DEV Community

Cover image for AWS CLI Cheatsheet
Md. Minhazul Haque
Md. Minhazul Haque

Posted on • Updated on

AWS CLI Cheatsheet

πŸ”§ Tools Required

⚠️ Disclaimer: All Resource, Account, ARN, Hostname etc are generated using Faker. They do not match any real user data.

πŸ“’ Table of Contents

ℹ️ Pro Tip!

πŸ‘‰ If you have multiple AWS Accounts, you can use bash alias like the following. So you no longer need to pass --profile to aws tool.

alias aws-prod="aws --profile work-prod"
alias aws-dev="aws --profile work-dev"
alias aws-self="aws --profile personal"
alias aws="aws --profile work-dev"
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ To format aws command output into tables, you can pipe output to column -t.

# aws ec2 describe-instances | jq ...
i-0f112d652ecf13dac c3.x2large fisher.com
i-0b3b5128445a332db t2.nano robinson.com

# aws ec2 describe-instances | jq ... | column -t
i-0f112d652ecf13dac  c3.x2large  fisher.com
i-0b3b5128445a332db  t2.nano     robinson.com
Enter fullscreen mode Exit fullscreen mode

EC2

List Instance ID, Type and Name

aws ec2 describe-instances | jq -r '.Reservations[].Instances[]|.InstanceId+" "+.InstanceType+" "+(.Tags[] | select(.Key == "Name").Value)'
i-0f112d652ecf13dac  c3.xlarge  fisher.com
i-0b3b5128445a332db  t2.nano    robinson.com
i-0d1c1cf4e980ac593  t2.micro   nolan.com
i-004ee6b792c3b6914  t2.nano    grimes-green.net
i-00f11e8e33c971058  t2.nano    garrett.com
Enter fullscreen mode Exit fullscreen mode

List Instances with Public IP Address and Name

πŸ‘‰ Tip: You can directly put this to your /etc/hosts

aws ec2 describe-instances --query 'Reservations[*].Instances[?not_null(PublicIpAddress)]' | jq -r '.[][]|.PublicIpAddress+" "+(.Tags[]|select(.Key=="Name").Value)'
223.64.72.64    fisher.com
198.82.207.161  robinson.com
182.139.20.233  nolan.com
153.134.83.44   grimes-green.net
202.32.63.121   garrett.com
Enter fullscreen mode Exit fullscreen mode

List of VPCs and CIDR IP Block

aws ec2 describe-vpcs | jq -r '.Vpcs[]|.VpcId+" "+(.Tags[]|select(.Key=="Name").Value)+" "+.CidrBlock'
vpc-0d1c1cf4e980ac593  frontend-vpc  10.0.0.0/16
vpc-00f11e8e33c971058  backend-vpc   172.31.0.0/16
Enter fullscreen mode Exit fullscreen mode

List of Subnets for a VPC

aws ec2 describe-subnets --filter Name=vpc-id,Values=vpc-0d1c1cf4e980ac593 | jq -r '.Subnets[]|.SubnetId+" "+.CidrBlock+" "+(.Tags[]|select(.Key=="Name").Value)'
subnet-0dae5d4daa47fe4a2  10.0.128.0/20  Public Subnet 1
subnet-0641a25faccb01f0f  10.0.32.0/19   Private Subnet 2
subnet-09fb8038641f1f36f  10.0.0.0/19    Private Subnet 1
subnet-02a63c67684d8deed  10.0.144.0/20  Public Subnet 2
Enter fullscreen mode Exit fullscreen mode

List of Security Groups

aws ec2 describe-security-groups | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName'
sg-02a63c67684d8deed  backend-db
sg-0dae5d4daa47fe4a2  backend-redis
sg-0a56bff7b12264282  frontend-lb
sg-0641a25faccb01f0f  frontend-https
sg-09fb8038641f1f36f  internal-ssh
Enter fullscreen mode Exit fullscreen mode

Print Security Groups for an Instance

aws ec2 describe-instances --instance-ids i-0dae5d4daa47fe4a2 | jq -r '.Reservations[].Instances[].SecurityGroups[]|.GroupId+" "+.GroupName'
sg-02a63c67684d8deed  backend-db
sg-0dae5d4daa47fe4a2  backend-redis
Enter fullscreen mode Exit fullscreen mode

Edit Security Groups of an Instance

πŸ‘‰ You have to provide existing Security Group IDs as well

aws ec2 modify-instance-attribute --instance-id i-0dae5d4daa47fe4a2 --groups sg-02a63c67684d8deed sg-0dae5d4daa47fe4a2
Enter fullscreen mode Exit fullscreen mode

Print Security Group Rules as FromAddress and ToPort

aws ec2 describe-security-groups --group-ids sg-02a63c67684d8deed | jq -r '.SecurityGroups[].IpPermissions[]|. as $parent|(.IpRanges[].CidrIp+" "+($parent.ToPort|tostring))'
223.64.72.64/32    3306
198.82.207.161/32  3306
168.244.58.160/32  3306
202.0.149.202/32   3306
212.143.80.102/32  3306
Enter fullscreen mode Exit fullscreen mode

Add Rule to Security Group

aws ec2 authorize-security-group-ingress --group-id sg-02a63c67684d8deed --protocol tcp --port 443 --cidr 35.0.0.1
Enter fullscreen mode Exit fullscreen mode

Delete Rule from Security Group

aws ec2 revoke-security-group-ingress --group-id sg-02a63c67684d8deed --protocol tcp --port 443 --cidr 35.0.0.1
Enter fullscreen mode Exit fullscreen mode

Edit Rules of Security Group

πŸ‘‰ You have to provide All IP Ranges as well

aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-02a63c67684d8deed --ip-permissions 'ToPort=443,IpProtocol=tcp,IpRanges=[{CidrIp=202.171.186.133/32,Description=Home}]'
Enter fullscreen mode Exit fullscreen mode

Delete Security Group

aws ec2 delete-security-group --group-id sg-02a63c67684d8deed
Enter fullscreen mode Exit fullscreen mode

S3

List Buckets

aws s3 ls
2020-01-28 18:49:50 customer-data-primary
2020-01-28 18:50:22 customer-data-backup
2020-01-28 18:50:54 wordpress-cdn
2020-01-28 18:52:25 backend-artifacts-20200220-deployment
Enter fullscreen mode Exit fullscreen mode

List Files in a Bucket

aws s3 ls wordpress-cdn/wp-content/uploads/2019/10/04/
2019-10-04 15:02:02     133557 amazing-content.jpg
2019-10-04 15:02:02       2986 amazing-content-103x50.jpg
2019-10-04 15:02:02       5640 amazing-content-120x120.jpg
2019-10-04 15:02:02       7924 amazing-content-150x150.jpg
Enter fullscreen mode Exit fullscreen mode

Create Bucket

aws s3 mb s3://my-awesome-new-bucket
make_bucket: my-awesome-new-bucket
Enter fullscreen mode Exit fullscreen mode

Delete Bucket

aws s3 rb s3://my-awesome-new-bucket --force
Enter fullscreen mode Exit fullscreen mode

Download S3 Object to Local

aws s3 cp s3://my-awesome-new-bucket .
download: ./backup.tar from s3://my-awesome-new-bucket/backup.tar
Enter fullscreen mode Exit fullscreen mode

Upload Local File as S3 Object

aws s3 cp backup.tar s3://my-awesome-new-bucket
upload: ./backup.tar to s3://my-awesome-new-bucket/backup.tar
Enter fullscreen mode Exit fullscreen mode

Delete S3 Object

aws s3 rm s3://my-awesome-new-bucket/secret-file.gz .
delete: s3://my-awesome-new-bucket/secret-file.gz
Enter fullscreen mode Exit fullscreen mode

Download Bucket to Local

aws s3 sync s3://my-awesome-new-bucket/ /media/Passport-Ultra/Backup
Enter fullscreen mode Exit fullscreen mode

Upload Local Directory to Bucket

aws s3 sync /home/minhaz/Downloads s3://my-awesome-new-bucket/
Enter fullscreen mode Exit fullscreen mode

Share S3 Object without Public Access

aws s3 presign s3://my-awesome-new-bucket/business-reports.pdf --expires-in 3600
https://my-awesome-new-bucket.s3.amazonaws.com/business-reports.pdf?AWSAccessKeyId=AKISUENSAKSIEUAA&Expires=1582876994&Signature=kizOEA93kaIHw7uv25wSFIKLmAx
Enter fullscreen mode Exit fullscreen mode

API Gateway

List of API Gateway IDs and Names

aws apigateway get-rest-apis | jq -r '.items[] | .id+" "+.name'
5e3221cf8  backend-api
69ef7d4c8  frontend-api
bb1e3c281  partner-api
f99796943  internal-crm-api
ee86b4cde  import-data-api
Enter fullscreen mode Exit fullscreen mode

List of API Gateway Keys

aws apigateway get-api-keys | jq -r '.items[] | .id+" "+.name'
ee86b4cde   backend-api-key
69ef7d4c8   partner-api-key
Enter fullscreen mode Exit fullscreen mode

List API Gateway Domain Names

aws apigateway get-domain-names | jq -r '.items[] | .domainName+" "+.regionalDomainName'
backend-api.mdminhazulhaque.io   d-ee86b4cde.execute-api.ap-southeast-1.amazonaws.com
frontend-api.mdminhazulhaque.io  d-bb1e3c281.execute-api.ap-southeast-1.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

List of Resources for API Gateway

aws apigateway get-resources --rest-api-id ee86b4cde  | jq -r '.items[] | .id+" "+.path'
ee86b4cde  /{proxy+}
69ef7d4c8  /
Enter fullscreen mode Exit fullscreen mode

Find Lambda for API Gateway Resource

aws apigateway get-integration --rest-api-id ee86b4cde --resource-id 69ef7d4c8 --http-method GET | jq -r '.uri'
arn:aws:lambda:ap-southeast-1:987654321:function:backend-api-function-5d4daa47fe4a2:live/invocations
Enter fullscreen mode Exit fullscreen mode

ELB

List of ELB Hostnames

aws elbv2 describe-load-balancers --query 'LoadBalancers[*].DNSName'  | jq -r 'to_entries[] | .value'
frontend-lb-1220186848339.ap-southeast-1.elb.amazonaws.com
backend-lb-6208709163457.ap-southeast-1.elb.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

List of ELB ARNs

aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | .LoadBalancerArn'
arn:aws:elasticloadbalancing:ap-southeast-1:987654321:loadbalancer/app/frontend-lb/1220186848339
arn:aws:elasticloadbalancing:ap-southeast-1:987654321:loadbalancer/app/backend-lb/6208709163457
Enter fullscreen mode Exit fullscreen mode

List of ELB Target Group ARNs

aws elbv2 describe-target-groups | jq -r '.TargetGroups[] | .TargetGroupArn'
arn:aws:elasticloadbalancing:ap-southeast-1:987654321:targetgroup/frontend/b6da07d35
arn:aws:elasticloadbalancing:ap-southeast-1:987654321:targetgroup/backend/97ad3b13c
Enter fullscreen mode Exit fullscreen mode

Find Instances for a Target Group

aws elbv2 describe-target-health --target-group-arn arn:aws:elasticloadbalancing:ap-southeast-1:987654321:targetgroup/wordpress-ph/88f517d6b5326a26 | jq -r '.TargetHealthDescriptions[] | .Target.Id'
i-0b3b5128445a332db
i-0d1c1cf4e980ac593
i-00f11e8e33c971058
Enter fullscreen mode Exit fullscreen mode

RDS

List of DB Clusters

aws rds describe-db-clusters | jq -r '.DBClusters[] | .DBClusterIdentifier+" "+.Endpoint'
backend-prod   backend-prod.cluster-b6da07d35.ap-southeast-1.rds.amazonaws.com
internal-prod  internal-dev.cluster-b6da07d35.ap-southeast-1.rds.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

List of DB Instances

aws rds describe-db-instances | jq -r '.DBInstances[] | .DBInstanceIdentifier+" "+.DBInstanceClass+" "+.Endpoint.Address'
backend-dev   db.t3.medium  backend-prod.b6da07d35.ap-southeast-1.rds.amazonaws.com
internal-dev  db.t2.micro   internal-dev.b6da07d35.ap-southeast-1.rds.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

Take DB Instance Snapshot

aws rds create-db-snapshot --db-snapshot-identifier backend-dev-snapshot-0001 --db-instance-identifier backend-dev
aws rds describe-db-snapshots --db-snapshot-identifier backend-dev-snapshot-0001 --db-instance-identifier general
Enter fullscreen mode Exit fullscreen mode

Take DB Cluster Snapshot

aws rds create-db-cluster-snapshot --db-cluster-snapshot-identifier backend-prod-snapshot-0002 --db-cluster-identifier backend-prod
aws rds describe-db-cluster-snapshots --db-cluster-snapshot-identifier backend-prod-snapshot-0002 --db-cluster-identifier backend-prod
Enter fullscreen mode Exit fullscreen mode

ElastiCache

List of ElastiCache Machine Type and Name

aws elasticache describe-cache-clusters | jq -r '.CacheClusters[] | .CacheNodeType+" "+.CacheClusterId'
cache.t2.micro  backend-login-hk
cache.t2.micro  backend-login-vn
cache.t2.micro  backend-login-sg
Enter fullscreen mode Exit fullscreen mode

List of ElastiCache Replication Groups

aws elasticache describe-replication-groups | jq -r '.ReplicationGroups[] | .ReplicationGroupId+" "+.NodeGroups[].PrimaryEndpoint.Address'
backend-login-hk backend-login-hk.6da35.ng.0001.apse1.cache.amazonaws.com
backend-login-vn backend-login-vn.6da35.ng.0001.apse1.cache.amazonaws.com
backend-login-sg backend-login-sg.6da35.ng.0001.apse1.cache.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

List of ElastiCache Snapshots

aws elasticache describe-snapshots | jq -r '.Snapshots[] | .SnapshotName'
automatic.backend-login-hk-2020-02-27-00-27
automatic.backend-login-vn-2020-02-27-00-27
automatic.backend-login-sg-2020-02-27-00-27
Enter fullscreen mode Exit fullscreen mode

Create ElastiCache Snapshot

aws elasticache create-snapshot --snapshot-name backend-login-hk-snap-0001 --replication-group-id backend-login-hk --cache-cluster-id backend-login-hk
Enter fullscreen mode Exit fullscreen mode

Delete ElastiCache Snapshot

aws elasticache delete-snapshot --snapshot-name backend-login-hk-snap-0001
Enter fullscreen mode Exit fullscreen mode

Scale Up/Down ElastiCache Replica

aws elasticache increase-replica-count --replication-group-id backend-login-hk --apply-immediately
aws elasticache decrease-replica-count --replication-group-id backend-login-hk --apply-immediately
Enter fullscreen mode Exit fullscreen mode

Lambda

List of Lambda Functions, Runtime and Memory

aws lambda list-functions | jq -r '.Functions[] | .FunctionName+" "+.Runtime+" "+(.MemorySize|tostring)'
backend-api-function           nodejs8.10  512
backend-signup-email-function  nodejs10.x  128
partner-api-8XJAP1VVLYA7       python3.7   128
marketing-promo-sqs-function   nodejs10.x  128
Enter fullscreen mode Exit fullscreen mode

List of Lambda Layers

aws lambda list-layers | jq -r '.Layers[] | .LayerName'
imagemagik-layer
django-layer
nodejs-extra-layer
Enter fullscreen mode Exit fullscreen mode

List of Source Event for Lambda

aws lambda list-event-source-mappings | jq -r '.EventSourceMappings[] | .FunctionArn+" "+.EventSourceArn'
arn:aws:lambda:function:backend-api-function           arn:aws:dynamodb:table/prod-user-list/stream
arn:aws:lambda:function:backend-signup-email-function  arn:aws:dynamodb:table/prod-user-email/stream
arn:aws:lambda:function:partner-api-8XJAP1VVLYA7       arn:aws:sqs:partner-input-msg-queue
arn:aws:lambda:function:marketing-promo-sqs-function   arn:aws:sqs:promo-input-msg-queue
Enter fullscreen mode Exit fullscreen mode

Download Lambda Code

aws lambda get-function --function-name DynamoToSQS | jq -r .Code.Location
https://awslambda-ap-se-1-tasks.s3.ap-southeast-1.amazonaws.com/snapshots/987654321/backend-api-function-1fda0de7-a751-4586-bf64-5601a410c170
Enter fullscreen mode Exit fullscreen mode

Cloudwatch

List of CloudWatch Alarms and Status

aws cloudwatch describe-alarms | jq -r '.MetricAlarms[] | .AlarmName+" "+.Namespace+" "+.StateValue'
backend-autoscale  AWS/EC2             OK
backend-lb         AWS/ApplicationELB  OK
partner-hk         AWS/ECS             ALARM
partner-vn         AWS/ECS             ALARM
partner-sg         AWS/ECS             ALARM
userdata-read      AWS/DynamoDB        OK
userdata-write     AWS/DynamoDB        OK
Enter fullscreen mode Exit fullscreen mode

Create Alarm for EC2 High CPUUtilization

aws cloudwatch put-metric-alarm --alarm-name high-cpu-usage --alarm-description "Alarm when CPU exceeds 70 percent" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70 --comparison-operator GreaterThanThreshold  --dimensions "Name=InstanceId,Value=i-123456789" --evaluation-periods 2 --alarm-actions arn:aws:sns:ap-southeast-1:987654321:System-Alerts --unit Percent
Enter fullscreen mode Exit fullscreen mode

Create Alarm for EC2 High StatusCheckFailed_Instance

aws cloudwatch put-metric-alarm --alarm-name EC2-StatusCheckFailed-AppServer --alarm-description "EC2 StatusCheckFailed for AppServer" --metric-name StatusCheckFailed_Instance --namespace AWS/EC2 --statistic Average --period 60 --threshold 0 --comparison-operator GreaterThanThreshold  --dimensions "Name=InstanceId,Value=i-123456789" --evaluation-periods 3 --alarm-actions arn:aws:sns:ap-southeast-1:987654321:System-Alerts --unit Count
Enter fullscreen mode Exit fullscreen mode

Route53

List Domains

aws route53 list-hosted-zones | jq -r '.HostedZones[]|.Id+" "+.Name'
/hostedzone/ZEB1PAH4U mysite.com.
/hostedzone/ZQUOHGH3G yoursite.com.
/hostedzone/ZEADEA0CO staywith.us.
Enter fullscreen mode Exit fullscreen mode

List Records for a Domain (Zone)

aws route53 list-resource-record-sets --hosted-zone-id /hostedzone/ZEB1PAH4U | jq -r '.ResourceRecordSets[]| if (.AliasTarget!=null) then .Type+" "+.Name+" "+.AliasTarget.DNSName else .Type+" "+.Name+" "+.ResourceRecords[].Value end'
A      mysite.com.              dualstack.mysite-lb-967522168.ap-southeast-1.elb.amazonaws.com.
A      mysite.com.              11.22.33.44
TXT    _amazonses.mysite.com.   6c6d761371f0480bbe60de0df275b550
A      test.mysite.com.         55.66.77.88
CNAME  www.mysite.com.          mysite.com
Enter fullscreen mode Exit fullscreen mode

SNS

List of SNS Topics

aws sns list-topics | jq -r '.Topics[] | .TopicArn'
arn:aws:sns:ap-southeast-1:987654321:backend-api-monitoring
arn:aws:sns:ap-southeast-1:987654321:dynamodb-count-check
arn:aws:sns:ap-southeast-1:987654321:partner-integration-check
arn:aws:sns:ap-southeast-1:987654321:autoscale-notifications
Enter fullscreen mode Exit fullscreen mode

List of SNS Topic and related Subscriptions

aws sns list-subscriptions | jq -r '.Subscriptions[] | .TopicArn+" "+.Protocol+" "+.Endpoint'
arn:aws:sns:ap-southeast-1:autoscale-notifications    lambda  arn:aws:lambda:function:autoscale-function
arn:aws:sns:ap-southeast-1:backend-api-monitoring     email   alert@mdminhazulhaque.io
arn:aws:sns:ap-southeast-1:dynamodb-count-check       email   alert@mdminhazulhaque.io
arn:aws:sns:ap-southeast-1:partner-integration-check  lambda  arn:aws:lambda:function:partner-function
arn:aws:sns:ap-southeast-1:autoscale-notifications    lambda  arn:aws:lambda:function:autoscale-function
Enter fullscreen mode Exit fullscreen mode

Publish to SNS Topic

aws sns publish --topic-arn arn:aws:sns:ap-southeast-1:987654321:backend-api-monitoring \
    --message "Panic!!!" \
    --subject "The API is down!!!"
Enter fullscreen mode Exit fullscreen mode

DynamoDB

List of DynamoDB Tables

aws dynamodb list-tables | jq -r .TableNames[]
userdata_hk
userdata_vn
userdata_sg
providers
events
Enter fullscreen mode Exit fullscreen mode

Get All Items from a Table

❗ This command will stream ALL items untill SIGINT is sent

aws dynamodb scan --table-name events 
Enter fullscreen mode Exit fullscreen mode

Get Item Count from a Table

aws dynamodb scan --table-name events --select COUNT | jq .ScannedCount
726119
Enter fullscreen mode Exit fullscreen mode

Get Item using Key

aws dynamodb get-item --table-name events --key '{"email": {"S": "admin@mdminhazulhaque.io"}}'
{
    "Item": {
        "email": {
            "S": "admin@mdminhazulhaque.io"
        },
        "created_at": {
            "N": "1554780667296"
        },
        "event_type": {
            "S": "DISPATCHED"
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

Get Specific Fields from an Item

aws dynamodb get-item --table-name events --key '{"email": {"S": "admin@mdminhazulhaque.io"}}' --attributes-to-get event_type
{
    "Item": {
        "event_type": {
            "S": "DISPATCHED"
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

Delete Item using Key

aws dynamodb delete-item --table-name events --key '{"email": {"S": "admin@mdminhazulhaque.io"}}'
Enter fullscreen mode Exit fullscreen mode

SQS

List Queues

aws sqs list-queues | jq -r '.QueueUrls[]'
https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo
https://ap-southeast-1.queue.amazonaws.com/987654321/user-signup
Enter fullscreen mode Exit fullscreen mode

Create Queue

aws sqs create-queue --queue-name public-events.fifo | jq -r .QueueUrl
https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo
Enter fullscreen mode Exit fullscreen mode

Count Messages in Queue

aws sqs get-queue-attributes --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo | jq -r '.Attributes | .QueueArn + " " + .ApproximateNumberOfMessages'
arn:aws:sqs:ap-southeast-1:987654321:events.fifo 42
Enter fullscreen mode Exit fullscreen mode

Send Message

aws sqs send-message --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo --message-body Hello
{
    "MD5OfMessageBody": "37b51d194a7513e45b56f6524f2d51f2",
    "MessageId": "4226398e-bab0-4bee-bf5a-8e7ae18c855a"
}
Enter fullscreen mode Exit fullscreen mode

Receive Message

aws sqs receive-message --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo | jq -r '.Messages[] | .Body'
Hello
Enter fullscreen mode Exit fullscreen mode

Delete Message

aws sqs delete-message --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo --receipt-handle "AQEBpqKLxNb8rIOn9ykSeCkKebNzn0BrEJ3Cg1RS6MwID2t1oYHCnMP06GnuVZGzt7kpWXZ5ieLQ=="
Enter fullscreen mode Exit fullscreen mode

Purge Queue

aws sqs purge-queue --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo
Enter fullscreen mode Exit fullscreen mode

Delete Queue

aws sqs delete-queue --queue-url https://ap-southeast-1.queue.amazonaws.com/987654321/public-events.fifo
Enter fullscreen mode Exit fullscreen mode

CloudFront

List of CloudFront Distributions and Origins

aws cloudfront list-distributions | jq -r '.DistributionList.Items[] | .DomainName+" "+.Origins.Items[0].DomainName'
d9d5bb1e3c281f.cloudfront.net  frontend-prod-hk.s3.amazonaws.com
d12b09e8a0a996.cloudfront.net  frontend-prod-vn.s3.amazonaws.com
db64e7e9b3cc22.cloudfront.net  frontend-prod-sg.s3.amazonaws.com
d5e3221cf8b921.cloudfront.net  cdn.mdminhazulhaque.io
Enter fullscreen mode Exit fullscreen mode

Create Cache Invalidation

aws cloudfront create-invalidation --distribution-id D12B09E8A0A996  --path /blog/\* /blog/assets/\* | jq -r '.Invalidation.Id'
IALJ5AL93ZD79
Enter fullscreen mode Exit fullscreen mode

Check Cache Invalidation Status

aws cloudfront get-invalidation --distribution-id D12B09E8A0A996 --id IALJ5AL93ZD79 | jq -r '.Invalidation.Status'
Completed
Enter fullscreen mode Exit fullscreen mode

Amplify

List of Amplify Apps and Source Repository

aws amplify list-apps | jq -r '.apps[] | .name+" "+.defaultDomain+" "+.repository'
fe-vn  d9d5bb1e3c281f.amplifyapp.com  https://bitbucket.org/aws/frontend-vn
fe-hk  db64e7e9b3cc22.amplifyapp.com  https://bitbucket.org/aws/frontend-hk
fe-sg  d5e3221cf8b921.amplifyapp.com  https://bitbucket.org/aws/frontend-sg
Enter fullscreen mode Exit fullscreen mode

Cognito

List of User Pool IDs and Names

aws cognito-idp list-user-pools --max-results 60 | jq -r '.UserPools[] | .Id+" "+.Name'
ap-southeast-1_b6da07d35 prod-users
ap-southeast-1_b6da07d34 dev-users
Enter fullscreen mode Exit fullscreen mode

List of Phone and Email of All Users

aws cognito-idp list-users --user-pool-id ap-southeast-1_b6da07d35 | jq -r '.Users[].Attributes | from_entries | .sub + " " + .phone_number + " " + .email'
585fb96e-525c-4f9b-9d41-865d2dffde9b +601122334455 admin@mdminhazulhaque.io
71f2778c-8e21-4775-94dc-e363c77d1ae1 +601122334455 foo@bar.com
8fc1882e-e661-49db-88e6-45d370bc352a +601122334455 cli@aws.com
Enter fullscreen mode Exit fullscreen mode

IAM User

List of UserId and UserName

aws iam list-users | jq -r '.Users[]|.UserId+" "+.UserName'
AIDAZBWIOJIQFOLNBXXCVSUQ kaiser
AIDAZCTWYVXYOKSHVWXPYPLR thornton
AIDAZUYALCGFQJENBCZFJTVX maldonado
AIDAZKQAFIGQJWOKKSKRBLGE key
AIDAZXUDGQVQCEWBFGIJOWWY nelson
Enter fullscreen mode Exit fullscreen mode

Get Single User

aws iam get-user --user-name kaiser
Enter fullscreen mode Exit fullscreen mode

Add User

aws iam create-user --user-name audit-temp
Enter fullscreen mode Exit fullscreen mode

Delete User

aws iam delete-user --user-name audit-temp
Enter fullscreen mode Exit fullscreen mode

List Access Keys for User

aws iam list-access-keys --user-name audit-temp | jq -r .AccessKeyMetadata[].AccessKeyId
AKIABWIOJIQFOLNBXXCVSUQ
AKIACTWYVXYOKSHVWXPYPLR
AKIAUYALCGFQJENBCZFJTVX
Enter fullscreen mode Exit fullscreen mode

Delete Access Key for User

aws iam delete-access-key --user-name audit-temp --access-key-id AKIABWIOJIQFOLNBXXCVSUQ
Enter fullscreen mode Exit fullscreen mode

Activate/Deactivate Access Key for User

aws iam update-access-key --status Inactive --user-name audit-temp --access-key-id AKIABWIOJIQFOLNBXXCVSUQ
aws iam update-access-key --status Active   --user-name audit-temp --access-key-id AKIABWIOJIQFOLNBXXCVSUQ
Enter fullscreen mode Exit fullscreen mode

Generate New Access Key for User

aws iam create-access-key --user-name audit-temp | jq -r '.AccessKey | .AccessKeyId+" "+.SecretAccessKey'
AKIABWIOJIQFOLNBXXCVSUQ p9ge02ebLX9jobdQKmfikRqCiEw3HBylwHyXq0z
Enter fullscreen mode Exit fullscreen mode

IAM Group

List Groups

aws iam list-groups | jq -r .Groups[].GroupName
developers
administrators
testers
marketing-ro
Enter fullscreen mode Exit fullscreen mode

Add/Delete Groups

aws iam create-group --group-name business-ro
aws iam delete-group --group-name business-ro
Enter fullscreen mode Exit fullscreen mode

List of Policies and ARNs

aws iam list-policies               | jq -r '.Policies[]|.PolicyName+" "+.Arn'
aws iam list-policies --scope AWS   | jq -r '.Policies[]|.PolicyName+" "+.Arn'
aws iam list-policies --scope Local | jq -r '.Policies[]|.PolicyName+" "+.Arn'
Enter fullscreen mode Exit fullscreen mode

List of User/Group/Roles for a Policy

aws iam list-entities-for-policy --policy-arn arn:aws:iam::987654321:policy/Marketing-ReadOnly
Enter fullscreen mode Exit fullscreen mode

List Policies for a Group

aws iam list-attached-group-policies --group-name business-ro
Enter fullscreen mode Exit fullscreen mode

Add Policy to a Group

aws iam attach-group-policy --group-name business-ro --policy-arn arn:aws:iam::aws:policy/DynamoDBReadOnlyAccess
Enter fullscreen mode Exit fullscreen mode

Add User to a Group

aws iam add-user-to-group --group-name business-ro --user-name marketing-michael
Enter fullscreen mode Exit fullscreen mode

Remove User from a Group

aws iam remove-user-from-group --group-name business-ro --user-name marketing-alice
Enter fullscreen mode Exit fullscreen mode

List Users in a Group

aws iam get-group --group-name business-ro
Enter fullscreen mode Exit fullscreen mode

List Groups for a User

aws iam list-groups-for-user --user-name qa-bob
Enter fullscreen mode Exit fullscreen mode

Attach/Detach Policy to a Group

aws iam detach-group-policy --group-name business-ro --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess
aws iam attach-group-policy --group-name business-ro --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess
Enter fullscreen mode Exit fullscreen mode

Feel free to star it, fork it or send pull request!

Discussion (0)