AWS CLI v2 General Reference
Overview
Unified AWS CLI v2 reference skill. Contains general conventions shared across all services plus per-service command references. Read the service overview for the AWS service you are working with.
Service Index
| Service | Reference | Scope |
|---|---|---|
| ECS | ecs/overview.md | Clusters, services, tasks, task definitions, container instances, capacity providers |
| EC2 | ec2/overview.md | Instances, VPCs, subnets, security groups, key pairs, AMIs, launch templates, auto scaling |
| ECR | ecr/overview.md | Repositories, images, lifecycle policies, scanning, authentication, registry |
| S3 | s3/overview.md | Buckets, objects, storage classes, lifecycle, versioning, website hosting, presigned URLs |
| RDS | rds/overview.md | DB instances, Aurora clusters, snapshots, parameter groups, subnet groups, replicas, proxies |
| Route 53 | route53/overview.md | Hosted zones, DNS records, health checks, routing policies, domain registration |
| IAM | iam/overview.md | Users, groups, roles, policies, instance profiles, access keys, MFA, identity providers |
| CloudWatch | cloudwatch/overview.md | Metrics, alarms, dashboards, log groups, log streams, metric filters, Insights queries |
| ELBv2 | elbv2/overview.md | ALBs, NLBs, target groups, listeners, rules, health checks, SSL certificates |
| Lambda | lambda/overview.md | Functions, layers, event source mappings, aliases, versions, concurrency, URLs |
| DynamoDB | dynamodb/overview.md | Tables, items, indexes, queries, scans, streams, backups, global tables, TTL |
| KMS | kms/overview.md | Encryption keys, key policies, grants, aliases, encrypt/decrypt, key rotation, multi-region |
| SNS | sns/overview.md | Topics, subscriptions, publishing, SMS, platform applications, message filtering |
| SQS | sqs/overview.md | Standard and FIFO queues, messages, dead-letter queues, visibility timeout, long polling |
| CloudFront | cloudfront/overview.md | Distributions, origins, cache behaviors, invalidations, functions, origin access control |
| Secrets Manager | secretsmanager/overview.md | Secrets, versions, rotation, replication, resource policies, batch retrieval |
REQUIRED: Read the overview file for the AWS service you are working with.
General CLI Conventions
Output Formats
--output json # Default. Full JSON response. --output text # Tab-delimited. Good for scripting with awk/cut. --output table # Human-readable table. --output yaml # YAML format.
Filtering with --query (JMESPath)
# Single field aws ecs describe-clusters --query 'clusters[0].clusterArn' # Multiple fields aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,State.Name]' # Filter by value aws ecs list-services --query 'serviceArns[?contains(@,`my-service`)]' # Flatten nested arrays aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId'
Pagination
--no-paginate # Disable automatic pagination (get first page only) --max-items N # Limit total items returned --page-size N # Items per API call (controls request size, not total) --starting-token TOK # Resume from previous NextToken
Most list-* and describe-* commands paginate automatically in CLI v2.
Waiters
Wait for a resource to reach a specific state. Format: aws <service> wait <waiter-name>.
aws ecs wait services-stable --cluster my-cluster --services my-service aws ecs wait tasks-running --cluster my-cluster --tasks arn:aws:ecs:... aws ecs wait tasks-stopped --cluster my-cluster --tasks arn:aws:ecs:... aws ec2 wait instance-running --instance-ids i-1234567890abcdef0 aws ec2 wait instance-terminated --instance-ids i-1234567890abcdef0 aws ec2 wait vpc-available --vpc-ids vpc-123 aws ec2 wait subnet-available --subnet-ids subnet-123 aws ec2 wait nat-gateway-available --nat-gateway-ids nat-123
Waiters poll at intervals and timeout after a set number of attempts. Use --cli-read-timeout and --cli-connect-timeout to adjust.
Common Global Options
--region REGION # Override default region --profile PROFILE # Use named profile from ~/.aws/config --no-cli-pager # Disable pager (useful in scripts) --cli-input-json # Read input from JSON file: --cli-input-json file://input.json --cli-input-yaml # Read input from YAML file --generate-cli-skeleton # Output input skeleton (for building --cli-input-json files) --debug # Full debug logging --dry-run # Supported by some EC2 commands — validates without executing
JSON Input Files
For commands with complex input, use --cli-input-json:
# Generate skeleton aws ecs register-task-definition --generate-cli-skeleton output > task-def.json # Edit the skeleton, then use it aws ecs register-task-definition --cli-input-json file://task-def.json
Error Handling in Scripts
# Check exit code
if aws ecs describe-clusters --clusters my-cluster --query 'clusters[0].status' --output text | grep -q ACTIVE; then
echo "Cluster is active"
fi
# Capture errors
result=$(aws ecs create-service --cli-input-json file://service.json 2>&1) || {
echo "Failed: $result"
exit 1
}
ARN Format
arn:aws:<service>:<region>:<account-id>:<resource-type>/<resource-name>
Examples:
- •
arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster - •
arn:aws:ecs:us-east-1:123456789012:service/my-cluster/my-service - •
arn:aws:ecs:us-east-1:123456789012:task-definition/my-task:1 - •
arn:aws:ecr:us-east-1:123456789012:repository/my-repo
Environment Variables
AWS_DEFAULT_REGION # Default region AWS_ACCESS_KEY_ID # Access key AWS_SECRET_ACCESS_KEY # Secret key AWS_SESSION_TOKEN # Session token (temporary credentials) AWS_PROFILE # Named profile AWS_DEFAULT_OUTPUT # Default output format