AWS CLI S3 Cheat Sheet

AWS CLI•Permalink

High-level and low-level AWS CLI S3 commands for buckets, objects, sync, versioning, encryption, and presigned URLs.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

High-Level S3 Commands

Fast object and bucket workflows using `aws s3`.

List buckets

List S3 buckets in the account.

↗#

bashANYawss3list

bash

aws s3 ls

Uses the high-level S3 command set for quick interactive workflows.

List objects in a bucket

List top-level objects and prefixes in a bucket.

↗#

bashANYawss3objects

bash

aws s3 ls s3://my-bucket/

Useful for quick manual inspection of bucket contents.

Upload a file to S3

Copy a local file into a bucket.

↗#

bashANYawss3upload

bash

aws s3 cp ./app.log s3://my-bucket/logs/app.log

The high-level `cp` command is convenient for common transfers.

Download a file from S3

Copy an object from S3 to local disk.

↗#

bashANYawss3download

bash

aws s3 cp s3://my-bucket/backups/db.dump ./db.dump

Downloads a single object to a local path.

Upload a directory recursively

Copy a local directory tree to S3.

↗#

bashANYawss3recursive

bash

aws s3 cp ./dist s3://my-bucket/site/ --recursive

Frequently used for static site and artifact uploads.

Sync local directory to S3

Synchronize a local directory to a bucket prefix.

↗#

bashANYawss3sync

bash

aws s3 sync ./public s3://my-bucket/public/

Sync compares source and destination to transfer only needed changes.

Mirror local directory to S3 with deletes

Delete extra destination objects during sync.

↗#

bashANYawss3syncdanger

bash

aws s3 sync ./public s3://my-bucket/public/ --delete

Be careful: removes destination objects that do not exist locally.

Delete an object

Remove a single object from S3.

↗#

bashANYawss3delete

bash

aws s3 rm s3://my-bucket/tmp/data.csv

Deletes the specified object key.

Delete a prefix recursively

Remove all objects under a prefix.

↗#

bashANYawss3deleterecursive

bash

aws s3 rm s3://my-bucket/tmp/ --recursive

Useful for cleanup tasks and invalidating temp output.

Move or rename an object

Move an object within S3 or between S3 and local paths.

↗#

bashANYawss3move

bash

aws s3 mv s3://my-bucket/tmp/file.txt s3://my-bucket/archive/file.txt

Under the hood this is effectively copy plus delete.

S3API Bucket Commands

Low-level bucket management with `aws s3api`.

Create a bucket

Create a new bucket using the low-level API command.

↗#

bashANYawss3apibucket

bash

aws s3api create-bucket --bucket my-bucket --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2

Use `s3api` when you need explicit API-level control.

Check whether a bucket exists

Probe a bucket with HEAD.

↗#

bashANYawss3apibuckethead

bash

aws s3api head-bucket --bucket my-bucket

Common in scripts that verify access or existence.

Get bucket region

Show the bucket's region or location constraint.

↗#

bashANYawss3apibucketregion

bash

aws s3api get-bucket-location --bucket my-bucket

Useful when troubleshooting region mismatch issues.

Enable bucket versioning

Turn on object versioning for a bucket.

↗#

bashANYawss3apiversioning

bash

aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled

Versioning protects against accidental overwrites and deletes.

Get bucket versioning state

Inspect the versioning configuration on a bucket.

↗#

bashANYawss3apiversioning

bash

aws s3api get-bucket-versioning --bucket my-bucket

Use this to confirm whether versioning is enabled or suspended.

Set default encryption

Configure bucket default server-side encryption.

↗#

bashANYawss3apiencryption

bash

aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'

Sets default encryption so new uploads inherit the policy automatically.

Get bucket encryption config

Read the default encryption settings on a bucket.

↗#

bashANYawss3apiencryption

bash

aws s3api get-bucket-encryption --bucket my-bucket

Useful in compliance and audit scripts.

Block public access

Enable all four bucket public access block settings.

↗#

bashANYawss3apisecurity

bash

aws s3api put-public-access-block --bucket my-bucket --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true

Common baseline security setting for private buckets.

Attach a bucket policy

Set a bucket policy from a local JSON file.

↗#

bashANYawss3apipolicy

bash

aws s3api put-bucket-policy --bucket my-bucket --policy file://bucket-policy.json

Use policy files for maintainable, reviewable access control.

Delete an empty bucket

Remove a bucket after it has been emptied.

↗#

bashANYawss3apibucketdelete

bash

aws s3api delete-bucket --bucket my-bucket

The bucket must be empty before deletion succeeds.

S3API Object Commands

Low-level object inspection and manipulation.

Upload an object with s3api

Put a single object using low-level API options.

↗#

bashANYawss3apiput-object

bash

aws s3api put-object --bucket my-bucket --key docs/readme.txt --body ./README.md

Useful when you need API-level options not exposed in high-level `aws s3` commands.

Download an object with s3api

Fetch an object to a local file.

↗#

bashANYawss3apiget-object

bash

aws s3api get-object --bucket my-bucket --key backups/db.dump ./db.dump

Can expose metadata and range options in low-level workflows.

Read object metadata

Inspect metadata for a specific object.

↗#

bashANYawss3apihead-object

bash

aws s3api head-object --bucket my-bucket --key backups/db.dump

A very common way to confirm size, etag, storage class, and metadata.

Copy an object

Copy an object within S3 using low-level API syntax.

↗#

bashANYawss3apicopy-object

bash

aws s3api copy-object --bucket my-bucket --copy-source source-bucket/path/file.txt --key copies/file.txt

Useful when you need metadata directives or encryption options.

Delete an object with s3api

Delete a single object by key.

↗#

bashANYawss3apidelete-object

bash

aws s3api delete-object --bucket my-bucket --key tmp/file.txt

Useful in scripts that already use low-level S3 API commands.

List object versions

Show versions in a versioned bucket.

↗#

bashANYawss3apiversions

bash

aws s3api list-object-versions --bucket my-bucket --prefix app/

Useful when recovering or auditing previous object states.

Delete a specific object version

Remove one version from a versioned bucket.

↗#

bashANYawss3apiversionsdelete

bash

aws s3api delete-object --bucket my-bucket --key app/config.json --version-id 3Lg..example

Targets one specific version instead of the current latest version only.

Generate a presigned URL

Create a temporary signed download URL for an object.

↗#

bashANYawss3presign

bash

aws s3 presign s3://my-bucket/reports/monthly.pdf --expires-in 3600

Useful for secure, time-limited sharing without changing bucket policies.

More in AWS CLI

AWS CLI ECR and ECS Cheat Sheet

AWS CLI ECR and ECS commands for repositories, image login and cleanup, clusters, services, task definitions, and tasks.

AWS CLI CloudFormation Cheat Sheet

AWS CLI CloudFormation commands for templates, stacks, change sets, events, package, and deploy workflows.

AWS CLI IAM and STS Cheat Sheet

AWS CLI IAM and STS commands for users, groups, roles, policies, access keys, caller identity, and assume-role workflows.

AWS CLI EC2 Cheat Sheet

AWS CLI EC2 commands for instances, AMIs, key pairs, VPC networking, security groups, EBS volumes, and snapshots.

AWS CLI Cheat Sheet

Comprehensive AWS CLI commands for configuration, profiles, global options, queries, and common cross-service recipes.

Recommended next

No recommendations yet.

Browse all sheets →