$ aws help # things you might not know about the AWS CLI

Posted in AWS Blog
16/11/2019 Ben Bridts

I recently gave a presentation at The AWS Community Summit in London, where I tried to talk about as many cool features of the AWS CLI as I could in 10 minutes. That recording is now available and you can watch it here (the slides can be found online too).

Video isn’t the best reference material if you want to quickly find one of those tips, so I will add a quick summary of them in this blogpost.

  • By specifying source_profile in your .aws/config file, you can tell the AWS CLI to use credentials from one profile to assume the role_arn you configure in another profile. This also works in a chain of profiles and can include asking for an MFA token.
  • You don’t have to get credentials from the .aws/credentials file, you can tell the CLI to get them from environment variables (this also works if you do not specify anything), instance metadata, or the ECS container role.
  • There is a --debug flag, which gives you a lot of output to see everything that’s happening behind the scenes.
  • In most cases you do not want that full debug output. Enabling history and using aws history show will give you the most relevant parts in an easy to read format.
  • The CLI has the annoying habit of resolving all urls you give it. You can disable this with aws configure set cli_follow_urlparam false.
  • You can make S3 uploads and downloads go a lot faster by tweaking the max_concurrent_requests. Or make it not exceed a certain speed with max_bandwith. See here for all options.
  • The cli supports defining your own aliases. Look in this awslabs repository for examples.
  • Instead of relying on an external tool (that needs to be installed), you can get specific fields from the response by using --query. Combine this with --output text to strip json-specific syntax.
  • You can use completion in different shells.
  • There are waiters you can use directly from the command line, so you do not have to write your own check-sleep loops in bash.
  • Other useful cli tools include cfn-lint, aws-encryption-sdk, aws-shell and aws-vault
  • There is a version 2 coming.


Need a hand? Or a high five?
Feel free to visit our offices and come say hi
… or just drop us a message

We are ready when you are

Cloudar NV – Operations

Veldkant 7
2550 Kontich (Antwerp)

info @ cloudar.be

+32 3 450 67 18

Cloudar NV – HQ

Veldkant 33A
2550 Kontich (Antwerp)

VAT BE0564 763 890

    This contact form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    • SHARE