AWS CLI on Linux: Complete Setup and Essential Commands Guide

Amazon Web Services dominates the cloud computing market, and mastering the AWS Command Line Interface (CLI) on Linux unlocks powerful automation capabilities. Whether you’re managing EC2 instances, S3 buckets, or complex multi-service architectures, the AWS CLI provides scriptable access to every AWS service. This comprehensive guide covers installation, configuration, and essential commands for effective AWS management from your Linux terminal.

Why Use AWS CLI on Linux?

While the AWS Management Console offers visual convenience, the CLI excels at automation, scripting, and bulk operations. Tasks that require dozens of clicks in the console often reduce to single commands. Scheduling backups, deploying applications, and managing infrastructure become scriptable operations that execute consistently without human error.

Linux serves as the natural environment for AWS CLI operations. Most AWS documentation assumes Linux or macOS, shell scripts integrate seamlessly with CLI commands, and Linux servers running in AWS can manage other AWS resources programmatically. The combination of Linux shell capabilities with AWS CLI creates a powerful infrastructure management toolkit.

Installing AWS CLI Version 2

AWS CLI version 2 represents the current generation, offering improved installers and new features. Amazon provides a bundled installer that works across Linux distributions without requiring Python management.

Standard Installation

Download and install the official AWS CLI package:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

# Verify installation
aws --version

For ARM-based systems like AWS Graviton or Raspberry Pi:

curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Package Manager Installation

Some distributions include AWS CLI in their repositories, though versions may lag behind official releases:

# Ubuntu/Debian (may be older version)
sudo apt install awscli

# Fedora
sudo dnf install awscli2

# Arch Linux
sudo pacman -S aws-cli-v2

Configuring AWS Credentials

Before using the CLI, configure authentication credentials. AWS supports multiple authentication methods, from simple access keys to sophisticated IAM role assumption.

Basic Configuration with Access Keys

Run the interactive configuration wizard:

aws configure

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

This creates two files in ~/.aws/: credentials stores access keys, and config stores region and output preferences.

Named Profiles for Multiple Accounts

Manage multiple AWS accounts using named profiles:

aws configure --profile production
aws configure --profile development

# Use specific profile
aws s3 ls --profile production

# Set default profile for session
export AWS_PROFILE=development

IAM Role Assumption

For cross-account access or elevated privileges, configure role assumption in ~/.aws/config:

[profile admin]
role_arn = arn:aws:iam::123456789012:role/AdminRole
source_profile = default
region = us-west-2

Essential EC2 Commands

EC2 (Elastic Compute Cloud) forms the backbone of most AWS deployments. These commands handle common instance management tasks.

Listing and Describing Instances

# List all instances
aws ec2 describe-instances

# Filter running instances
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Get specific instance details
aws ec2 describe-instances --instance-ids i-0abc123def456789

# Format output for readability
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType,PublicIpAddress]' --output table

Managing Instance State

# Start instances
aws ec2 start-instances --instance-ids i-0abc123def456789

# Stop instances
aws ec2 stop-instances --instance-ids i-0abc123def456789

# Terminate instances (permanent deletion)
aws ec2 terminate-instances --instance-ids i-0abc123def456789

# Reboot instances
aws ec2 reboot-instances --instance-ids i-0abc123def456789

Launching New Instances

aws ec2 run-instances \
    --image-id ami-0c55b159cbfafe1f0 \
    --instance-type t3.micro \
    --key-name my-key-pair \
    --security-group-ids sg-0123456789abcdef0 \
    --subnet-id subnet-0123456789abcdef0 \
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer}]'

S3 Storage Operations

S3 (Simple Storage Service) provides object storage with virtually unlimited capacity. The CLI makes bucket management and file transfers straightforward.

Bucket Management

# List all buckets
aws s3 ls

# Create new bucket
aws s3 mb s3://my-unique-bucket-name

# Delete empty bucket
aws s3 rb s3://my-bucket-name

# Delete bucket and all contents
aws s3 rb s3://my-bucket-name --force

File Operations

# List bucket contents
aws s3 ls s3://my-bucket/

# Copy file to S3
aws s3 cp myfile.txt s3://my-bucket/

# Copy file from S3
aws s3 cp s3://my-bucket/myfile.txt ./

# Sync directory to S3
aws s3 sync ./local-folder s3://my-bucket/folder/

# Sync with delete (mirror)
aws s3 sync ./local-folder s3://my-bucket/folder/ --delete

# Copy with storage class
aws s3 cp largefile.zip s3://my-bucket/ --storage-class GLACIER

IAM User and Policy Management

IAM (Identity and Access Management) controls who can access what in your AWS account. CLI commands enable programmatic user and permission management.

# List users
aws iam list-users

# Create new user
aws iam create-user --user-name new-developer

# Create access key for user
aws iam create-access-key --user-name new-developer

# Attach policy to user
aws iam attach-user-policy \
    --user-name new-developer \
    --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

# List attached policies
aws iam list-attached-user-policies --user-name new-developer

CloudWatch Monitoring and Logs

CloudWatch provides monitoring and observability for AWS resources. Query metrics and logs directly from the command line.

# Get CPU utilization for an instance
aws cloudwatch get-metric-statistics \
    --namespace AWS/EC2 \
    --metric-name CPUUtilization \
    --dimensions Name=InstanceId,Value=i-0abc123def456789 \
    --start-time 2024-01-01T00:00:00Z \
    --end-time 2024-01-02T00:00:00Z \
    --period 3600 \
    --statistics Average

# List log groups
aws logs describe-log-groups

# Tail log stream
aws logs tail /aws/lambda/my-function --follow

# Filter log events
aws logs filter-log-events \
    --log-group-name /aws/lambda/my-function \
    --filter-pattern "ERROR"

Advanced CLI Techniques

JMESPath Queries

The –query parameter uses JMESPath expressions to filter and transform output:

# Extract specific fields
aws ec2 describe-instances \
    --query 'Reservations[].Instances[].[InstanceId,State.Name]'

# Filter and project
aws ec2 describe-instances \
    --query 'Reservations[].Instances[?State.Name==`running`].InstanceId'

# Sort results
aws ec2 describe-instances \
    --query 'sort_by(Reservations[].Instances[], &LaunchTime)[*].[InstanceId,LaunchTime]'

Scripting with AWS CLI

Combine CLI commands with shell scripting for automation:

#!/bin/bash
# Stop all development instances nightly

INSTANCE_IDS=$(aws ec2 describe-instances \
    --filters "Name=tag:Environment,Values=development" \
              "Name=instance-state-name,Values=running" \
    --query 'Reservations[].Instances[].InstanceId' \
    --output text)

if [ -n "$INSTANCE_IDS" ]; then
    echo "Stopping instances: $INSTANCE_IDS"
    aws ec2 stop-instances --instance-ids $INSTANCE_IDS
fi

Security Best Practices

Protect your AWS credentials and follow security best practices. Never commit credentials to version control. Use IAM roles for EC2 instances instead of access keys. Enable MFA for sensitive operations and rotate access keys regularly.

For enhanced security, consider using AWS SSO (Single Sign-On) or temporary credentials through STS (Security Token Service). The CLI supports these authentication methods with minimal configuration changes.

Conclusion

The AWS CLI transforms cloud management from point-and-click operations into scriptable, repeatable processes. Starting with basic commands and gradually incorporating advanced features like JMESPath queries and shell scripting positions you for efficient AWS administration. Combined with Linux’s powerful text processing tools, the AWS CLI becomes an essential component of any cloud engineer’s toolkit.