AgentSkillsCN

aws-cli

在使用任何AWS CLI v2命令时。涵盖通用CLI约定(输出格式、--query、分页、等待器),并为ECS、EC2、ECR、S3、RDS、Route 53、IAM、CloudWatch、ELBv2、Lambda、DynamoDB、KMS、SNS、SQS、CloudFront以及Secrets Manager提供各服务的参考信息。在通过CLI进行AWS资源的创建、管理、查询或拆除等操作时,均可使用此技能。

SKILL.md
--- frontmatter
name: aws-cli
description: Use when working with any AWS CLI v2 commands. Covers general CLI conventions (output formats, --query, pagination, waiters) and provides per-service references for ECS, EC2, ECR, S3, RDS, Route 53, IAM, CloudWatch, ELBv2, Lambda, DynamoDB, KMS, SNS, SQS, CloudFront, and Secrets Manager. Use this skill for any task involving AWS resource creation, management, querying, or teardown via the CLI.

AWS CLI v2 General Reference

Overview

Unified AWS CLI v2 reference skill. Contains general conventions shared across all services plus per-service command references. Read the service overview for the AWS service you are working with.

Service Index

ServiceReferenceScope
ECSecs/overview.mdClusters, services, tasks, task definitions, container instances, capacity providers
EC2ec2/overview.mdInstances, VPCs, subnets, security groups, key pairs, AMIs, launch templates, auto scaling
ECRecr/overview.mdRepositories, images, lifecycle policies, scanning, authentication, registry
S3s3/overview.mdBuckets, objects, storage classes, lifecycle, versioning, website hosting, presigned URLs
RDSrds/overview.mdDB instances, Aurora clusters, snapshots, parameter groups, subnet groups, replicas, proxies
Route 53route53/overview.mdHosted zones, DNS records, health checks, routing policies, domain registration
IAMiam/overview.mdUsers, groups, roles, policies, instance profiles, access keys, MFA, identity providers
CloudWatchcloudwatch/overview.mdMetrics, alarms, dashboards, log groups, log streams, metric filters, Insights queries
ELBv2elbv2/overview.mdALBs, NLBs, target groups, listeners, rules, health checks, SSL certificates
Lambdalambda/overview.mdFunctions, layers, event source mappings, aliases, versions, concurrency, URLs
DynamoDBdynamodb/overview.mdTables, items, indexes, queries, scans, streams, backups, global tables, TTL
KMSkms/overview.mdEncryption keys, key policies, grants, aliases, encrypt/decrypt, key rotation, multi-region
SNSsns/overview.mdTopics, subscriptions, publishing, SMS, platform applications, message filtering
SQSsqs/overview.mdStandard and FIFO queues, messages, dead-letter queues, visibility timeout, long polling
CloudFrontcloudfront/overview.mdDistributions, origins, cache behaviors, invalidations, functions, origin access control
Secrets Managersecretsmanager/overview.mdSecrets, versions, rotation, replication, resource policies, batch retrieval

REQUIRED: Read the overview file for the AWS service you are working with.

General CLI Conventions

Output Formats

bash
--output json    # Default. Full JSON response.
--output text    # Tab-delimited. Good for scripting with awk/cut.
--output table   # Human-readable table.
--output yaml    # YAML format.

Filtering with --query (JMESPath)

bash
# Single field
aws ecs describe-clusters --query 'clusters[0].clusterArn'

# Multiple fields
aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,State.Name]'

# Filter by value
aws ecs list-services --query 'serviceArns[?contains(@,`my-service`)]'

# Flatten nested arrays
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId'

Pagination

bash
--no-paginate          # Disable automatic pagination (get first page only)
--max-items N          # Limit total items returned
--page-size N          # Items per API call (controls request size, not total)
--starting-token TOK   # Resume from previous NextToken

Most list-* and describe-* commands paginate automatically in CLI v2.

Waiters

Wait for a resource to reach a specific state. Format: aws <service> wait <waiter-name>.

bash
aws ecs wait services-stable --cluster my-cluster --services my-service
aws ecs wait tasks-running --cluster my-cluster --tasks arn:aws:ecs:...
aws ecs wait tasks-stopped --cluster my-cluster --tasks arn:aws:ecs:...
aws ec2 wait instance-running --instance-ids i-1234567890abcdef0
aws ec2 wait instance-terminated --instance-ids i-1234567890abcdef0
aws ec2 wait vpc-available --vpc-ids vpc-123
aws ec2 wait subnet-available --subnet-ids subnet-123
aws ec2 wait nat-gateway-available --nat-gateway-ids nat-123

Waiters poll at intervals and timeout after a set number of attempts. Use --cli-read-timeout and --cli-connect-timeout to adjust.

Common Global Options

bash
--region REGION        # Override default region
--profile PROFILE      # Use named profile from ~/.aws/config
--no-cli-pager         # Disable pager (useful in scripts)
--cli-input-json       # Read input from JSON file: --cli-input-json file://input.json
--cli-input-yaml       # Read input from YAML file
--generate-cli-skeleton # Output input skeleton (for building --cli-input-json files)
--debug                # Full debug logging
--dry-run              # Supported by some EC2 commands — validates without executing

JSON Input Files

For commands with complex input, use --cli-input-json:

bash
# Generate skeleton
aws ecs register-task-definition --generate-cli-skeleton output > task-def.json

# Edit the skeleton, then use it
aws ecs register-task-definition --cli-input-json file://task-def.json

Error Handling in Scripts

bash
# Check exit code
if aws ecs describe-clusters --clusters my-cluster --query 'clusters[0].status' --output text | grep -q ACTIVE; then
  echo "Cluster is active"
fi

# Capture errors
result=$(aws ecs create-service --cli-input-json file://service.json 2>&1) || {
  echo "Failed: $result"
  exit 1
}

ARN Format

code
arn:aws:<service>:<region>:<account-id>:<resource-type>/<resource-name>

Examples:

  • arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster
  • arn:aws:ecs:us-east-1:123456789012:service/my-cluster/my-service
  • arn:aws:ecs:us-east-1:123456789012:task-definition/my-task:1
  • arn:aws:ecr:us-east-1:123456789012:repository/my-repo

Environment Variables

bash
AWS_DEFAULT_REGION       # Default region
AWS_ACCESS_KEY_ID        # Access key
AWS_SECRET_ACCESS_KEY    # Secret key
AWS_SESSION_TOKEN        # Session token (temporary credentials)
AWS_PROFILE              # Named profile
AWS_DEFAULT_OUTPUT       # Default output format