liminfo

AWS Reference

Free reference guide: AWS Reference

40 results

About AWS Reference

The AWS CLI Reference is a practical, searchable command guide covering the eight most critical AWS service areas used in day-to-day cloud operations. From spinning up EC2 instances with run-instances to configuring security groups and key pairs, to managing S3 buckets with cp, sync, presign, and bucket policies — every command is shown with a complete, real-world bash example including the most commonly needed flags. This reference serves backend engineers, DevOps engineers, and cloud architects who need quick access to exact CLI syntax without digging through AWS documentation.

The Lambda section covers the full deployment lifecycle: creating functions with create-function, invoking them with test payloads, updating environment variables, publishing Lambda Layers, and wiring up event source mappings for SQS or DynamoDB triggers. The RDS section spans instance creation (including Aurora clusters), snapshot management, read replica setup, and parameter group configuration. IAM commands cover user and role creation, policy attachment (including STS assume-role for cross-account access), and the policy document JSON structure itself.

Networking and infrastructure automation are covered with VPC commands (create-vpc, create-subnet, IGW, NAT gateway, and route table configuration) and CloudFormation commands for creating, updating, and deleting stacks with YAML templates. The CLI utilities section addresses aws configure profile setup, sts get-caller-identity for verifying credentials, JMESPath --query filtering, and CloudWatch Logs tailing with logs tail --follow. All categories are filterable so you can jump directly to the service area you need.

Key Features

  • EC2 commands: run-instances, describe-instances, stop/start, security group creation, and key pair management
  • S3 commands: bucket creation (mb), file upload/download (cp), directory sync, bucket policies, and presigned URLs
  • Lambda commands: create-function, invoke, update environment variables, publish layers, and event source mappings
  • RDS commands: create DB instance, create Aurora cluster, snapshots, read replicas, and parameter groups
  • IAM commands: create-user, create-role, attach-policy, sts assume-role, and IAM policy JSON structure
  • VPC commands: create-vpc, create-subnet, internet gateway, NAT gateway, and route table configuration
  • CloudFormation commands: create-stack, update-stack, delete-stack with YAML template examples and Outputs
  • CLI utilities: aws configure profiles, sts get-caller-identity, --query JMESPath filtering, CloudWatch log tailing

Frequently Asked Questions

How do I configure AWS CLI profiles for multiple accounts?

Use aws configure --profile <profile-name> to set up named profiles. Each profile stores its own access key, secret key, region, and output format in ~/.aws/credentials and ~/.aws/config. Switch between profiles using the --profile flag: aws s3 ls --profile production. You can also set the AWS_PROFILE environment variable to avoid typing the flag every time.

How do I filter AWS CLI output with --query?

The --query flag uses JMESPath syntax to filter JSON output. For example, aws ec2 describe-instances --query "Reservations[].Instances[].[InstanceId,PublicIpAddress]" returns only instance IDs and IPs. Combine with --output table or --output text for easier reading. Use --output json with jq for complex transformations.

How do I create a presigned S3 URL for temporary file access?

Use aws s3 presign s3://bucket/file.pdf --expires-in 3600 to generate a URL valid for 3600 seconds (1 hour). The URL grants temporary read access without requiring AWS credentials. The default expiration is 3600 seconds; the maximum is 604800 seconds (7 days) when using SigV4.

What is sts assume-role used for in AWS?

aws sts assume-role lets you temporarily assume an IAM role and get short-lived credentials (access key, secret key, session token). This is used for cross-account access, granting elevated permissions to CI/CD pipelines, and enforcing least-privilege access. The returned credentials can be exported as environment variables and used with any AWS CLI command.

How do I deploy a Lambda function using the AWS CLI?

First, zip your code: zip function.zip index.js. Then run aws lambda create-function with --function-name, --runtime (e.g., nodejs20.x), --handler (e.g., index.handler), --role (IAM role ARN with lambda.amazonaws.com trust policy), and --zip-file fileb://function.zip. For updates, use aws lambda update-function-code --function-name my-func --zip-file fileb://function.zip.

How do I set up a VPC with public and private subnets using AWS CLI?

The steps are: (1) aws ec2 create-vpc --cidr-block 10.0.0.0/16, (2) create public and private subnets in different AZs, (3) create an Internet Gateway and attach it to the VPC for the public subnet, (4) create a NAT Gateway in the public subnet for private subnet internet access, (5) create route tables and add routes (0.0.0.0/0 to IGW for public, to NAT for private), (6) associate subnets with their route tables.

How does CloudFormation differ from running AWS CLI commands directly?

CloudFormation manages infrastructure as code using declarative YAML or JSON templates. Unlike imperative CLI commands, CloudFormation tracks state, handles dependency ordering, supports rollback on failure, and lets you update stacks safely with change sets. The same template can be reused to create identical environments (dev/staging/prod). Use CLI commands for quick one-off tasks; use CloudFormation for repeatable, version-controlled infrastructure.

How do I view real-time CloudWatch logs with the AWS CLI?

Use aws logs tail <log-group-name> --follow to stream logs in real time, similar to tail -f. For Lambda functions, the log group is typically /aws/lambda/<function-name>. You can filter by pattern with --filter-pattern "ERROR" and limit the time range with --since 1h. First use aws logs describe-log-groups to find available log group names.