AWS CLI 参考

# 安装 AWS CLI v2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip && sudo ./aws/install # 配置默认 Profile aws configure # AWS Access Key ID: AKIAIOSFODNN7EXAMPLE # AWS Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # 默认区域: us-east-1 # 默认输出格式: json # 查看当前身份 aws sts get-caller-identity

# 创建命名 Profile aws configure --profile prod # 使用命名 Profile aws s3 ls --profile prod # 通过环境变量设置 export AWS_PROFILE=prod # ~/.aws/credentials [default] aws_access_key_id = AKIA... aws_secret_access_key = ... [prod] aws_access_key_id = AKIA... aws_secret_access_key = ...

# 列出桶 / 对象 aws s3 ls aws s3 ls s3://my-bucket/prefix/ # 复制与同步 aws s3 cp file.txt s3://my-bucket/ aws s3 sync ./local-dir s3://my-bucket/remote-dir --delete # 删除 aws s3 rm s3://my-bucket/file.txt aws s3 rm s3://my-bucket/ --recursive # 创建 / 删除桶 aws s3 mb s3://new-bucket --region us-east-1 aws s3 rb s3://empty-bucket # 预签名 URL（1 小时） aws s3 presign s3://my-bucket/secret.pdf --expires-in 3600

# 列出实例 aws ec2 describe-instances \ --query 'Reservations[*].Instances[*].[InstanceId,State.Name,PublicIpAddress]' \ --output table # 启动 / 停止 / 终止 aws ec2 start-instances --instance-ids i-1234567890abcdef0 aws ec2 stop-instances --instance-ids i-1234567890abcdef0 aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 # 启动实例 aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type t3.micro \ --key-name my-key \ --security-group-ids sg-12345678 \ --subnet-id subnet-12345678

# 列出用户、角色、策略 aws iam list-users aws iam list-roles aws iam list-policies --scope Local # 创建用户并附加策略 aws iam create-user --user-name alice aws iam attach-user-policy --user-name alice \ --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess # 创建访问密钥 aws iam create-access-key --user-name alice # 扮演角色 aws sts assume-role \ --role-arn arn:aws:iam::123456789012:role/MyRole \ --role-session-name my-session