AWS Cheat Sheet – Commands, Concepts, and Shortcuts

Your Ultimate Quick Reference for AWS Exams, Real-World Projects, and Daily Usage

This chapter serves as your command center for AWS—summarizing services, architecture basics, CLI commands, and key options across compute, storage, networking, and security.

Core Concepts Recap

Concept	Summary
Region	A geographical area (e.g., `us-east-1`)
Availability Zone (AZ)	Data center(s) within a region
VPC	Virtual network to launch AWS resources
IAM	Manage access (users, groups, roles, policies)
Security Group	Firewall rules for EC2 or other resources
Elastic IP	Static IPv4 for EC2 or NAT gateway
S3 Bucket	Object storage with versioning and policies
Auto Scaling Group	Launch EC2s based on traffic/load
CloudFormation	Infrastructure as code (YAML/JSON)

EC2 (Elastic Compute Cloud)

✅ Launch Instance (CLI)

Bash

aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \
  --instance-type t2.micro \
  --key-name my-key \
  --security-groups my-sg \
  --count 1

aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \
  --instance-type t2.micro \
  --key-name my-key \
  --security-groups my-sg \
  --count 1

✅ Connect via SSH

Bash

ssh -i my-key.pem ec2-user@<public-ip>

ssh -i my-key.pem ec2-user@<public-ip>

✅ Stop/Start Instance

Bash

aws ec2 stop-instances --instance-ids i-123abc
aws ec2 start-instances --instance-ids i-123abc

aws ec2 stop-instances --instance-ids i-123abc
aws ec2 start-instances --instance-ids i-123abc

S3 (Simple Storage Service)

✅ Create Bucket 🪣

Bash

aws s3 mb s3://my-bucket-name

aws s3 mb s3://my-bucket-name

✅ Upload File

Bash

aws s3 cp file.txt s3://my-bucket-name/

aws s3 cp file.txt s3://my-bucket-name/

✅ Download File

Bash

aws s3 cp s3://my-bucket-name/file.txt .

aws s3 cp s3://my-bucket-name/file.txt .

✅ Enable Versioning

Bash

aws s3api put-bucket-versioning \
  --bucket my-bucket-name \
  --versioning-configuration Status=Enabled

aws s3api put-bucket-versioning \
  --bucket my-bucket-name \
  --versioning-configuration Status=Enabled

🧑‍💼 IAM (Identity & Access Management)

✅ Create User

Bash

aws iam create-user --user-name my-user

aws iam create-user --user-name my-user

✅ Attach Policy to User

Bash

aws iam attach-user-policy \
  --user-name my-user \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

aws iam attach-user-policy \
  --user-name my-user \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

✅ Create Role with Trust Policy

Bash

aws iam create-role \
  --role-name my-role \
  --assume-role-policy-document file://trust-policy.json

aws iam create-role \
  --role-name my-role \
  --assume-role-policy-document file://trust-policy.json

VPC (Virtual Private Cloud)

✅ Create VPC

Bash

aws ec2 create-vpc --cidr-block 10.0.0.0/16

aws ec2 create-vpc --cidr-block 10.0.0.0/16

✅ Create Subnet

Bash

aws ec2 create-subnet \
  --vpc-id vpc-123abc \
  --cidr-block 10.0.1.0/24

aws ec2 create-subnet \
  --vpc-id vpc-123abc \
  --cidr-block 10.0.1.0/24

✅ Attach Internet Gateway

Bash

aws ec2 attach-internet-gateway \
  --vpc-id vpc-123abc \
  --internet-gateway-id igw-abc123

aws ec2 attach-internet-gateway \
  --vpc-id vpc-123abc \
  --internet-gateway-id igw-abc123

RDS (Relational Database Service)

✅ Launch MySQL DB Instance

Bash

aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t3.micro \
  --engine mysql \
  --allocated-storage 20 \
  --master-username admin \
  --master-user-password MyPassword123 \
  --vpc-security-group-ids sg-123abc

aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t3.micro \
  --engine mysql \
  --allocated-storage 20 \
  --master-username admin \
  --master-user-password MyPassword123 \
  --vpc-security-group-ids sg-123abc

✅ Modify DB Instance

Bash

aws rds modify-db-instance \
  --db-instance-identifier mydb \
  --backup-retention-period 7 \
  --apply-immediately

aws rds modify-db-instance \
  --db-instance-identifier mydb \
  --backup-retention-period 7 \
  --apply-immediately

Lambda (Serverless)

✅ Create Lambda Function (from .zip)

Bash

aws lambda create-function \
  --function-name MyFunction \
  --runtime nodejs18.x \
  --role arn:aws:iam::123456789012:role/my-role \
  --handler index.handler \
  --zip-file fileb://function.zip

aws lambda create-function \
  --function-name MyFunction \
  --runtime nodejs18.x \
  --role arn:aws:iam::123456789012:role/my-role \
  --handler index.handler \
  --zip-file fileb://function.zip

✅ Invoke Lambda

Bash

aws lambda invoke \
  --function-name MyFunction \
  --payload '{"key": "value"}' \
  output.json

aws lambda invoke \
  --function-name MyFunction \
  --payload '{"key": "value"}' \
  output.json

CloudFormation (Infrastructure as Code)

✅ Deploy Stack

Bash

aws cloudformation create-stack \
  --stack-name my-stack \
  --template-body file://template.yaml \
  --capabilities CAPABILITY_NAMED_IAM

aws cloudformation create-stack \
  --stack-name my-stack \
  --template-body file://template.yaml \
  --capabilities CAPABILITY_NAMED_IAM

✅ Delete Stack

Bash

aws cloudformation delete-stack --stack-name my-stack

aws cloudformation delete-stack --stack-name my-stack

Route 53 (DNS Management)

✅ Register a Domain (via Console only)

✅ Create Record Set (A Record)

Bash

aws route53 change-resource-record-sets \
  --hosted-zone-id Z1234567890 \
  --change-batch file://change-record.json

aws route53 change-resource-record-sets \
  --hosted-zone-id Z1234567890 \
  --change-batch file://change-record.json

change-record.json contains DNS update in JSON format.

🔐 Security Best Practices

Area	Practice
IAM	Use roles instead of root user
S3	Enable bucket policies and block public access
EC2	Use key pairs, limit SG ports
Encryption	Use SSE-KMS for S3, RDS, EBS
Monitoring	Enable CloudTrail and GuardDuty
Cost Control	Use Budgets and Cost Explorer

Monitoring & Logs

✅ View EC2 Metrics

Bash

aws cloudwatch get-metric-statistics \
  --namespace AWS/EC2 \
  --metric-name CPUUtilization \
  --start-time 2025-06-01T00:00:00Z \
  --end-time 2025-06-02T00:00:00Z \
  --period 300 \
  --statistics Average \
  --dimensions Name=InstanceId,Value=i-123abc

aws cloudwatch get-metric-statistics \
  --namespace AWS/EC2 \
  --metric-name CPUUtilization \
  --start-time 2025-06-01T00:00:00Z \
  --end-time 2025-06-02T00:00:00Z \
  --period 300 \
  --statistics Average \
  --dimensions Name=InstanceId,Value=i-123abc

✅ Enable CloudTrail Logging

Bash

aws cloudtrail create-trail \
  --name myTrail \
  --s3-bucket-name my-log-bucket

aws cloudtrail create-trail \
  --name myTrail \
  --s3-bucket-name my-log-bucket

Common Port Reference (Interview-Ready)

Service	Port
SSH (EC2 login)	22
HTTP	80
HTTPS	443
RDS MySQL	3306
RDS PostgreSQL	5432

📘 Continue to the Next Chapter

AWS GitHub Actions: Automate Deployments

Use GitHub Actions to automate your AWS deployments efficiently and reliably.

➡️

💡 Explore More AWS Tools & Resources

🎓

Educational AI Tutor

Get instant AWS-related answers and explanations using AI.

🧠

Interview Question Generator

Generate AWS interview questions for practice and preparation.

📝

AWS Practice Quiz

Test your AWS knowledge with timed quizzes and scoring.

📋

AWS Interview Questions

Browse frequently asked AWS interview questions with answers.