AWS CLI EC2 Builder

AWS CLI for EC2 — managing instances from the terminal

The AWS CLI is the official command-line interface to every AWS service; for Amazon EC2 (Elastic Compute Cloud) it exposes hundreds of subcommands under aws ec2 ... covering instances, AMIs, EBS volumes, snapshots, security groups, key pairs, VPCs and spot pricing. Compared with the web console it is faster, scriptable, idempotent in CI/CD and the only sensible option when you manage dozens of instances at once.

Essential commands

• aws ec2 describe-instances — paginated list; combine with --filters "Name=instance-state-name,Values=running".
• aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,PrivateIpAddress]' --output table — JMESPath projection.
• aws ec2 start-instances --instance-ids i-1234, stop-instances, reboot-instances, terminate-instances.
• aws ec2 describe-volumes, create-snapshot, attach-volume, detach-volume.
• aws ec2 authorize-security-group-ingress --group-id sg-xxx --protocol tcp --port 22 --cidr 0.0.0.0/0.

Launching an instance

The canonical run-instances call:

aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \
  --instance-type t3.micro \
  --key-name mykey \
  --security-group-ids sg-abc123 \
  --subnet-id subnet-xyz789 \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=web-01}]'

The lifecycle goes pending → running → stopping → stopped → terminated. Generate a key pair on the fly with aws ec2 create-key-pair --key-name mykey --query 'KeyMaterial' --output text > mykey.pem && chmod 400 mykey.pem. For private metadata always require IMDSv2 (PUT token authentication) — it mitigates SSRF exfiltration and is the default on new launch templates.

Instance families and pricing

Instance families are letter-coded by workload: T burstable, M general-purpose, C compute-optimised, R/X memory-optimised, G/P GPU, I/D storage, Z high-frequency. Purchase options: On-Demand, Reserved (1–3 year commitment, up to 72% off), Savings Plans (flexible commitment), Spot (50–90% off, can be interrupted with 2-minute notice).

Output, profiles and CLI v2

Output formats: --output json|text|yaml|table. Multiple accounts: aws configure --profile prod then --profile prod. CLI v2 ships as a single binary, has built-in auto-completion, SSO support and is the only supported version since 2023 — uninstall v1.

FAQ

I have hundreds of instances — how do I paginate? Use --max-results 50 --starting-token "$TOKEN" or rely on the auto-paginator aws --no-paginate off. For large fleets prefer aws ec2 describe-instances --paginate via the SDK; CLI also honours AWS_PAGER="".

How do I bake a custom AMI? aws ec2 create-image --instance-id i-1234 --name "web-baseline-$(date +%F)" --no-reboot. The result is an AMI ID you can pass to future run-instances calls.

How do I debug a stuck instance? Grab the boot log with aws ec2 get-console-output --instance-id i-1234 or a literal screenshot with get-console-screenshot (returns base64 PNG).

CLI vs Terraform vs CloudFormation? CLI is imperative (one-off ops, scripts); Terraform and CloudFormation are declarative IaC for reproducible stacks. They coexist — use CLI for live troubleshooting, IaC for everything that should outlive a shell session.