AWS CLI EC2 Cheat Sheet

AWS CLI•Permalink

AWS CLI EC2 commands for instances, AMIs, key pairs, VPC networking, security groups, EBS volumes, and snapshots.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

EC2 Instances

Launch, inspect, and manage EC2 instances.

Describe instances

List EC2 instances and their attributes.

bashANYawsec2instances

↗#

bash

aws ec2 describe-instances

Notes

Foundational EC2 inventory command.

Describe instances with query

Return a compact list of instance details.

bashANYawsec2query

↗#

bash

aws ec2 describe-instances --query 'Reservations[].Instances[].{Id:InstanceId,State:State.Name,Type:InstanceType,Name:Tags[?Key==`Name`]|[0].Value,PrivateIp:PrivateIpAddress}' --output table

Notes

JMESPath makes large instance inventories easier to read.

Launch an instance

Start one or more EC2 instances.

bashANYawsec2launch

↗#

bash

aws ec2 run-instances --image-id ami-0123456789abcdef0 --instance-type t3.micro --subnet-id subnet-0123456789abcdef0 --security-group-ids sg-0123456789abcdef0 --count 1

Notes

Specify AMI, instance type, network placement, and security groups.

Start stopped instances

Power on one or more stopped instances.

bashANYawsec2start

↗#

bash

aws ec2 start-instances --instance-ids i-0123456789abcdef0

Notes

Transitions the instance back to running.

Stop running instances

Gracefully stop one or more instances.

bashANYawsec2stop

↗#

bash

aws ec2 stop-instances --instance-ids i-0123456789abcdef0

Notes

Useful for cost savings in non-production environments.

Reboot instances

Perform an OS-level reboot.

bashANYawsec2reboot

↗#

bash

aws ec2 reboot-instances --instance-ids i-0123456789abcdef0

Notes

Reboots the instance without changing the root volume contents.

Terminate instances

Permanently delete one or more instances.

bashANYawsec2terminatedanger

↗#

bash

aws ec2 terminate-instances --instance-ids i-0123456789abcdef0

Notes

This is destructive and cannot be undone.

Wait until instance is running

Poll until an instance reaches the running state.

bashANYawsec2waiter

↗#

bash

aws ec2 wait instance-running --instance-ids i-0123456789abcdef0

Notes

Useful after launch scripts.

AMIs and Key Pairs

Image and SSH key workflows.

Describe AMIs

List AMIs visible to the account.

bashANYawsec2ami

↗#

bash

aws ec2 describe-images --owners self amazon

Notes

Useful when selecting machine images for launches.

Create an AMI from an instance

Create an image snapshot from an EC2 instance.

bashANYawsec2amiimage

↗#

bash

aws ec2 create-image --instance-id i-0123456789abcdef0 --name web-ami-2026-03-05

Notes

Useful for golden-image or backup workflows.

List key pairs

Show EC2 key pairs in the account.

bashANYawsec2key-pair

↗#

bash

aws ec2 describe-key-pairs

Notes

Useful when verifying SSH key names before launch.

Create a key pair

Generate a new EC2 key pair and save the private key.

bashANYawsec2key-pairssh

↗#

bash

aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem

Notes

Protect the generated private key file and set strict permissions.

Delete a key pair

Remove a key pair from the account.

bashANYawsec2key-pairdelete

↗#

bash

aws ec2 delete-key-pair --key-name my-key

Notes

Does not delete any local private key file you may have saved separately.

VPC, Subnets, and Security Groups

Core EC2 networking inventory and updates.

Describe VPCs

List VPCs in the account.

bashANYawsec2vpc

↗#

bash

aws ec2 describe-vpcs

Notes

Foundational networking inventory command.

Describe subnets

List subnets and their attributes.

bashANYawsec2subnet

↗#

bash

aws ec2 describe-subnets

Notes

Useful for selecting subnet placement during launches.

Describe security groups

List security groups and their rules.

bashANYawsec2security-group

↗#

bash

aws ec2 describe-security-groups

Notes

Use queries to narrow to specific ports or group IDs.

Add inbound security group rule

Allow inbound TCP 443 from a CIDR block.

bashANYawsec2security-groupingress

↗#

bash

aws ec2 authorize-security-group-ingress --group-id sg-0123456789abcdef0 --protocol tcp --port 443 --cidr 0.0.0.0/0

Notes

Adds a new inbound rule to the specified group.

Remove inbound security group rule

Delete an inbound rule from a security group.

bashANYawsec2security-groupingress

↗#

bash

aws ec2 revoke-security-group-ingress --group-id sg-0123456789abcdef0 --protocol tcp --port 443 --cidr 0.0.0.0/0

Notes

Removes a matching rule from the group.

Tag EC2 resources

Apply tags to one or more EC2 resources.

bashANYawsec2tags

↗#

bash

aws ec2 create-tags --resources i-0123456789abcdef0 vol-0123456789abcdef0 --tags Key=Env,Value=prod Key=App,Value=api

Notes

Use consistent tag sets for cost, ownership, and automation.

EBS Volumes and Snapshots

Manage block storage resources.

Describe EBS volumes

List attached and unattached EBS volumes.

bashANYawsec2ebsvolume

↗#

bash

aws ec2 describe-volumes

Notes

Useful for capacity and orphaned volume checks.

Create an EBS volume

Create a new volume in a specific AZ.

bashANYawsec2ebscreate-volume

↗#

bash

aws ec2 create-volume --availability-zone us-west-2a --size 50 --volume-type gp3

Notes

Block storage volumes are AZ-scoped.

Attach a volume

Attach an existing EBS volume to an instance.

bashANYawsec2ebsattach

↗#

bash

aws ec2 attach-volume --volume-id vol-0123456789abcdef0 --instance-id i-0123456789abcdef0 --device /dev/xvdf

Notes

The operating system still needs filesystem and mount configuration if appropriate.

Create a snapshot

Snapshot an EBS volume.

bashANYawsec2ebssnapshot

↗#

bash

aws ec2 create-snapshot --volume-id vol-0123456789abcdef0 --description 'nightly backup'

Notes

Snapshots can be used for backup, restore, and AMI workflows.

Describe snapshots

List snapshots visible to the account.

bashANYawsec2ebssnapshot

↗#

bash

aws ec2 describe-snapshots --owner-ids self

Notes

Useful for backup inventory and cleanup tasks.

Delete a snapshot

Remove a no-longer-needed snapshot.

bashANYawsec2ebssnapshot

↗#

bash

aws ec2 delete-snapshot --snapshot-id snap-0123456789abcdef0

Notes

Be careful to preserve restore points required by retention policy.

More in AWS CLI

AWS CLI ECR and ECS Cheat Sheet

AWS CLI ECR and ECS commands for repositories, image login and cleanup, clusters, services, task definitions, and tasks.

AWS CLI CloudFormation Cheat Sheet

AWS CLI CloudFormation commands for templates, stacks, change sets, events, package, and deploy workflows.

AWS CLI IAM and STS Cheat Sheet

AWS CLI IAM and STS commands for users, groups, roles, policies, access keys, caller identity, and assume-role workflows.

AWS CLI S3 Cheat Sheet

High-level and low-level AWS CLI S3 commands for buckets, objects, sync, versioning, encryption, and presigned URLs.

AWS CLI Cheat Sheet

Comprehensive AWS CLI commands for configuration, profiles, global options, queries, and common cross-service recipes.

Recommended next

No recommendations yet.

Browse all sheets →