3api put-bucket-cors --bucket --cors-configuration ## Applies an Amazon S3 bucket policy to an Amazon S3 bucket. aws s3api put-bucket-policy --bucket --policy file:// ## Use tags to organize your AWS bill to reflect your own cost structure. aws s3api put-bucket-tagging --bucket --tagging ## Adds an object to a bucket. aws s3api put-object --bucket --key --body ## Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object for s3 bucket. aws s3api put-object-acl --bucket --key --access-control-policy file:// ## Sets the supplied tag-set to an object that already exists in a bucket. aws s3api put-object-tagging --bucket --key --tagging ## Creates or modifies OwnershipControls for an Amazon S3 bucket. aws s3api put-bucket-ownership-controls --bucket --ownership-controls ## Creates a copy of an object that is already stored in Amazon S3. aws s3api copy-object --bucket --copy-source --key ## Creates a new S3 bucket. aws s3api create-bucket --bucket ## Deletes the S3 bucket. aws s3api delete-bucket --bucket ## Deletes the S3 bucket cors configuration information set. aws s3api delete-bucket-cors --bucket ## Delete the policy of a specified bucket. aws s3api delete-bucket-policy --bucket ## Deletes the tags from the bucket. aws s3api delete-bucket-tagging --bucket ## Removes the null version (if there is one) of an object and inserts a delete marker. aws s3api delete-bucket-tagging --bucket --key ## Delete multiple objects from a bucket using a single HTTP request. aws s3api delete-bucket-tagging --bucket --delete file:// ## Removes OwnershipControls for an Amazon S3 bucket. aws s3api delete-bucket-ownership-controls --bucket