Snippets
AWS CLI logo

AWS CLI

Production-ready AWS CLI one-liners and patterns I use day to day. Copy, replace the placeholders, ship.

10

Assume an IAM Role from the AWS CLI

Use aws sts assume-role to swap into a cross-account IAM role and export temporary credentials into your shell session.

aws-cliiamsts+2
INTERMEDIATEMay 30, 2026

aws ecr get-login-password: Docker Login to ECR

Use aws ecr get-login-password piped to docker login to authenticate with a private Amazon ECR registry. Cross-region included.

aws-cliecrdocker+2
BEGINNERJun 7, 2026

Debug Which AWS Identity You Are Using

Use aws sts get-caller-identity to see which AWS account, IAM user, and role your CLI is currently authenticated as.

aws-cliiamsts+2
BEGINNERApr 20, 2026

Fetch and Parse a Secret from AWS Secrets Manager

Use aws secretsmanager get-secret-value with jq to fetch a JSON secret and pipe individual fields into shell variables.

aws-clisecrets-managerjq+2
BEGINNERMay 20, 2026

Fetch Monthly AWS Spend by Service from the CLI

Use aws ce get-cost-and-usage to pull a monthly cost breakdown grouped by service. Cleaner than navigating Cost Explorer in the console.

aws-clicost-explorerbilling+2
INTERMEDIATEJun 23, 2026

Generate a Presigned URL for an S3 Object

Use aws s3 presign to generate a time-limited download URL for a private S3 object. Share files without making the bucket public.

aws-clis3presigned-url+2
BEGINNERApr 28, 2026

Invoke a Lambda Synchronously and Read the Response

Use aws lambda invoke with a payload, decode base64 logs, and pretty-print the response with jq. Full debug loop in one command.

aws-clilambdainvoke+2
BEGINNERJun 15, 2026

List Running EC2 Instances as a Clean Table

Use aws ec2 describe-instances with a JMESPath query to print every running instance with ID, IP, instance type, and Name tag.

aws-cliec2describe-instances+2
BEGINNERJun 25, 2026

Sync a Folder to S3 with Include and Exclude Filters

Use aws s3 sync with --exclude, --include, --dryrun, and --delete to deploy a directory to an S3 bucket safely.

aws-clis3sync+2
BEGINNERApr 8, 2026

Tail CloudWatch Logs Live with the AWS CLI

Use aws logs tail with --follow to stream a CloudWatch log group in real time. Filter, time-range, and color the output.

aws-clicloudwatchlogs+2
BEGINNERMay 10, 2026

About these AWS CLI snippets

These are the AWS CLI commands I actually type (or alias) in production. Not the sanitized versions from the docs. Each one handles the edge cases and output formatting that the official examples skip over: parsing JSON responses with jq, piping secrets safely, handling pagination, and cleaning up output so it is readable by a human, not just a machine.

Everything here targets AWS CLI v2 and assumes you have credentials configured via aws configure, environment variables, or an instance profile. Most commands work across Linux, macOS, and WSL without modification.

What's inside

  • Identity and access: check which IAM identity you are using, assume a cross-account role with session tokens, and authenticate Docker against a private ECR registry.
  • S3 operations: generate presigned download URLs with expiry control, and sync local folders to S3 with include/exclude filters for selective deployments.
  • Compute and serverless: list running EC2 instances as a clean table, invoke a Lambda function synchronously, and read the decoded response payload.
  • Observability: tail CloudWatch log groups in real time, and pull monthly cost breakdowns by service from Cost Explorer.
  • Secrets: fetch and parse JSON secrets from Secrets Manager in a single pipeline, ready to pipe into environment variables or config files.

More commands land here as I pull them from runbooks and incident response playbooks. If a pattern saves me more than ten seconds and I use it more than twice, it ends up in this collection.

How to use them

Every snippet page shows the full command, explains what each flag does, and lists the IAM permissions you need. Copy, replace the placeholder values (they are in UPPER_SNAKE_CASE), and run. If you are scripting, the --output json and jq patterns shown are designed to be piped directly into shell variables or downstream commands.

If you spot a better flag combination or a cleaner jq filter, the code is open on GitHub. PRs and issues are welcome.