AWS CLI

Interact with AWS services using the aws CLI.

When to Use

Use this skill when asked to:

List or inspect AWS resources (S3, EC2, RDS, IAM, CloudWatch)
Download or upload objects in S3
Review logs or metrics from CloudWatch
Create or update AWS resources
Check account identity or permissions

Authentication

Confirm which account and role you are using:

aws sts get-caller-identity

Profiles and SSO:

    aws configure list
aws configure sso

Access keys can be provided via environment variables. Store secrets in 1Password and map them in client_info.yaml:

    secrets:
  AWS_ACCESS_KEY_ID: "Client AWS/access_key_id"
  AWS_SECRET_ACCESS_KEY: "Client AWS/secret_access_key"
  AWS_SESSION_TOKEN: "Client AWS/session_token"
  AWS_DEFAULT_REGION: "Client AWS/region"

  

Then use the environment when running commands:

    aws sts get-caller-identity --region "$AWS_DEFAULT_REGION"

  

Use AWS_PROFILE to select a profile:

    AWS_PROFILE=prod aws s3 ls

  

Reading Data

Command	Purpose
`aws sts get-caller-identity`	Confirm current identity
`aws s3 ls`	List S3 buckets
`aws s3 ls s3://bucket/prefix/`	List objects in a bucket
`aws ec2 describe-instances`	List EC2 instances
`aws rds describe-db-instances`	List RDS instances
`aws iam list-roles`	List IAM roles
`aws logs describe-log-groups`	List CloudWatch log groups
`aws logs tail /aws/lambda/name --since 1h`	Tail log stream
`aws cloudwatch list-metrics`	List CloudWatch metrics

Creating/Updating

Command	Purpose
`aws s3 cp local.txt s3://bucket/path/`	Upload an object
`aws s3 cp s3://bucket/path/ local.txt`	Download an object
`aws s3 sync ./dir s3://bucket/prefix/`	Sync a directory
`aws ec2 start-instances --instance-ids i-123`	Start instances
`aws ec2 stop-instances --instance-ids i-123`	Stop instances
`aws rds modify-db-instance --db-instance-identifier id --apply-immediately`	Modify RDS instance
`aws iam create-role --role-name name --assume-role-policy-document file://policy.json`	Create IAM role
`aws cloudwatch put-metric-alarm --alarm-name name ...`	Create or update alarm
`aws ssm put-parameter --name /path/key --value value --type SecureString`	Write SSM parameter

Common Tasks

List Buckets and Objects

    aws s3 ls
aws s3 ls s3://bucket/prefix/

Download and Upload Objects

    aws s3 cp s3://bucket/path/report.csv ./report.csv
aws s3 cp ./report.csv s3://bucket/path/report.csv

Tail Logs

    aws logs tail /aws/lambda/name --since 2h --follow

  

Filter Output with JMESPath

    aws ec2 describe-instances --query "Reservations[].Instances[].InstanceId" --output text
aws rds describe-db-instances --query "DBInstances[].{id:DBInstanceIdentifier,engine:Engine}" --output table

Output Formats

Most commands support --output json, --output table, or --output text.

    aws s3 ls --output json
aws ec2 describe-instances --output table