AWS CLI Cheatsheet
CLI Command Structure:
aws <command> <subcommand> [options and parameters]
aws <command> wait <subcommand> [options and parameters]
(supported by some commands)
Save output to a file using the >
command. For example: aws dynamodb scan --table-name MusicCollection > output.json
.
Tip: Use >>
to append to a file. Also useful - Load Parameters from a file
Set Up
Using long-term credentials with IAM user (Not recommended):
aws configure
Using short-term credentialswith IAM user:
aws configure aws configure set aws_session_token TOKEN # token generated from previous command
Using EC2 instance metadata:
aws configure set role_arn arn:aws:iam::123456789012:role/defaultrole aws configure set credential_source Ec2InstanceMetadata aws configure set region us-west-2 aws configure set output json
Using IAM role:
aws configure set role_arn arn:aws:iam::123456789012:role/defaultrole aws configure set source_profile default aws configure set role_session_name session_user1 aws configure set region us-west-2 aws configure set output json
Using IAM Identity Center user
aws configure sso
Credentials and config files
The config
and credentials
can set in various ways (in order of precedence):
- Command line options: Such as the
--region
,--output
, and--profile
parameters (complete list) - Environment variables: Such as
AWS_CONFIG_FILE
,AWS_SHARED_CREDENTIALS_FILE
,AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, andAWS_REGION
(complete list) - Assume role: Assume the permissions of an IAM role through configuration, web identity or the
aws sts assume-role
command. aws
folder in home directory,%UserProfile%
in Windows and$HOME
or~
in Unix (config file settings)
More details are at: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
AWS CLI Global Settings
Specifying parameters
Simple parameters like strings and numbers can be passed as: aws ec2 create-key-pair --key-name my-key-pair
where my-key-pair
is a parameter
Formats for some other types are:
Timestamps:
aws ec2 describe-spot-price-history --start-time 2014-10-13T19:00:00Z
. Accepatble formats are:YYYY-MM-DDThh:mm:ss.sssTZD (UTC)
YYYY-MM-DDThh:mm:ss.sssTZD (with offset)
YYYY-MM-DD
- Unix Epoch time
List:
aws ec2 describe-spot-price-history --instance-types m1.xlarge m1.medium
Boolean:
aws ec2 describe-spot-price-history --dry-run
Binary flag that turns an option on or off. For example, ec2 describe-spot-price-history has a Boolean –dry-run parameter that, when specified, validates the query with the service without actually running the query.Blob: Specify a path to a local file that contains the binary data using the
fileb://
prefix. This is treated as raw unencoded binary and the path is interpreted as being relative to the current working directory.aws kms encrypt \ --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ --plaintext fileb://ExamplePlaintextFile \ --output text \ --query CiphertextBlob | base64 \ --decode > ExampleEncryptedFile
Streaming blob: Some parameters do not use the
fileb://
prefix. These are re formatted using the direct file path.aws cloudsearchdomain upload-documents \ --endpoint-url https://doc-my-domain.us-west-1.cloudsearch.amazonaws.com \ --content-type application/json \ --documents document-batch.json
Map: A set of key-value pairs specified in JSON or by using the CLI’s shorthand syntax.
aws dynamodb get-item --table-name my-table --key '{"id": {"N":"1"}}'
Document: Document types are used to send data without needing to embed JSON inside strings. This allows for sending JSON data without needing to escape values.
Shorthand Syntax
AWS CLI also supports a shorthand syntax that enables a simpler representation of your option parameters than using the full JSON format. It makes it easier for users to input parameters that are flat (non-nested structures). The format is a comma-separated list of key-value pairs.
For example:
aws dynamodb update-table \
--provisioned-throughput ReadCapacityUnits=15,WriteCapacityUnits=10 \
--table-name MyDDBTable
This is equivalent to the following example formatted in JSON.
aws dynamodb update-table \
--provisioned-throughput '{"ReadCapacityUnits":15,"WriteCapacityUnits":10}' \
--table-name MyDDBTable
Shorthand | JSON |
---|---|
–option key1=value1,key2=value2,key3=value3 | –option ‘{“key1”:“value1”,“key2”:“value2”,“key3”:“value3”}β |
–option value1 value2 value3 | –option ‘[value1,value2,value3]β |
–option Key=My1stTag,Value=Value1 Key=My2ndTag,Value=Value2 Key=My3rdTag,Value=Value3 | –option β[{“Key”: “My1stTag”, “Value”: “Value1”}, {“Key”: “My2ndTag”, “Value”: “Value2”}, {“Key”: “My3rdTag”, “Value”: “Value3”}]β |
Load Parameters from a file
Use file://complete/path/to/file
to provide a file URL to the parameter. Example:
aws ec2 describe-instances --filters file://filter.json
AWS CLI skeletons and input files
- Most of the AWS CLI commands accept all parameter inputs from a file. These templates can be generated using the
generate-cli-skeleton
option. After generating a file, modify the parameter as per your requirement. - Most of the AWS Command Line Interface (AWS CLI) commands support the ability to accept all parameter inputs from a file using the
--cli-input-json
and--cli-input-yaml
parameters. Use ths parameter and point to the filled-in file from the previous step.
AWS CLI output format
The AWS CLI supports the following output formats:
- json: The output is formatted as a JSON.
- yaml: The output is formatted as a YAML.
- yaml-stream: The output is streamed and formatted as a YAML string. Streaming allows for faster handling of large data types.
- text: The output is formatted as multiple lines of tab-separated string values. The output can be passed to a text processor, like grep.
- table: The output is formatted as a table using the characters +|- to form the cell borders. This is more readable than other formats.
Pagination
Server-side pagination can be used with the help of following options:
- –no-paginate: Disables pagination (AWS CLI pagnates by default)
- –page-size: Change default page size
- –max-items: Change default maximum number of items in a page
- –starting-token: If total number of items is more than the items in a page (–max-items), then
NextToken
is also returned. This is passed as a parameter to –starting-token in the next CLI call to fetch the next page
aws s3api list-objects \
--bucket my-bucket \
--max-items 100 \
--starting-token eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAxfQ==
AWS CLI Global Options
--debug
--endpoint-url
: Change default URL used by the service--no-verify-ssl
--no-paginate
: Disable automatic pagination.--output
: json/text/table/yaml/yaml stream--query
: JMESPath query to filter the response--profile
--region
--version
--color
: on/off/auto--no-sign-request
: Do not sign requests. Credentials will not be loaded--ca-bundle
: The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.--cli-read-timeout
: The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.--cli-connect-timeout
: The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.--cli-binary-format
: The formatting style to be used for binary blobs.--no-cli-pager
--cli-auto-prompt
--no-cli-auto-prompt
Filtering the output
Server-side filtering
Server-side filtering in the AWS CLI is provided by the AWS service API. The parameter names and functions vary between services. Some common parameter names used for filtering are:
--filter
such as ses and ce.--filters
such as ec2, autoscaling, and rds.- Names starting with the word
filter
, for example-filter-expression
for theaws dynamodb scan
command.
Client-side filtering
The –query parameter takes the HTTP response that comes back from the server and filters the results before displaying them. Querying uses JMESPath syntax to create expressions for filtering the output.
For example, consider the command aws ec2 describe-volumes
returns the following output:
Output
{ "Volumes": [ { "AvailabilityZone": "us-west-2a", "Attachments": [ { "AttachTime": "2013-09-17T00:55:03.000Z", "InstanceId": "i-a071c394", "VolumeId": "vol-e11a5288", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], "VolumeType": "standard", "VolumeId": "vol-e11a5288", "State": "in-use", "SnapshotId": "snap-f23ec1c8", "CreateTime": "2013-09-17T00:55:03.000Z", "Size": 30 }, { "AvailabilityZone": "us-west-2a", "Attachments": [ { "AttachTime": "2013-09-18T20:26:16.000Z", "InstanceId": "i-4b41a37c", "VolumeId": "vol-2e410a47", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], "VolumeType": "standard", "VolumeId": "vol-2e410a47", "State": "in-use", "SnapshotId": "snap-708e8348", "CreateTime": "2013-09-18T20:26:15.000Z", "Size": 8 }, { "AvailabilityZone": "us-west-2a", "Attachments": [ { "AttachTime": "2020-11-20T19:54:06.000Z", "InstanceId": "i-1jd73kv8", "VolumeId": "vol-a1b3c7nd", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], "VolumeType": "standard", "VolumeId": "vol-a1b3c7nd", "State": "in-use", "SnapshotId": "snap-234087fb", "CreateTime": "2020-11-20T19:54:05.000Z", "Size": 15 } ] }
Different ways of filtering it are:
To return only the first two volumes
aws ec2 describe-volumes --query 'Volumes[0:2:1]'
[ { "AvailabilityZone": "us-west-2a", "Attachments": [ { "AttachTime": "2013-09-17T00:55:03.000Z", "InstanceId": "i-a071c394", "VolumeId": "vol-e11a5288", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], "VolumeType": "standard", "VolumeId": "vol-e11a5288", "State": "in-use", "SnapshotId": "snap-f23ec1c8", "CreateTime": "2013-09-17T00:55:03.000Z", "Size": 30 }, { "AvailabilityZone": "us-west-2a", "Attachments": [ { "AttachTime": "2013-09-18T20:26:16.000Z", "InstanceId": "i-4b41a37c", "VolumeId": "vol-2e410a47", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], "VolumeType": "standard", "VolumeId": "vol-2e410a47", "State": "in-use", "SnapshotId": "snap-708e8348", "CreateTime": "2013-09-18T20:26:15.000Z", "Size": 8 } ]
To shows all Attachments information for all volumes
aws ec2 describe-volumes --query 'Volumes[*].Attachments'
[ [ { "AttachTime": "2013-09-17T00:55:03.000Z", "InstanceId": "i-a071c394", "VolumeId": "vol-e11a5288", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], [ { "AttachTime": "2013-09-18T20:26:16.000Z", "InstanceId": "i-4b41a37c", "VolumeId": "vol-2e410a47", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ], [ { "AttachTime": "2020-11-20T19:54:06.000Z", "InstanceId": "i-1jd73kv8", "VolumeId": "vol-a1b3c7nd", "State": "attached", "DeleteOnTermination": true, "Device": "/dev/sda1" } ] ]
To list the State for all Volumes (also flatten the result)
aws ec2 describe-volumes --query 'Volumes[*]*.Attachments*[].State'
[ "attached", "attached", "attached" ]
Filter for the VolumeIds for all Volumes in an AttachedState
aws ec2 describe-volumes --query 'Volumes[*].Attachments[?State==attached].VolumeId'
[ "vol-e11a5288" ], [ "vol-2e410a47" ], [ "vol-a1b3c7nd" ]
To shows first InstanceId in all Attachments information for all volumes
aws ec2 describe-volumes --query 'Volumes[*].Attachments[].InstanceId | [0]'
"i-a071c394"
This pipes results of a filter to a new list, and then filter the result again
Filter VolumeId and VolumeType in the Volumes list
aws ec2 describe-volumes --query 'Volumes[].[VolumeId, VolumeType]'
[ [ "vol-e11a5288", "standard" ], [ "vol-2e410a47", "standard" ], [ "vol-a1b3c7nd", "standard" ] ]
To add more nesting, example:
aws ec2 describe-volumes --query 'Volumes[].[VolumeId, VolumeType, Attachments[].[InstanceId, State]]'
[ [ "vol-e11a5288", "standard", [ [ "i-a071c394", "attached" ] ] ], [ "vol-2e410a47", "standard", [ [ "i-4b41a37c", "attached" ] ] ], [ "vol-a1b3c7nd", "standard", [ [ "i-1jd73kv8", "attached" ] ] ] ]
Filter VolumeType and add label VolumeType for the VolumeType values
aws ec2 describe-volumes --query 'Volumes[].{VolumeType: VolumeType}'
[ { "VolumeType": "standard", }, { "VolumeType": "standard", }, { "VolumeType": "standard", } ]
Filter, add labels and sort the output by VolumeId
aws ec2 describe-volumes --query 'sort_by(Volumes, &VolumeId)[].{VolumeId: VolumeId, VolumeType: VolumeType, InstanceId: Attachments[0].InstanceId, State: Attachments[0].State}'
[ { "VolumeId": "vol-2e410a47", "VolumeType": "standard", "InstanceId": "i-4b41a37c", "State": "attached" }, { "VolumeId": "vol-a1b3c7nd", "VolumeType": "standard", "InstanceId": "i-1jd73kv8", "State": "attached" }, { "VolumeId": "vol-e11a5288", "VolumeType": "standard", "InstanceId": "i-a071c394", "State": "attached" } ]
Frequently Used CLI commands
DynamoDB
Get Item
aws dynamodb get-item \
--table-name MusicCollection \
--key file://key.json
Contents of key.json
:
{
"Artist": {"S": "Acme Band"},
"SongTitle": {"S": "Happy Day"}
}
- For strongly consistent reads, use
--consistent-read
Get specific attributes for an item
aws dynamodb get-item \
--table-name ProductCatalog \
--key '{"Id": {"N": "102"}}' \
--projection-expression "Description, RelatedItems[0], ProductReviews.FiveStar"
Batch Get Items
aws dynamodb batch-get-item \
--request-items file://request-items.json \
--return-consumed-capacity TOTAL
Contents of request-items.json
:
{
"MusicCollection": {
"Keys": [
{
"Artist": {"S": "No One You Know"},
"SongTitle": {"S": "Call Me Today"}
},
{
"Artist": {"S": "Acme Band"},
"SongTitle": {"S": "Happy Day"}
},
{
"Artist": {"S": "No One You Know"},
"SongTitle": {"S": "Scared of My Shadow"}
}
],
"ProjectionExpression":"AlbumTitle",
"ConsistentRead": true
}
}
- Gets maximum of 100 items, upto 16 MB of data
- Use
UnprocessedKeys
to get next page of results - For eventually consistent reads, set
ConsistentRead
as false or remove it
Put an item
aws dynamodb put-item \
--table-name MusicCollection \
--item file://item.json \
--return-consumed-capacity TOTAL \
--return-item-collection-metrics SIZE
Contents of item.json
:
{
"Artist": {"S": "No One You Know"},
"SongTitle": {"S": "Call Me Today"},
"AlbumTitle": {"S": "Greatest Hits"}
}
- Will replace an item, if it exists with same primary key
Batch write items
aws dynamodb batch-write-item \
--request-items file://request-items.json \
--return-consumed-capacity INDEXES \
--return-item-collection-metrics SIZE
Contents of request-items.json
:
{
"MusicCollection": [
{
"PutRequest": {
"Item": {
"Artist": {"S": "No One You Know"},
"SongTitle": {"S": "Call Me Today"},
"AlbumTitle": {"S": "Somewhat Famous"}
}
}
},
{
"DeleteRequest": {
"Key": {
"Artist": {"S": "No One You Know"},
"SongTitle": {"S": "Scared of My Shadow"}
}
}
}
]
}
- Will return maximum of 16MB of data, 400KB per item and up to 25 items per put and delete operation
PutRequest
will replace an existing item with same primary key
Create a backup
aws dynamodb create-backup \
--table-name MusicCollection \
--backup-name MusicCollectionBackup
Delete an item
aws dynamodb delete-item \
--table-name MusicCollection \
--key '{"Artist": {"S": "No One You Know"}, "SongTitle": {"S": "Scared of My Shadow"}}'\
--return-values ALL_OLD \
--return-consumed-capacity TOTAL \
--return-item-collection-metrics SIZE
Delete an item conditionally
aws dynamodb delete-item \
--table-name ProductCatalog \
--key '{"Id":{"N":"456"}}' \
--condition-expression "(ProductCategory IN (:cat1, :cat2)) and (#P between :lo and :hi)" \
--expression-attribute-names '{"#P": "Price"}' \
--expression-attribute-values file://values.json \
--return-values ALL_OLD
Contents of values.json
:
{
":cat1": {"S": "Sporting Goods"},
":cat2": {"S": "Gardening Supplies"},
":lo": {"N": "500"},
":hi": {"N": "600"}
}
View provisioned capacity limits
aws dynamodb describe-limits
Describe a table
aws dynamodb describe-table --table-name MusicCollection
Output:
{
"Table": {
"AttributeDefinitions": [
{
"AttributeName": "Artist",
"AttributeType": "S"
},
{
"AttributeName": "SongTitle",
"AttributeType": "S"
}
],
"ProvisionedThroughput": {
"NumberOfDecreasesToday": 0,
"WriteCapacityUnits": 5,
"ReadCapacityUnits": 5
},
"TableSizeBytes": 0,
"TableName": "MusicCollection",
"TableStatus": "ACTIVE",
"KeySchema": [
{
"KeyType": "HASH",
"AttributeName": "Artist"
},
{
"KeyType": "RANGE",
"AttributeName": "SongTitle"
}
],
"ItemCount": 0,
"CreationDateTime": 1421866952.062
}
}
List tables
aws dynamodb list-tables
List tags
aws dynamodb list-tags-of-resource \
--resource-arn arn:aws:dynamodb:us-west-2:123456789012:table/MusicCollection
Query
aws dynamodb query \
--table-name MusicCollection \
--projection-expression "SongTitle" \
--key-condition-expression "Artist = :v1" \
--expression-attribute-values '{":v1": {"S": "No One You Know"}"' \
--return-consumed-capacity TOTAL
- For strongly consistent reads, use
--consistent-read
- Use
--scan-index-forward
to sort in ascending order and--no-scan-index-forward
to sort in descendng order (sorted by sort key)
Query with filtering
aws dynamodb query \
--table-name MusicCollection \
--key-condition-expression "Artist = :v1" \
--filter-expression "NOT (AlbumTitle IN (:v2, :v3))" \
--expression-attribute-names file://names.json \
--return-consumed-capacity TOTAL
Contents of values.json
:
{
":v1": {"S": "No One You Know"},
":v2": {"S": "Blue Sky Blues"},
":v3": {"S": "Greatest Hits"}
}
Query and return item count
aws dynamodb query \
--table-name MusicCollection \
--select COUNT \
--key-condition-expression "Artist = :v1" \
--expression-attribute-values file://expression-attributes.json
Query an index
aws dynamodb query \
--table-name MusicCollection \
--index-name AlbumTitleIndex \
--key-condition-expression "Artist = :v1" \
--expression-attribute-values '{":v1": {"S": "No One You Know"}}' \
--select ALL_PROJECTED_ATTRIBUTES \
--return-consumed-capacity INDEXES
Scan a table
aws dynamodb scan \
--table-name MusicCollection \
--filter-expression "Artist = :a" \
--projection-expression "#ST, #AT" \
--expression-attribute-names file://expression-attribute-names.json \
--expression-attribute-values file://expression-attribute-values.json
Contents of expression-attribute-names.json
:
{
"#ST": "SongTitle",
"#AT":"AlbumTitle"
}
Contents of expression-attribute-values.json
:
{
":a": {"S": "No One You Know"}
}
Update an item
aws dynamodb update-item \
--table-name MusicCollection \
--key file://key.json \
--update-expression "SET #Y = :y, #AT = :t" \
--expression-attribute-names file://expression-attribute-names.json \
--expression-attribute-values file://expression-attribute-values.json \
--return-values ALL_NEW \
--return-consumed-capacity TOTAL \
--return-item-collection-metrics SIZE
Contents of key.json
:
{
"Artist": {"S": "Acme Band"},
"SongTitle": {"S": "Happy Day"}
}
Contents of expression-attribute-names.json
:
{
"#Y":"Year", "#AT":"AlbumTitle"
}
Update an item conditionally
aws dynamodb update-item \
--table-name MusicCollection \
--key file://key.json \
--update-expression "SET #Y = :y, #AT = :t" \
--expression-attribute-names file://expression-attribute-names.json \
--expression-attribute-values file://expression-attribute-values.json \
--condition-expression "attribute_not_exists(#Y)"
Contents of key.json
:
{
"Artist": {"S": "Acme Band"},
"SongTitle": {"S": "Happy Day"}
}
Contents of expression-attribute-names.json
:
{
"#Y":"Year",
"#AT":"AlbumTitle"
}
Contents of expression-attribute-values.json
:
{
":y":{"N": "2015"},
":t":{"S": "Louder Than Ever"}
}
Create a global secondary index
aws dynamodb update-table \
--table-name MusicCollection \
--attribute-definitions AttributeName=AlbumTitle,AttributeType=S \
--global-secondary-index-updates file://gsi-updates.json
Contents of gsi-updates.json
:
[
{
"Create": {
"IndexName": "AlbumTitle-index",
"KeySchema": [
{
"AttributeName": "AlbumTitle",
"KeyType": "HASH"
}
],
"ProvisionedThroughput": {
"ReadCapacityUnits": 10,
"WriteCapacityUnits": 10
},
"Projection": {
"ProjectionType": "ALL"
}
}
}
]
Lambda
Add a permission
aws lambda add-permission \
--function-name my-function \
--action lambda:InvokeFunction \
--statement-id sns \
--principal sns.amazonaws.com
Output:
{
"Statement":
{
"Sid":"sns",
"Effect":"Allow",
"Principal":{
"Service":"sns.amazonaws.com"
},
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:us-east-2:123456789012:function:my-function"
}
}
Create a function
aws lambda create-function \
--function-name my-function \
--runtime nodejs18.x \
--zip-file fileb://my-function.zip \
--handler my-function.handler \
--role arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-tges6bf4
Update function code
aws lambda update-function-code \
--function-name my-function \
--zip-file fileb://my-function.zip
Delete a function
aws lambda delete-function \
--function-name my-function
Get function information
aws lambda get-function \
--function-name my-function
Output:
{
"Concurrency": {
"ReservedConcurrentExecutions": 100
},
"Code": {
"RepositoryType": "S3",
"Location": "https://awslambda-us-west-2-tasks.s3.us-west-2.amazonaws.com/snapshots/123456789012/my-function..."
},
"Configuration": {
"TracingConfig": {
"Mode": "PassThrough"
},
"Version": "$LATEST",
"CodeSha256": "5tT2qgzYUHoqwR616pZ2dpkn/0J1FrzJmlKidWaaCgk=",
"FunctionName": "my-function",
"VpcConfig": {
"SubnetIds": [],
"VpcId": "",
"SecurityGroupIds": []
},
"MemorySize": 128,
"RevisionId": "28f0fb31-5c5c-43d3-8955-03e76c5c1075",
"CodeSize": 304,
"FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"Handler": "index.handler",
"Role": "arn:aws:iam::123456789012:role/service-role/helloWorldPython-role-uy3l9qyq",
"Timeout": 3,
"LastModified": "2019-09-24T18:20:35.054+0000",
"Runtime": "nodejs10.x",
"Description": ""
}
}
Get function configuration
aws lambda get-function-configuration \
--function-name my-function:2
Output:
{
"FunctionName": "my-function",
"LastModified": "2019-09-26T20:28:40.438+0000",
"RevisionId": "e52502d4-9320-4688-9cd6-152a6ab7490d",
"MemorySize": 256,
"Version": "2",
"Role": "arn:aws:iam::123456789012:role/service-role/my-function-role-uy3l9qyq",
"Timeout": 3,
"Runtime": "nodejs10.x",
"TracingConfig": {
"Mode": "PassThrough"
},
"CodeSha256": "5tT2qgzYUHaqwR716pZ2dpkn/0J1FrzJmlKidWoaCgk=",
"Description": "",
"VpcConfig": {
"SubnetIds": [],
"VpcId": "",
"SecurityGroupIds": []
},
"CodeSize": 304,
"FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function:2",
"Handler": "index.handler"
}
Update function configuration
aws lambda update-function-configuration \
--function-name my-function \
--memory-size 256
Invoke a function
aws lambda invoke \
--function-name my-function \
--cli-binary-format raw-in-base64-out \
--payload '{ "name": "Bob" }' \
response.json
Invoke a function
aws lambda invoke \
--function-name my-function \
--invocation-type Event \
--cli-binary-format raw-in-base64-out \
--payload '{ "name": "Bob" }' \
response.json
Get reserved concurrent execution limit
aws lambda get-function-concurrency \
--function-name my-function
Add reserved concurrent execution limit
aws lambda put-function-concurrency \
--function-name my-function \
--reserved-concurrent-executions 100
Remove reserved concurrent execution limit
aws lambda delete-function-concurrency \
--function-name my-function
Get provisioned concurrency configuration
aws lambda get-provisioned-concurrency-config \
--function-name my-function \
--qualifier BLUE
Add provisioned concurrency configuration
aws lambda put-provisioned-concurrency-config \
--function-name my-function \
--qualifier BLUE \
--provisioned-concurrent-executions 100
Delete provisioned concurrency configuration
aws lambda delete-provisioned-concurrency-config \
--function-name my-function \
--qualifier GREEN
Get Lambda limits and usage
aws lambda get-account-settings
Output:
{
"AccountLimit": {
"CodeSizeUnzipped": 262144000,
"UnreservedConcurrentExecutions": 1000,
"ConcurrentExecutions": 1000,
"CodeSizeZipped": 52428800,
"TotalCodeSize": 80530636800
},
"AccountUsage": {
"FunctionCount": 4,
"TotalCodeSize": 9426
}
}
Get policy attached to function
aws lambda get-policy \
--function-name my-function
List functions
aws lambda list-functions
List layers compatible with a runtme
aws lambda list-layers \
--compatible-runtime python3.11
List tags
aws lambda list-tags \
--resource arn:aws:lambda:us-west-2:123456789012:function:my-function
List versions of a function
aws lambda list-versions-by-function \
--function-name my-function
S3
Create a multipart upload
aws s3api create-multipart-upload --bucket my-bucket --key 'multipart/01'
Output:
{
"Bucket": "my-bucket",
"UploadId": "dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R",
"Key": "multipart/01"
}
List active multipart uploads
aws s3api list-multipart-uploads --bucket my-bucket
List parts that have uploaded
aws s3api list-parts --bucket my-bucket --key 'multipart/01' --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R
Upload a part
aws s3api upload-part \
--bucket my-bucket \
--key 'multipart/01' \
--part-number 1 \
--body part01 \
--upload-id "dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R"
Complete a multipart upload
aws s3api complete-multipart-upload \
--multipart-upload file://mpustruct \
--bucket my-bucket --key 'multipart/01' \
--upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R
Abort a multipart upload
aws s3api abort-multipart-upload \
--bucket my-bucket \
--key multipart/01 \
--upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R
Copy an object from bucket-1 to bucket-2
aws s3api copy-object --copy-source bucket-1/test.txt --key test.txt --bucket bucket-2
Copy a file from S3 to S3
aws s3 cp s3://mybucket/test.txt s3://mybucket/test2.txt
Copy a local file to S3
aws s3 cp test.txt s3://mybucket/test2.txt
- To add an expiry, use
--expires
with timestamp. For ex:--expires 2014-10-01T20:30:00Z
Copy an S3 object to a local file
aws s3 cp s3://mybucket/test.txt test2.txt
Copy an S3 object from one bucket to another
aws s3 cp s3://mybucket/test.txt s3://mybucket2/
Upload to an access point
aws s3 cp mydoc.txt s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/mykey
Download from an access point
aws s3 cp s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/mykey mydoc.txt
Recursively copy S3 objects to a local directory
aws s3 cp s3://mybucket . --recursive
Recursively copy local files to S3
aws s3 cp myDir s3://mybucket/ \
--recursive \
--exclude "*.jpg"
- Combine
--exclude
and--include
options to copy only objects that match a pattern, excluding all others. --recursive
to recursively include all files under a folder/key/prefix--acl
acceptable values areprivate
,public-read
,public-read-write
,authenticated-read
,aws-exec-read
,bucket-owner-read
,bucket-owner-full-control
andlog-delivery-write
Move a local file to bucket
aws s3 mv test.txt s3://mybucket/test2.txt
- To move wih original name, use:
aws s3 mv s3://mybucket/test.txt s3://mybucket2/
Move an object to local folder
aws s3 mv s3://mybucket/test.txt test2.txt
Move an object to another bucket
aws s3 mv s3://mybucket/test.txt s3://mybucket/test2.txt
Move file to an acess point
aws s3 ls s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/
Move all objects in a bucket to local folder
aws s3 mv s3://mybucket . --recursive
- Combine
--exclude
and--include
options to copy only objects that match a pattern, excluding all others. --recursive
to recursively include all files under a folder/key/prefix--acl
acceptable values areprivate
,public-read
,public-read-write
,authenticated-read
,aws-exec-read
,bucket-owner-read
,bucket-owner-full-control
andlog-delivery-write
Grant permissions for an S3 object
aws s3 cp file.txt s3://mybucket/ \
--grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=id=79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be
Delete an object
aws s3api delete-object --bucket my-bucket --key test.txt
Delete object
aws s3api delete-objects --bucket my-bucket --delete file://delete.json
Contents of delete.json
:
{
"Objects": [
{
"Key": "test1.txt"
}
],
"Quiet": false
}
Get object ACL
aws s3api get-object-acl --bucket my-bucket --key index.html
Get object metadata without object
aws s3api head-object --bucket my-bucket --key index.html
Output:
{
"AcceptRanges": "bytes",
"ContentType": "text/html",
"LastModified": "Thu, 16 Apr 2015 18:19:14 GMT",
"ContentLength": 77,
"VersionId": "null",
"ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
"Metadata": {}
}
Get object attributes without object
aws s3api get-object-attributes \
--bucket my-bucket \
--key doc1.rtf \
--object-attributes "StorageClass" "ETag" "ObjectSize"
Download a S3 object
aws s3api get-object --bucket text-content --key dir/my_images.tar.bz2 my_images.tar.bz2
Upload a S3 object
aws s3api put-object --bucket text-content --key dir-1/my_images.tar.bz2 --body my_images.tar.bz2
List objects
aws s3api list-objects --bucket text-content --query 'Contents[].{Key: Key, Size: Size}'
List object versions
aws s3api list-object-versions --bucket my-bucket --prefix index.html
List objects from access point
aws s3 ls s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/
Delete an object
aws s3 rm s3://mybucket/test2.txt
Delete all objects in a bucket
aws s3 rm s3://mybucket --recursive
Delete an object from an access point
aws s3 rm s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/mykey
- Combine
--exclude
and--include
options to copy only objects that match a pattern, excluding all others. --recursive
to recursively include all files under a folder/key/prefix--acl
acceptable values areprivate
,public-read
,public-read-write
,authenticated-read
,aws-exec-read
,bucket-owner-read
,bucket-owner-full-control
andlog-delivery-write
Filter the contents of an object based on an SQL statement
aws s3api select-object-content \
--bucket my-bucket \
--key my-data-file.csv \
--expression "select * from s3object limit 100" \
--expression-type 'SQL' \
--input-serialization '{"CSV": {}, "CompressionType": "NONE"}' \
--output-serialization '{"CSV": {}}' "output.csv" \
--request-progress
- Support object formats are CSV, JSON and Parquet
- GZIP or BZIP2 compressed CSV and JSON files are supported. Columnar compression for Parquet using GZIP or Snappy is supported.
- Files should have UTF-8 encoding
Sync all local objects to the specified bucket
aws s3 sync . s3://mybucket
- Use
--delete
to delete file in bucket that does not exist in local folder
Sync all S3 objects from one bucket to another bucket
aws s3 sync s3://mybucket s3://mybucket2
Sync all objects from a bucket to the local directory
aws s3 sync s3://mybucket .
Sync to an S3 access point
aws s3 sync . s3://arn:aws:s3:us-west-2:123456789012:accesspoint/myaccesspoint/
- Combine
--exclude
and--include
options to copy only objects that match a pattern, excluding all others.
Create a bucket
aws s3 mb s3://mybucket
Verify if bucket exists and access to it
aws s3api get-object --bucket text-content --key dir/my_images.tar.bz2 my_images.tar.bz2
List buckets
aws s3api list-buckets --query "Buckets[].Name"
List all buckets owned by user
aws s3 ls
List all prefixes and objects in a bucket
aws s3 ls s3://mybucket \
--recursive \
--human-readable \
--summarize
Get bucket ACL
aws s3api get-bucket-acl --bucket my-bucket
Add permission to a bucket using ACL
aws s3api put-bucket-acl \
--bucket MyBucket \
--grant-full-control emailaddress=user1@example.com,emailaddress=user2@example.com \
--grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
Add permission to a bucket using ACL
aws s3api put-object-acl \
--bucket MyBucket \
--key file.txt \
--grant-full-control emailaddress=user1@example.com,emailaddress=user2@example.com \
--grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
Set the block public access configuration
aws s3api put-public-access-block \
--bucket my-bucket \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
Delete a bucket
aws s3 rb s3://mybucket
--force
will remove all object and then delete the bucket
SQS
Delete a message
aws sqs delete-message --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --receipt-handle AQEBRXTo...q2doVA==
Get Queue attributes
aws sqs get-queue-attributes --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --attribute-names All
Output:
{
"Attributes": {
"ApproximateNumberOfMessagesNotVisible": "0",
"RedrivePolicy": "{\"deadLetterTargetArn\":\"arn:aws:sqs:us-east-1:80398EXAMPLE:MyDeadLetterQueue\",\"maxReceiveCount\":1000}",
"MessageRetentionPeriod": "345600",
"ApproximateNumberOfMessagesDelayed": "0",
"MaximumMessageSize": "262144",
"CreatedTimestamp": "1442426968",
"ApproximateNumberOfMessages": "0",
"ReceiveMessageWaitTimeSeconds": "0",
"DelaySeconds": "0",
"VisibilityTimeout": "30",
"LastModifiedTimestamp": "1442426968",
"QueueArn": "arn:aws:sqs:us-east-1:80398EXAMPLE:MyNewQueue"
}
}
Get queue URL
aws sqs get-queue-url --queue-name MyQueue
List souce queues of a dead letter queue
aws sqs list-dead-letter-source-queues --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyDeadLetterQueue
List all queues
aws sqs list-queues
- Use
--queue-name-prefix
to filter by a name starting with a specific value
Delete all messages in a queue
aws sqs purge-queue --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyNewQueue
Send a message
aws sqs send-message \
--queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue \
--message-body "Information about the largest city in Any Region."
--delay-seconds 10
--message-attributes file://send-message.json
Contents of send-message.json
:
{
"City": {
"DataType": "String",
"StringValue": "Any City"
},
"Greeting": {
"DataType": "Binary",
"BinaryValue": "Hello, World!"
},
"Population": {
"DataType": "Number",
"StringValue": "1250800"
}
}
Send multiple messages
aws sqs send-message-batch \
--queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue
--entries file://send-message-batch.json
Contents of send-message-batch.json
[
{
"Id": "FuelReport-0001-2015-09-16T140731Z",
"MessageBody": "Fuel report for account 0001 on 2015-09-16 at 02:07:31 PM.",
"DelaySeconds": 10,
"MessageAttributes": {
"SellerName": {
"DataType": "String",
"StringValue": "Example Store"
},
"City": {
"DataType": "String",
"StringValue": "Any City"
},
"Region": {
"DataType": "String",
"StringValue": "WA"
},
"PostalCode": {
"DataType": "String",
"StringValue": "99065"
},
"PricePerGallon": {
"DataType": "Number",
"StringValue": "1.99"
}
}
},
{
"Id": "FuelReport-0002-2015-09-16T140930Z",
"MessageBody": "Fuel report for account 0002 on 2015-09-16 at 02:09:30 PM.",
"DelaySeconds": 10,
"MessageAttributes": {
"SellerName": {
"DataType": "String",
"StringValue": "Example Fuels"
},
"City": {
"DataType": "String",
"StringValue": "North Town"
},
"Region": {
"DataType": "String",
"StringValue": "WA"
},
"PostalCode": {
"DataType": "String",
"StringValue": "99123"
},
"PricePerGallon": {
"DataType": "Number",
"StringValue": "1.87"
}
}
}
]
Start message move task - redrive a DLQ
aws sqs start-message-move-task \
--source-arn arn:aws:sqs:us-west-2:80398EXAMPLE:MyQueue1 \
--destination-arn arn:aws:sqs:us-west-2:80398EXAMPLE:MyQueue2 \
--max-number-of-messages-per-second 50
- Redrive messages from DLQ to the source queue (cannot redrive DLQs of lambda, SNS, etc, only a queue)
- Only standard queues support redrive. FIFO queues donβt support redrive
- Only one active message movement task is supported per queue at any given time
List message move tasks
aws sqs list-message-move-tasks \
--source-arn arn:aws:sqs:us-west-2:80398EXAMPLE:MyQueue \
--max-results 2
Cancel message move tasks
aws sqs cancel-message-move-task --task-handle AQEB6nR4...HzlvZQ==
Api Gateway
Get API Gateway account settings
aws apigateway get-account
Output:
{
"cloudwatchRoleArn": "arn:aws:iam::123412341234:role/APIGatewayToCloudWatchLogsRole",
"throttleSettings": {
"rateLimit": 500.0,
"burstLimit": 1000
}
}
List REST APIs
aws apigateway get-rest-apis
Test invoke the root resource in an API by making a GET request
aws apigateway test-invoke-method --rest-api-id 1234123412 --resource-id avl5sg8fw8 --http-method GET --path-with-query-string '/'
Test invoke a sub-resource in an API by making a GET request with a path parameter value
aws apigateway test-invoke-method --rest-api-id 1234123412 --resource-id 3gapai --http-method GET --path-with-query-string '/pets/1'
Send data to a WebSocket connection
aws apigatewaymanagementapi post-to-connection \
--connection-id L0SM9cOFvHcCIhw= \
--data "Hello from API Gateway!" \
--endpoint-url https://aabbccddee.execute-api.us-west-2.amazonaws.com/prod
Get information about a WebSocket connection
aws apigatewaymanagementapi get-connection \
--connection-id L0SM9cOFvHcCIhw= \
--endpoint-url https://aabbccddee.execute-api.us-west-2.amazonaws.com/prod
Delete a WebSocket connection
aws apigatewaymanagementapi delete-connection \
--connection-id L0SM9cOFvHcCIhw= \
--endpoint-url https://aabbccddee.execute-api.us-west-2.amazonaws.com/prod
RDS
Describe account attributes
aws rds describe-account-attributes
Execute a batch SQL statement over an array of parameters
aws rds-data batch-execute-statement \
--resource-arn "arn:aws:rds:us-west-2:123456789012:cluster:mydbcluster" \
--database "mydb" \
--secret-arn "arn:aws:secretsmanager:us-west-2:123456789012:secret:mysecret" \
--sql "insert into mytable values (:id, :val)" \
--parameter-sets "[[{\"name\": \"id\", \"value\": {\"longValue\": 1}},{\"name\": \"val\", \"value\": {\"stringValue\": \"ValueOne\"}}],
[{\"name\": \"id\", \"value\": {\"longValue\": 2}},{\"name\": \"val\", \"value\": {\"stringValue\": \"ValueTwo\"}}],
[{\"name\": \"id\", \"value\": {\"longValue\": 3}},{\"name\": \"val\", \"value\": {\"stringValue\": \"ValueThree\"}}]]"
Begin a transaction
aws rds-data begin-transaction \
--resource-arn "arn:aws:rds:us-west-2:123456789012:cluster:mydbcluster" \
--database "mydb" \
--secret-arn "arn:aws:secretsmanager:us-west-2:123456789012:secret:mysecret"
Output:
{
"transactionId": "ABC1234567890xyz"
}
Commit a SQL transaction
aws rds-data commit-transaction \
--resource-arn "arn:aws:rds:us-west-2:123456789012:cluster:mydbcluster" \
--secret-arn "arn:aws:secretsmanager:us-west-2:123456789012:secret:mysecret" \
--transaction-id "ABC1234567890xyz"
Execute a SQL statement that is part of a transaction
aws rds-data execute-statement \
--resource-arn "arn:aws:rds:us-west-2:123456789012:cluster:mydbcluster" \
--database "mydb" \
--secret-arn "arn:aws:secretsmanager:us-west-2:123456789012:secret:mysecret" \
--sql "update mytable set quantity=5 where id=201" \
--transaction-id "ABC1234567890xyz"
Execute a SQL statement with parameters
aws rds-data execute-statement \
--resource-arn "arn:aws:rds:us-east-1:123456789012:cluster:mydbcluster" \
--database "mydb" \
--secret-arn "arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret" \
--sql "insert into mytable values (:id, :val)" \
--parameters "[{\"name\": \"id\", \"value\": {\"longValue\": 1}},{\"name\": \"val\", \"value\": {\"stringValue\": \"value1\"}}]"
Roll back a SQL transaction
aws rds-data rollback-transaction \
--resource-arn "arn:aws:rds:us-west-2:123456789012:cluster:mydbcluster" \
--secret-arn "arn:aws:secretsmanager:us-west-2:123456789012:secret:mysecret" \
--transaction-id "ABC1234567890xyz"