AWS CLI Cheat Sheet 2026 — Quick Command Reference

AWS CLI Cheat Sheet is the complete quick-reference of AWS CLI commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

Command Sections

Pick a section — each is a focused, verified cheat sheet:

IAM & Authentication (12 commands)
EC2 & Compute (8 commands)
S3 & Storage (12 commands)
Lambda & Serverless (7 commands)
EKS & Kubernetes (7 commands)
ECR & Containers (8 commands)
CloudFormation (7 commands)
Databases (RDS & DynamoDB) (12 commands)
Logs & Monitoring (12 commands)

Cross-Cloud Equivalents (AWS · Azure · GCP)

Translate the same task between the three major clouds. Searchable with the filter above.

Action	AWS CLI	Azure CLI	gcloud
List compute instances	`aws ec2 describe-instances`	`az vm list`	`gcloud compute instances list`
Create a storage bucket/container	`aws s3 mb s3://my-bucket`	`az storage container create --account-name mystorageaccount --name mycontainer`	`gcloud storage buckets create gs://my-bucket`
List IAM users	`aws iam list-users`	`az ad user list`	`gcloud iam service-accounts list`
Get cluster credentials	`aws eks update-kubeconfig --name my-cluster`	`az aks get-credentials --resource-group my-rg --name my-cluster`	`gcloud container clusters get-credentials my-cluster --zone my-zone`
View logs	`aws logs describe-log-groups`	`az monitor activity-log list --max-items 10`	`gcloud logging logs list`
Delete a resource group/stack	`aws cloudformation delete-stack --stack-name my-stack`	`az group delete --name my-rg --yes --no-wait`	`gcloud deployment-manager deployments delete my-deployment`
List storage buckets	`aws s3 ls`	`az storage container list --account-name mystorageaccount`	`gsutil ls`
Create a VM instance	`aws ec2 run-instances --image-id ami-0abcdef1234567890 --instance-type t2.micro --key-name my-key`	`az vm create --resource-group my-rg --name my-vm --image Ubuntu2204 --admin-username azureuser --generate-ssh-keys`	`gcloud compute instances create my-vm --zone us-central1-a --image-family debian-11 --image-project debian-cloud`
List virtual networks	`aws ec2 describe-vpcs`	`az network vnet list`	`gcloud compute networks list`
Create a firewall rule	`aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 80 --cidr 0.0.0.0/0`	`az network nsg rule create --resource-group my-rg --nsg-name my-nsg --name allow-http --priority 100 --protocol Tcp --destination-port-ranges 80`	`gcloud compute firewall-rules create my-firewall-rule --allow tcp:80 --source-ranges 0.0.0.0/0`

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action	Command	Warning
⚠️ Ec2 delete-volume	`aws ec2 delete-volume --volume-id <volume_id>`	Irreversible — verify the target before running
⚠️ Eks delete-cluster	`aws eks delete-cluster --name <cluster_name>`	Irreversible — verify the target before running
⚠️ Ecr batch-delete-image	`aws ecr batch-delete-image --repository-name <repository> --image-ids imageTag=<latest>`	Irreversible — verify the target before running
⚠️ Ecr delete-repository	`aws ecr delete-repository --repository-name <repository> --force`	Irreversible — verify the target before running
⚠️ Cloudformation delete-stack	`aws cloudformation delete-stack --stack-name <stack-name> --profile <profile>`	Irreversible — verify the target before running
⚠️ Rds delete-db-instance	`aws rds delete-db-instance --db-instance-identifier <instance_identifier> --final-db-snapshot-identifier <snapshot_identifier> --delete-automated-backups`	Irreversible — verify the target before running
⚠️ Cloudwatch delete-alarms	`aws cloudwatch delete-alarms --alarm-names <alarm_names>`	Irreversible — verify the target before running
⚠️ Cloudwatch delete-dashboards	`aws cloudwatch delete-dashboards --dashboard-names <dashboard_names>`	Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between IAM & Authentication and EC2 & Compute?

Each group in this AWS CLI cheat sheet covers a distinct area. IAM & Authentication focuses on its specific scope, while EC2 & Compute and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed AWS CLI version?

Run the version command (usually aws version or aws --version). The output shows the client and, when applicable, the server version.

Why does AWS CLI return ‘permission denied’?

A ‘permission denied’ error in AWS CLI usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter AWS CLI output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON:

aws list | grep RUNNING

What is the fastest way to debug a AWS CLI error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories:

raw.githubusercontent.com