AWS EC2 & Security Groups (Mini Cheat Sheet)
This section contains essential AWS CLI commands for managing EC2 instances, security groups, networking, and account verification. Designed for fast cloud administration.
# ================= AWS CONFIGURATION =================
aws configure list
# Show current Access Key, Secret, Region
aws sts get-caller-identity
# Confirm which AWS account is active
aws configure set region af-south-1
# Change default region safely (does NOT overwrite keys)
# ================= EC2 MANAGEMENT =================
aws ec2 describe-instances
# List all EC2 instances (current region)
aws ec2 describe-instances --filters Name=instance-state-name,Values=running
# Show only running instances
aws ec2 start-instances --instance-ids i-xxxxxxx
# Start instance
aws ec2 stop-instances --instance-ids i-xxxxxxx
# Stop instance
aws ec2 reboot-instances --instance-ids i-xxxxxxx
# Reboot instance
aws ec2 terminate-instances --instance-ids i-xxxxxxx
# Permanently delete instance (CANNOT undo)
aws ec2 describe-instances --instance-ids i-xxxxxxx \
--query "Reservations[*].Instances[*].PublicIpAddress" --output text
# Get public IP of instance
# ================= SECURITY GROUPS =================
aws ec2 describe-security-groups
# List all security groups
aws ec2 describe-security-groups --group-ids sg-xxxxxxx \
--query "SecurityGroups[*].IpPermissions"
# Show open inbound ports
aws ec2 create-security-group \
--group-name my-sg \
--description "My Security Group"
# Create new security group
# ================= OPEN PORTS =================
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 80 --cidr 0.0.0.0/0
# Allow HTTP from anywhere
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 443 --cidr 0.0.0.0/0
# Allow HTTPS from anywhere
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 22 --cidr YOUR_IP/32
# Allow SSH only from your IP (recommended)
# ================= REMOVE RULE =================
aws ec2 revoke-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 80 --cidr 0.0.0.0/0
# Remove HTTP access
# ================= REGIONS =================
aws ec2 describe-regions
# List all AWS regions
aws ec2 describe-instances --region af-south-1
# Query a specific region manually
# ================= TABLE VIEW =================
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]" \
--output table
# Clean table output for quick overview
aws configure list
# Show current Access Key, Secret, Region
aws sts get-caller-identity
# Confirm which AWS account is active
aws configure set region af-south-1
# Change default region safely (does NOT overwrite keys)
# ================= EC2 MANAGEMENT =================
aws ec2 describe-instances
# List all EC2 instances (current region)
aws ec2 describe-instances --filters Name=instance-state-name,Values=running
# Show only running instances
aws ec2 start-instances --instance-ids i-xxxxxxx
# Start instance
aws ec2 stop-instances --instance-ids i-xxxxxxx
# Stop instance
aws ec2 reboot-instances --instance-ids i-xxxxxxx
# Reboot instance
aws ec2 terminate-instances --instance-ids i-xxxxxxx
# Permanently delete instance (CANNOT undo)
aws ec2 describe-instances --instance-ids i-xxxxxxx \
--query "Reservations[*].Instances[*].PublicIpAddress" --output text
# Get public IP of instance
# ================= SECURITY GROUPS =================
aws ec2 describe-security-groups
# List all security groups
aws ec2 describe-security-groups --group-ids sg-xxxxxxx \
--query "SecurityGroups[*].IpPermissions"
# Show open inbound ports
aws ec2 create-security-group \
--group-name my-sg \
--description "My Security Group"
# Create new security group
# ================= OPEN PORTS =================
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 80 --cidr 0.0.0.0/0
# Allow HTTP from anywhere
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 443 --cidr 0.0.0.0/0
# Allow HTTPS from anywhere
aws ec2 authorize-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 22 --cidr YOUR_IP/32
# Allow SSH only from your IP (recommended)
# ================= REMOVE RULE =================
aws ec2 revoke-security-group-ingress \
--group-id sg-xxxxxxx \
--protocol tcp --port 80 --cidr 0.0.0.0/0
# Remove HTTP access
# ================= REGIONS =================
aws ec2 describe-regions
# List all AWS regions
aws ec2 describe-instances --region af-south-1
# Query a specific region manually
# ================= TABLE VIEW =================
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]" \
--output table
# Clean table output for quick overview