AWS CLI EC2 Cheat Sheet

AWS CLI•Permalink

AWS CLI EC2 commands for instances, AMIs, key pairs, VPC networking, security groups, EBS volumes, and snapshots.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

EC2 Instances

Launch, inspect, and manage EC2 instances.

Describe instances

List EC2 instances and their attributes.

↗#

bashANYawsec2instances

bash

aws ec2 describe-instances

Foundational EC2 inventory command.

Describe instances with query

Return a compact list of instance details.

↗#

bashANYawsec2query

bash

aws ec2 describe-instances --query 'Reservations[].Instances[].{Id:InstanceId,State:State.Name,Type:InstanceType,Name:Tags[?Key==`Name`]|[0].Value,PrivateIp:PrivateIpAddress}' --output table

JMESPath makes large instance inventories easier to read.

Launch an instance

Start one or more EC2 instances.

↗#

bashANYawsec2launch

bash

aws ec2 run-instances --image-id ami-0123456789abcdef0 --instance-type t3.micro --subnet-id subnet-0123456789abcdef0 --security-group-ids sg-0123456789abcdef0 --count 1

Specify AMI, instance type, network placement, and security groups.

Start stopped instances

Power on one or more stopped instances.

↗#

bashANYawsec2start

bash

aws ec2 start-instances --instance-ids i-0123456789abcdef0

Transitions the instance back to running.

Stop running instances

Gracefully stop one or more instances.

↗#

bashANYawsec2stop

bash

aws ec2 stop-instances --instance-ids i-0123456789abcdef0

Useful for cost savings in non-production environments.

Reboot instances

Perform an OS-level reboot.

↗#

bashANYawsec2reboot

bash

aws ec2 reboot-instances --instance-ids i-0123456789abcdef0

Reboots the instance without changing the root volume contents.

Terminate instances

Permanently delete one or more instances.

↗#

bashANYawsec2terminatedanger

bash

aws ec2 terminate-instances --instance-ids i-0123456789abcdef0

This is destructive and cannot be undone.

Wait until instance is running

Poll until an instance reaches the running state.

↗#

bashANYawsec2waiter

bash

aws ec2 wait instance-running --instance-ids i-0123456789abcdef0

Useful after launch scripts.

AMIs and Key Pairs

Image and SSH key workflows.

Describe AMIs

List AMIs visible to the account.

↗#

bashANYawsec2ami

bash

aws ec2 describe-images --owners self amazon

Useful when selecting machine images for launches.

Create an AMI from an instance

Create an image snapshot from an EC2 instance.

↗#

bashANYawsec2amiimage

bash

aws ec2 create-image --instance-id i-0123456789abcdef0 --name web-ami-2026-03-05

Useful for golden-image or backup workflows.

List key pairs

Show EC2 key pairs in the account.

↗#

bashANYawsec2key-pair

bash

aws ec2 describe-key-pairs

Useful when verifying SSH key names before launch.

Create a key pair

Generate a new EC2 key pair and save the private key.

↗#

bashANYawsec2key-pairssh

bash

aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem

Protect the generated private key file and set strict permissions.

Delete a key pair

Remove a key pair from the account.

↗#

bashANYawsec2key-pairdelete

bash

aws ec2 delete-key-pair --key-name my-key

Does not delete any local private key file you may have saved separately.

VPC, Subnets, and Security Groups

Core EC2 networking inventory and updates.

Describe VPCs

List VPCs in the account.

↗#

bashANYawsec2vpc

bash

aws ec2 describe-vpcs

Foundational networking inventory command.

Describe subnets

List subnets and their attributes.

↗#

bashANYawsec2subnet

bash

aws ec2 describe-subnets

Useful for selecting subnet placement during launches.

Describe security groups

List security groups and their rules.

↗#

bashANYawsec2security-group

bash

aws ec2 describe-security-groups

Use queries to narrow to specific ports or group IDs.

Add inbound security group rule

Allow inbound TCP 443 from a CIDR block.

↗#

bashANYawsec2security-groupingress

bash

aws ec2 authorize-security-group-ingress --group-id sg-0123456789abcdef0 --protocol tcp --port 443 --cidr 0.0.0.0/0

Adds a new inbound rule to the specified group.

Remove inbound security group rule

Delete an inbound rule from a security group.

↗#

bashANYawsec2security-groupingress

bash

aws ec2 revoke-security-group-ingress --group-id sg-0123456789abcdef0 --protocol tcp --port 443 --cidr 0.0.0.0/0

Removes a matching rule from the group.

Tag EC2 resources

Apply tags to one or more EC2 resources.

↗#

bashANYawsec2tags

bash

aws ec2 create-tags --resources i-0123456789abcdef0 vol-0123456789abcdef0 --tags Key=Env,Value=prod Key=App,Value=api

Use consistent tag sets for cost, ownership, and automation.

EBS Volumes and Snapshots

Manage block storage resources.

Describe EBS volumes

List attached and unattached EBS volumes.

↗#

bashANYawsec2ebsvolume

bash

aws ec2 describe-volumes

Useful for capacity and orphaned volume checks.

Create an EBS volume

Create a new volume in a specific AZ.

↗#

bashANYawsec2ebscreate-volume

bash

aws ec2 create-volume --availability-zone us-west-2a --size 50 --volume-type gp3

Block storage volumes are AZ-scoped.

Attach a volume

Attach an existing EBS volume to an instance.

↗#

bashANYawsec2ebsattach

bash

aws ec2 attach-volume --volume-id vol-0123456789abcdef0 --instance-id i-0123456789abcdef0 --device /dev/xvdf

The operating system still needs filesystem and mount configuration if appropriate.

Create a snapshot

Snapshot an EBS volume.

↗#

bashANYawsec2ebssnapshot

bash

aws ec2 create-snapshot --volume-id vol-0123456789abcdef0 --description 'nightly backup'

Snapshots can be used for backup, restore, and AMI workflows.

Describe snapshots

List snapshots visible to the account.

↗#

bashANYawsec2ebssnapshot

bash

aws ec2 describe-snapshots --owner-ids self

Useful for backup inventory and cleanup tasks.

Delete a snapshot

Remove a no-longer-needed snapshot.

↗#

bashANYawsec2ebssnapshot

bash

aws ec2 delete-snapshot --snapshot-id snap-0123456789abcdef0

Be careful to preserve restore points required by retention policy.

More in AWS CLI

AWS CLI ECR and ECS Cheat Sheet

AWS CLI ECR and ECS commands for repositories, image login and cleanup, clusters, services, task definitions, and tasks.

AWS CLI CloudFormation Cheat Sheet

AWS CLI CloudFormation commands for templates, stacks, change sets, events, package, and deploy workflows.

AWS CLI IAM and STS Cheat Sheet

AWS CLI IAM and STS commands for users, groups, roles, policies, access keys, caller identity, and assume-role workflows.

AWS CLI S3 Cheat Sheet

High-level and low-level AWS CLI S3 commands for buckets, objects, sync, versioning, encryption, and presigned URLs.

AWS CLI Cheat Sheet

Comprehensive AWS CLI commands for configuration, profiles, global options, queries, and common cross-service recipes.

Recommended next

No recommendations yet.

Browse all sheets →