All cheatsheets
AWS · Cheatsheet
AWS CLI v2 Cheatsheet
Profiles, SSO, EC2/S3/IAM/EKS/Logs essentials, JMESPath filters, and the pagination flags that save you from huge JSON dumps.
Updated 2026-05-21 9 min
Config & profiles
| aws configure | Interactive credential setup |
| aws configure sso | AWS IAM Identity Center login |
| aws sso login --profile prod | Refresh SSO session |
| aws --profile prod sts get-caller-identity | Who am I (in this profile)? |
| export AWS_PROFILE=prod AWS_REGION=ap-south-1 | Env-based profile + region |
| aws configure list-profiles | Show all configured profiles |
Output, filters, pagination
| --output json|yaml|text|table | Switch output format |
| --query 'Reservations[*].Instances[*].[InstanceId,State.Name]' | JMESPath projection |
| --filters 'Name=tag:Env,Values=prod' | Server-side filter (faster) |
| --no-cli-pager | Disable the pager (CI/scripts) |
| --max-items 50 --page-size 10 | Pagination control |
| --no-paginate | Single call, no auto-paging |
EC2
| aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,Tags[?Key==`Name`].Value|[0]]' --output table | Tabular instance list |
| aws ec2 start-instances --instance-ids i-abc | Start |
| aws ec2 stop-instances --instance-ids i-abc | Stop |
| aws ec2 describe-security-groups --group-ids sg-abc | SG details |
| aws ec2 describe-images --owners self --filters 'Name=tag:App,Values=api' | My custom AMIs |
| aws ssm start-session --target i-abc | SSH-less shell via SSM (best practice) |
S3
| aws s3 ls s3://bucket --recursive --human-readable --summarize | Total size + count |
| aws s3 cp file s3://bucket/key --storage-class INTELLIGENT_TIERING | Upload |
| aws s3 sync ./dist s3://bucket --delete --exclude '*.map' | Mirror dir, delete extras, skip maps |
| aws s3 presign s3://bucket/key --expires-in 600 | 10-min presigned URL |
| aws s3api put-bucket-versioning --bucket b --versioning-configuration Status=Enabled | Enable versioning |
| aws s3api put-public-access-block --bucket b --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true | Lock down all public access |
IAM
| aws iam list-users / list-roles | List principals |
| aws iam list-attached-role-policies --role-name R | Policies on a role |
| aws iam get-role --role-name R --query 'Role.AssumeRolePolicyDocument' | View trust policy |
| aws iam simulate-principal-policy --policy-source-arn ARN --action-names s3:GetObject | Test if action is allowed |
| aws sts assume-role --role-arn ARN --role-session-name s | Get temp creds |
EKS
| aws eks update-kubeconfig --name cluster --region ap-south-1 | Add cluster to kubeconfig |
| aws eks describe-cluster --name cluster --query 'cluster.endpoint' | Get API endpoint |
| aws eks list-nodegroups --cluster-name cluster | Managed node groups |
| aws eks describe-addon --cluster-name c --addon-name vpc-cni | Addon version |
CloudWatch Logs
| aws logs tail /aws/lambda/fn --follow --since 10m | Live tail (the killer feature) |
| aws logs tail /aws/lambda/fn --filter-pattern 'ERROR' | Filter while tailing |
| aws logs start-query --log-group-name /aws/eks/c/cluster --start-time $(date -d '1 hour ago' +%s) --end-time $(date +%s) --query-string 'fields @timestamp, @message | filter @message like /ERROR/' | Insights query |
| aws logs describe-log-groups --query 'logGroups[?retentionInDays==`null`].logGroupName' | Find groups WITHOUT retention (cost leak) |
Cost & misc
| aws ce get-cost-and-usage --time-period Start=2026-05-01,End=2026-05-21 --granularity DAILY --metrics UnblendedCost | Daily spend |
| aws budgets describe-budgets --account-id 1234567890 | List budgets |
| aws cloudformation deploy --stack-name s --template-file t.yml --capabilities CAPABILITY_NAMED_IAM | Create/update stack |
| aws ssm get-parameters-by-path --path /prod/api --recursive --with-decryption | Read SSM params |
Want the full hands-on training behind this?
Cloudadhar batches walk you through every command in a real production setup — with labs, code reviews, and 1:1 doubt sessions.