SRJahirTech

AWS + Linux Combo — Part 9: Master the AWS CLI on Linux

By Suraj Ahir November 02, 2025 6 min read

AWS + Linux — AWS CLI
AWS + Linux — AWS CLI
← Part 8 AWS + Linux Combo · Part 9 of 12 Part 10 →

The AWS console is fine for exploring, but professionals manage infrastructure through the command line. The AWS CLI lets you do everything the console can do — and more — directly from your Linux terminal. It is scriptable, fast, and essential for automation. In this part, we explore the most important AWS CLI commands across the services we have covered.

AWS CLI Basics

The AWS CLI follows a consistent structure for all commands:

CLI Command Structure
# Pattern: aws [service] [action] [options]
aws ec2 describe-instances
aws s3 ls
aws iam list-users
aws s3 cp file.txt s3://bucket/

# Get help for any command
aws help
aws ec2 help
aws ec2 describe-instances help

# Use --output to change format (json, text, table)
aws ec2 describe-instances --output table
aws iam list-users --output text

# Use --query to filter output (JMESPath)
aws ec2 describe-instances --query 'Reservations[*].Instances[*].PublicIpAddress'

EC2 Management via CLI

EC2 CLI Commands
# List all instances with key details
aws ec2 describe-instances   --query 'Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress,Tags[?Key==`Name`].Value|[0]]'   --output table

# Start/stop instances
aws ec2 start-instances --instance-ids i-0abc123def456789
aws ec2 stop-instances --instance-ids i-0abc123def456789

# Get instance status
aws ec2 describe-instance-status --instance-ids i-0abc123def456789

# Create a snapshot of EBS volume
aws ec2 create-snapshot   --volume-id vol-0abc123   --description "Backup $(date +%Y-%m-%d)"

# List security groups
aws ec2 describe-security-groups --output table

S3 CLI Deep Dive

Advanced S3 CLI
# List bucket sizes
aws s3 ls s3://my-bucket/ --recursive --human-readable --summarize

# Copy with metadata
aws s3 cp myfile.txt s3://my-bucket/   --content-type "text/plain"   --metadata "author=suraj,date=2026-03-17"

# Set storage class (Standard is default, IA is cheaper for infrequent access)
aws s3 cp archive.tar.gz s3://my-bucket/archives/   --storage-class STANDARD_IA

# Enable versioning on a bucket
aws s3api put-bucket-versioning   --bucket my-bucket   --versioning-configuration Status=Enabled

# List object versions
aws s3api list-object-versions --bucket my-bucket

IAM via CLI

IAM CLI Commands
# List users and their creation dates
aws iam list-users --query 'Users[*].[UserName,CreateDate]' --output table

# Check current identity
aws sts get-caller-identity

# List roles
aws iam list-roles --query 'Roles[*].[RoleName,CreateDate]' --output table

# Get my account ID
aws sts get-caller-identity --query Account --output text

CloudWatch Logs via CLI

CloudWatch CLI
# List log groups
aws logs describe-log-groups

# Get recent log events
aws logs get-log-events   --log-group-name /aws/ec2/myserver   --log-stream-name mystream   --limit 50

# Filter logs for errors
aws logs filter-log-events   --log-group-name /var/log/nginx   --filter-pattern "ERROR"

Using Profiles for Multiple Accounts

AWS Profiles
# Configure a named profile
aws configure --profile production
aws configure --profile staging

# Use a specific profile
aws s3 ls --profile production
aws ec2 describe-instances --profile staging

# Set default profile
export AWS_PROFILE=production

Useful CLI Shortcuts and Tips

Pro Tips
# Enable CLI auto-completion
complete -C '/usr/local/bin/aws_completer' aws

# Dry run to check permissions without actually doing it
aws ec2 start-instances --instance-ids i-123 --dry-run

# Use jq to parse JSON output (install: sudo dnf install jq -y)
aws ec2 describe-instances | jq '.Reservations[].Instances[].PublicIpAddress'

# Get your current public IP
aws ec2 describe-instances   --filters "Name=instance-state-name,Values=running"   --query 'Reservations[*].Instances[*].PublicIpAddress'   --output text

The AWS CLI becomes increasingly powerful as you combine it with Bash scripts, cron jobs, and conditionals. In Part 10, we cover networking — VPC, subnets, security groups, and how AWS networking actually works.

AWS CLI Configuration and Profiles

The AWS CLI stores configuration in ~/.aws/config and credentials in ~/.aws/credentials. For work with multiple AWS accounts or regions, use named profiles: aws configure --profile production sets up a production profile. Use a profile with any CLI command: aws s3 ls --profile production. Set a default profile for a session: export AWS_PROFILE=production. For EC2 instances with attached IAM roles, no credentials file is needed — the CLI automatically uses the instance metadata service to retrieve temporary credentials. This is the correct approach for applications running on EC2 — never store long-lived credentials on instances.

Output Formats and JQ for JSON Processing

The AWS CLI supports multiple output formats: JSON (default), table, text, and YAML. For scripting, JSON combined with jq is extremely powerful. jq is a command-line JSON processor that enables filtering, transformation, and extraction of data from JSON output:

AWS CLI with jq
# Get just the instance IDs of running instances
aws ec2 describe-instances     --filters "Name=instance-state-name,Values=running"     --query 'Reservations[].Instances[].InstanceId'     --output text

# Using jq for more complex transformations
aws ec2 describe-instances |     jq '.Reservations[].Instances[] | {id: .InstanceId, type: .InstanceType, state: .State.Name}'

# Get the public IP of a specific instance
aws ec2 describe-instances     --instance-ids i-1234567890abcdef0     --query 'Reservations[0].Instances[0].PublicIpAddress'     --output text

Practice Exercise

Write a shell script that uses the AWS CLI with --query and --output text to generate a simple inventory report: list all running EC2 instances with their names (from the Name tag), instance types, and public IPs. Use aws ec2 describe-instances with appropriate filters. Format the output as a table using column -t. Save the report to a file with the current date in the filename. This is a simplified version of the asset inventory scripts used in real operations.

Building Cloud Intuition Over Time

Cloud computing is a domain where deep intuition — the ability to make good architectural decisions quickly, to diagnose problems efficiently, and to anticipate how systems will behave under load — develops through accumulated hands-on experience. Every project you build on cloud infrastructure teaches you something that cannot be learned from documentation alone. The cost surprises, the permission errors, the networking debugging sessions, the performance investigations — these are not obstacles to learning, they are the learning. The engineers who have built genuinely deep cloud intuition have usually accumulated it through many projects over several years, not from any single course or certification. Start building things, make mistakes safely in learning environments, and accumulate that experience deliberately.

Disclaimer: This content is for educational purposes only. SRJahir Tech does not guarantee any specific outcome, job placement, or exam result. Learning requires consistent effort and practical application.