The Top 10 Essential AWS CLI Commands for Daily Resource Management

Keep this AWS CLI cheat sheet handy for daily S3, EC2, and IAM checks, transfers, instance actions, and permission reviews.

The Top 10 Essential AWS CLI Commands for Daily Resource Management

The AWS CLI is often the fastest way to answer daily operations questions: which EC2 instances are running, what changed in an S3 prefix, or which policies are attached to a user. The console is useful, but the CLI gives you repeatable commands you can paste into a runbook or script.

This AWS CLI cheat sheet focuses on practical S3, EC2, and IAM commands you are likely to use during routine checks and troubleshooting.

Prerequisites

Before you begin, ensure you have the AWS CLI installed and configured on your system. If not, follow the official AWS documentation to install it and configure your credentials (access key ID, secret access key, and default region).

# Check AWS CLI version
aws --version

# Configure AWS CLI if you have not already done so
aws configure

Essential AWS CLI Commands for Amazon S3

Use these commands to inspect buckets, move objects, and preview changes before a transfer.

1. aws s3 ls - List S3 Buckets and Objects

This command allows you to list your S3 buckets or the objects within a specific bucket. It's often the first step in understanding your storage landscape.

Purpose: View S3 buckets or contents of a bucket.

Example:

# List all S3 buckets in your account
aws s3 ls

# List objects in a specific bucket
aws s3 ls s3://your-bucket-name/

# List objects recursively with human-readable sizes and dates
aws s3 ls s3://your-bucket-name/ --recursive --human-readable --summarize

Tips:

  • Use --recursive to list all objects under a prefix. S3 has prefixes, not real folders, although the CLI presents them in a folder-like way. --summarize provides a total count and size.
  • You can also specify a path within a bucket: aws s3 ls s3://your-bucket-name/prefix/.

2. aws s3 cp - Copy Files to and from S3

The cp command is fundamental for transferring files between your local file system and S3, or even between S3 buckets.

Purpose: Copy local files to S3, S3 objects to local, or S3 objects between buckets.

Example:

# Copy a local file to an S3 bucket
aws s3 cp local-file.txt s3://your-bucket-name/folder/remote-file.txt

# Copy an object from S3 to your local machine
aws s3 cp s3://your-bucket-name/folder/remote-file.txt local-copy.txt

# Copy an object from one S3 bucket to another
aws s3 cp s3://source-bucket/file.txt s3://destination-bucket/new-file.txt

# Copy a local directory to S3 recursively
aws s3 cp --recursive local-folder/ s3://your-bucket-name/remote-folder/

Tips:

  • --recursive is crucial for copying entire directories.
  • Use --exclude and --include to filter files during recursive copies.

3. aws s3 sync - Synchronize Local Directories with S3

sync is a powerful command that synchronizes the contents of a directory with an S3 prefix, or vice versa. It copies only new or modified files, making it highly efficient for backups and deployments.

Purpose: Efficiently synchronize a local directory with an S3 bucket/prefix.

Example:

# Synchronize a local directory with an S3 bucket
aws s3 sync local-directory/ s3://your-bucket-name/remote-path/

# Synchronize an S3 bucket with a local directory
aws s3 sync s3://your-bucket-name/remote-path/ local-directory/

# Dry run to see what changes would be made without actually performing them
aws s3 sync local-directory/ s3://your-bucket-name/remote-path/ --dryrun

Best Practice: Always use --dryrun first to preview the changes before executing a sync operation, especially for critical data.

4. aws s3 rm - Remove S3 Objects and Buckets

This command is used to delete objects from an S3 bucket or to remove an empty bucket.

Purpose: Delete objects or empty buckets from S3.

Example:

# Delete a single object from a bucket
aws s3 rm s3://your-bucket-name/path/to/object.txt

# Delete all objects in a folder (prefix) recursively
aws s3 rm s3://your-bucket-name/folder/ --recursive

# Delete an empty bucket
aws s3 rb s3://your-bucket-name/

# Forcefully remove a bucket and all its contents (USE WITH EXTREME CAUTION!)
aws s3 rb s3://your-bucket-name/ --force

Warning: aws s3 rb --force is destructive. It removes objects before deleting the bucket, but versioned buckets may still require version cleanup with lower-level S3 API commands before deletion.

Essential AWS CLI Commands for Amazon EC2 (Elastic Compute Cloud)

EC2 provides scalable computing capacity in the AWS cloud. These commands help you manage your virtual servers.

5. aws ec2 describe-instances - Get EC2 Instance Details

This is your go-to command for gathering information about your EC2 instances, including their state, public/private IPs, tags, and more.

Purpose: Retrieve detailed information about one or more EC2 instances.

Example:

# Describe all EC2 instances in the current region
aws ec2 describe-instances

# Describe instances with a specific tag (e.g., Environment=Production)
aws ec2 describe-instances \
    --filters "Name=tag:Environment,Values=Production"

# Describe instances by instance ID
aws ec2 describe-instances --instance-ids i-0abcdef1234567890

# Describe instances and filter for specific information using JMESPath (e.g., PublicIpAddress)
aws ec2 describe-instances \
    --query "Reservations[*].Instances[*].{InstanceId:InstanceId,PublicIp:PublicIpAddress,State:State.Name}" \
    --output table

Tips:

  • --filters is powerful for narrowing down results based on instance state, tags, instance types, and more.
  • --query allows you to extract specific data fields and reformat the output (e.g., using JMESPath expressions).

6. aws ec2 start-instances - Start Stopped EC2 Instances

Use this command to start one or more stopped EC2 instances. Instances usually keep their private IPv4 addresses, but public IPv4 addresses can change unless you use an Elastic IP address.

Purpose: Initiate the start process for stopped EC2 instances.

Example:

# Start a single EC2 instance
aws ec2 start-instances --instance-ids i-0abcdef1234567890

# Start multiple EC2 instances
aws ec2 start-instances --instance-ids i-0abcdef1234567890 i-0fedcba9876543210

7. aws ec2 stop-instances - Stop Running EC2 Instances

This command stops running EC2 instances. For most EBS-backed instances, instance-hour billing stops while the instance is stopped, but attached EBS volumes, Elastic IP addresses, snapshots, and some related resources can still incur charges.

Purpose: Stop running EC2 instances.

Example:

# Stop a single EC2 instance
aws ec2 stop-instances --instance-ids i-0abcdef1234567890

# Stop multiple EC2 instances
aws ec2 stop-instances --instance-ids i-0abcdef1234567890 i-0fedcba9876543210

# Force stop an instance (use with caution for production systems)
aws ec2 stop-instances --instance-ids i-0abcdef1234567890 --force

Warning: Forcing an instance to stop can lead to data loss or file system corruption if applications are not shut down gracefully.

8. aws ec2 terminate-instances - Terminate EC2 Instances

Terminating an instance permanently deletes the instance. Attached EBS volumes are deleted only if their DeleteOnTermination setting is enabled.

Purpose: Permanently delete EC2 instances.

Example:

# Terminate a single EC2 instance
aws ec2 terminate-instances --instance-ids i-0abcdef1234567890

# Terminate multiple EC2 instances
aws ec2 terminate-instances --instance-ids i-0abcdef1234567890 i-0fedcba9876543210

Warning: Termination is a permanent and irreversible action. Ensure you have backups or snapshots of critical data before terminating instances.

Essential AWS CLI Commands for IAM (Identity and Access Management)

IAM allows you to securely control access to AWS services and resources. These commands help manage users and their permissions.

9. aws iam list-users - List IAM Users

This command provides a list of all IAM users in your AWS account, along with their ARNs, creation dates, and user IDs.

Purpose: View all IAM users configured in your AWS account.

Example:

# List all IAM users
aws iam list-users

# List users and extract specific fields using JMESPath
aws iam list-users --query "Users[*].{UserName:UserName,CreateDate:CreateDate,Arn:Arn}" --output table

Best Practice: Regularly review your IAM user list to ensure only necessary users exist and old, unused accounts are removed.

10. aws iam list-attached-user-policies - List Policies Attached to an IAM User

Understanding what permissions an IAM user has is critical for security and troubleshooting access issues. This command lists the managed policies directly attached to a specific user.

Purpose: Display managed policies attached to an IAM user.

Example:

# List all managed policies attached to a specific IAM user
aws iam list-attached-user-policies --user-name YourIAMUserName

# List inline policies attached to a specific IAM user
aws iam list-user-policies --user-name YourIAMUserName

Tips:

  • Remember that IAM users can receive permissions from attached managed policies, inline policies, and group membership. Roles are separate IAM identities; users do not inherit role permissions unless they are allowed to assume a role.
  • To get the details of a specific policy, use aws iam get-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess and then aws iam get-policy-version.

Takeaway

Start with read-only commands such as aws s3 ls, aws ec2 describe-instances, and aws iam list-users. Add write actions like sync, stop-instances, and terminate-instances only after you confirm the account, region, profile, and target resource IDs.