AWS CLI Cheat Sheet

AWS CLI•Permalink

Comprehensive AWS CLI commands for configuration, profiles, global options, queries, and common cross-service recipes.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Install, Version, and Help

Verify the CLI and discover commands.

Show AWS CLI version

Print the installed AWS CLI version.

bashANYawscliversion

↗#

bash

aws --version

Notes

Useful for troubleshooting auth, SSO, and output behavior differences between versions.

Open top-level help

Show global AWS CLI help.

bashANYawsclihelp

↗#

bash

aws help

Notes

Lists services, global options, and usage patterns.

Open service help

Show help for a specific AWS service namespace.

bashANYawsec2help

↗#

bash

aws ec2 help

Notes

Use this to discover commands, arguments, and examples for a service.

Open command help

Show help for a specific command.

bashANYawshelpcommand

↗#

bash

aws s3 cp help

Notes

Displays the syntax, parameters, and examples for a subcommand.

Configuration and Profiles

Configure credentials, regions, named profiles, and identity center.

Run interactive configure

Set credentials, region, and output format interactively.

bashANYawsconfigurecredentials

↗#

bash

aws configure

Notes

Writes values to your local AWS config and credentials files.

List current config values

Show the currently resolved config values.

bashANYawsconfigureinspect

↗#

bash

aws configure list

Notes

Useful for checking which credentials, region, and profile are active.

List configured profiles

Show the names of configured profiles.

bashANYawsprofilesconfigure

↗#

bash

aws configure list-profiles

Notes

Useful when switching among multiple accounts and environments.

Get configured region

Read a config value from a profile.

bashANYawsconfigureprofile

↗#

bash

aws configure get region --profile prod

Notes

Reads a setting from your shared config file for the specified profile.

Set profile region

Set a config value for a profile.

bashANYawsconfigureprofile

↗#

bash

aws configure set region us-west-2 --profile prod

Notes

Writes a value to the named profile in the shared config file.

Configure IAM Identity Center (SSO)

Interactively create an SSO-backed profile.

bashANYawsssoconfigure

↗#

bash

aws configure sso

Notes

Creates a profile that uses temporary credentials sourced from IAM Identity Center.

Log in with SSO

Obtain an SSO session for a named profile.

bashANYawsssologin

↗#

bash

aws sso login --profile sandbox

Notes

Starts an authentication flow and caches short-lived credentials for the profile.

Show current caller identity

Confirm which account, role, or user is active.

bashANYawsstsidentity

↗#

bash

aws sts get-caller-identity

Notes

One of the most useful commands for validating the currently active credentials.

Global Options, Output, and Queries

Use global flags, pagination, and JMESPath queries effectively.

Override region for one command

Run a command in a specific region.

bashANYawsregionglobal-options

↗#

bash

aws ec2 describe-instances --region us-east-1

Notes

Overrides any configured region for this invocation only.

Use a specific profile

Run a command under a named profile.

bashANYawsprofileglobal-options

↗#

bash

aws s3 ls --profile prod

Notes

Overrides the default profile for this invocation.

Render tabular output

Format command results as a table.

bashANYawsoutputtable

↗#

bash

aws iam list-users --output table

Notes

Useful for quick interactive inspection.

Filter results with JMESPath

Select fields from JSON output.

bashANYawsqueryjmespath

↗#

bash

aws ec2 describe-instances --query 'Reservations[].Instances[].{Id:InstanceId,State:State.Name,Type:InstanceType}'

Notes

The `--query` option applies a JMESPath expression to the response.

Disable automatic pagination

Fetch only the first page of a paginated result set.

bashANYawspaginationglobal-options

↗#

bash

aws logs describe-log-groups --no-paginate

Notes

Useful for testing or when you intentionally want a single page only.

Control service page size

Reduce the number of items retrieved per service call.

bashANYawspaginationpage-size

↗#

bash

aws ec2 describe-instances --page-size 25

Notes

Can help long-running list operations avoid timeouts while still returning the full result set.

Limit total items returned

Return only a specific number of items in the CLI output.

bashANYawspaginationmax-items

↗#

bash

aws iam list-users --max-items 10

Notes

Useful when previewing large result sets.

Generate input skeleton

Print a JSON skeleton for command input.

bashANYawsskeletonjson

↗#

bash

aws dynamodb put-item --generate-cli-skeleton input

Notes

Helpful when crafting JSON input for complex commands.

Pass structured input from JSON

Provide command arguments from a JSON document.

bashANYawsjsoninput

↗#

bash

aws ec2 run-instances --cli-input-json file://run-instances.json

Notes

Useful when commands have many nested parameters.

Common Cross-Service Recipes

Handy patterns used across many services.

List AWS regions

Show available regions from EC2.

bashANYawsec2regions

↗#

bash

aws ec2 describe-regions --query 'Regions[].RegionName' --output text

Notes

Handy for scripts that validate or enumerate regions.

List availability zones

Show AZs for the active region.

bashANYawsec2az

↗#

bash

aws ec2 describe-availability-zones --query 'AvailabilityZones[].ZoneName' --output text

Notes

Useful for subnet, EBS, and deployment planning.

Create tags on a resource

Attach tags using a service-specific tagging command.

bashANYawstagsec2

↗#

bash

aws ec2 create-tags --resources i-0123456789abcdef0 --tags Key=Name,Value=web-01 Key=Env,Value=prod

Notes

Many AWS services expose service-specific tagging commands or APIs.

Wait for a resource state

Use a waiter until an EC2 instance is running.

bashANYawswaiterec2

↗#

bash

aws ec2 wait instance-running --instance-ids i-0123456789abcdef0

Notes

Waiters poll the service until a known condition is met or a timeout occurs.

Enable debug logging

Print request/response debugging details.

bashANYawsdebugtroubleshooting

↗#

bash

aws sts get-caller-identity --debug

Notes

Helpful for diagnosing signing, credential, region, and endpoint issues.

More in AWS CLI

AWS CLI ECR and ECS Cheat Sheet

AWS CLI ECR and ECS commands for repositories, image login and cleanup, clusters, services, task definitions, and tasks.

AWS CLI CloudFormation Cheat Sheet

AWS CLI CloudFormation commands for templates, stacks, change sets, events, package, and deploy workflows.

AWS CLI IAM and STS Cheat Sheet

AWS CLI IAM and STS commands for users, groups, roles, policies, access keys, caller identity, and assume-role workflows.

AWS CLI EC2 Cheat Sheet

AWS CLI EC2 commands for instances, AMIs, key pairs, VPC networking, security groups, EBS volumes, and snapshots.

AWS CLI S3 Cheat Sheet

High-level and low-level AWS CLI S3 commands for buckets, objects, sync, versioning, encryption, and presigned URLs.

Recommended next

No recommendations yet.

Browse all sheets →

Install, Version, and Help

Show AWS CLI version

Open top-level help

Open service help

Open command help

Configuration and Profiles

Run interactive configure

List current config values

List configured profiles

Get configured region

Set profile region

Configure IAM Identity Center (SSO)

Log in with SSO

Show current caller identity

Global Options, Output, and Queries

Override region for one command

Use a specific profile

Render tabular output

Filter results with JMESPath

Disable the default pager

Disable automatic pagination

Control service page size

Limit total items returned

Generate input skeleton

Pass structured input from JSON

Common Cross-Service Recipes

List AWS regions

List availability zones

Create tags on a resource

Wait for a resource state

Enable debug logging

More in AWS CLI

Recommended next