aws-ops
npx machina-cli add skill agenticdevops/devops-execution-engine/aws-ops --openclawFiles (1)
SKILL.md
6.9 KB
AWS Operations
Common AWS CLI operations for infrastructure management.
When to Use This Skill
Use this skill when:
- Managing AWS resources
- Querying resource state
- Troubleshooting AWS issues
- Cost investigation
Setup & Authentication
Check Current Identity
# Who am I?
aws sts get-caller-identity
# Current region
aws configure get region
Switch Profile/Region
# Use specific profile
export AWS_PROFILE=production
# Or per-command
aws s3 ls --profile production
# Switch region
export AWS_DEFAULT_REGION=us-west-2
List Profiles
aws configure list-profiles
EC2 Instances
List Instances
# All instances with key info
aws ec2 describe-instances \
--query 'Reservations[].Instances[].[InstanceId,State.Name,InstanceType,PrivateIpAddress,Tags[?Key==`Name`].Value|[0]]' \
--output table
# Running only
aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" \
--query 'Reservations[].Instances[].[InstanceId,InstanceType,PrivateIpAddress,Tags[?Key==`Name`].Value|[0]]' \
--output table
# By tag
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=production"
Instance Actions
# Start instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0
# Stop instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
# Reboot instance
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0
# Get console output (for debugging)
aws ec2 get-console-output --instance-id i-1234567890abcdef0
Instance Details
# Full details
aws ec2 describe-instances --instance-ids i-1234567890abcdef0
# Security groups
aws ec2 describe-instances --instance-ids i-1234567890abcdef0 \
--query 'Reservations[].Instances[].SecurityGroups'
S3 Storage
List Buckets & Objects
# List buckets
aws s3 ls
# List objects in bucket
aws s3 ls s3://bucket-name/
# With sizes (human readable)
aws s3 ls s3://bucket-name/ --human-readable --summarize
# Recursive
aws s3 ls s3://bucket-name/ --recursive
Copy Files
# Upload
aws s3 cp file.txt s3://bucket-name/
# Download
aws s3 cp s3://bucket-name/file.txt ./
# Sync directory
aws s3 sync ./local-dir s3://bucket-name/prefix/
# Sync with delete
aws s3 sync ./local-dir s3://bucket-name/prefix/ --delete
Bucket Info
# Bucket location
aws s3api get-bucket-location --bucket bucket-name
# Bucket size (can be slow for large buckets)
aws s3 ls s3://bucket-name --recursive --summarize | tail -2
EKS (Kubernetes)
List Clusters
aws eks list-clusters
Update Kubeconfig
# Add cluster to kubeconfig
aws eks update-kubeconfig --name cluster-name --region us-east-1
# With specific profile
aws eks update-kubeconfig --name cluster-name --profile production
Cluster Info
aws eks describe-cluster --name cluster-name
CloudWatch Logs
List Log Groups
aws logs describe-log-groups \
--query 'logGroups[].logGroupName'
Tail Logs
# Tail logs (requires awslogs or use CloudWatch Insights)
aws logs tail /aws/lambda/function-name --follow
# Get recent logs
aws logs get-log-events \
--log-group-name /aws/lambda/function-name \
--log-stream-name 'stream-name' \
--limit 50
Search Logs (Insights)
# Start query
aws logs start-query \
--log-group-name /aws/lambda/function-name \
--start-time $(date -d '1 hour ago' +%s) \
--end-time $(date +%s) \
--query-string 'fields @timestamp, @message | filter @message like /ERROR/ | limit 20'
# Get results (use query-id from above)
aws logs get-query-results --query-id "query-id-here"
IAM
Current User/Role
aws sts get-caller-identity
List Users/Roles
# Users
aws iam list-users --query 'Users[].[UserName,CreateDate]' --output table
# Roles
aws iam list-roles --query 'Roles[].[RoleName,CreateDate]' --output table
Check Permissions
# Simulate policy
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789:user/myuser \
--action-names s3:GetObject \
--resource-arns arn:aws:s3:::bucket-name/*
Lambda
List Functions
aws lambda list-functions \
--query 'Functions[].[FunctionName,Runtime,LastModified]' \
--output table
Invoke Function
# Invoke
aws lambda invoke \
--function-name my-function \
--payload '{"key": "value"}' \
response.json
# View response
cat response.json
View Logs
aws logs tail /aws/lambda/my-function --follow
RDS
List Databases
aws rds describe-db-instances \
--query 'DBInstances[].[DBInstanceIdentifier,DBInstanceStatus,Engine,DBInstanceClass]' \
--output table
Database Status
aws rds describe-db-instances \
--db-instance-identifier my-database
Cost & Billing
Quick Cost Check
# Month-to-date costs
aws ce get-cost-and-usage \
--time-period Start=$(date -d "$(date +%Y-%m-01)" +%Y-%m-%d),End=$(date +%Y-%m-%d) \
--granularity MONTHLY \
--metrics BlendedCost \
--query 'ResultsByTime[].Total.BlendedCost'
Cost by Service
aws ce get-cost-and-usage \
--time-period Start=$(date -d "$(date +%Y-%m-01)" +%Y-%m-%d),End=$(date +%Y-%m-%d) \
--granularity MONTHLY \
--metrics BlendedCost \
--group-by Type=DIMENSION,Key=SERVICE \
--query 'ResultsByTime[].Groups[].[Keys[0],Metrics.BlendedCost.Amount]' \
--output table
Troubleshooting
Common Issues
| Issue | Check | Command |
|---|---|---|
| Access Denied | IAM permissions | aws sts get-caller-identity |
| Resource not found | Region mismatch | aws configure get region |
| Rate limiting | API throttling | Add --debug flag |
| Credential issues | Profile/env vars | aws configure list |
Debug Mode
# Verbose output
aws s3 ls --debug 2>&1 | head -50
Quick Reference
# EC2: List running instances
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[].Instances[].[InstanceId,Tags[?Key==`Name`].Value|[0]]' --output table
# S3: Bucket sizes
aws s3api list-buckets --query 'Buckets[].Name' --output text | xargs -I {} sh -c 'echo -n "{}: "; aws s3 ls s3://{} --recursive --summarize 2>/dev/null | tail -1'
# Lambda: Recent errors
aws logs tail /aws/lambda/FUNCTION --since 1h --filter-pattern "ERROR"
# Costs: This month
aws ce get-cost-and-usage --time-period Start=$(date +%Y-%m-01),End=$(date +%Y-%m-%d) --granularity MONTHLY --metrics BlendedCost
Related Skills
- cost-optimization: For detailed cost analysis
- terraform-workflow: For IaC management
- incident-response: For AWS-related incidents
Source
git clone https://github.com/agenticdevops/devops-execution-engine/blob/main/skills/aws-ops/SKILL.mdView on GitHub Overview
This skill provides common AWS CLI operations for infrastructure management, including querying resource state, managing EC2, S3, EKS, and CloudWatch logs. It helps operators verify identity, switch profiles, and perform routine AWS tasks across accounts and regions.
How This Skill Works
Leveraging the AWS CLI to execute service-specific commands for EC2, S3, EKS, and CloudWatch. Users scope actions with AWS_PROFILE and AWS_DEFAULT_REGION and use targeted --query and --filters to format outputs and perform common operations like starting instances or listing buckets.
When to Use It
- Managing AWS resources across accounts and regions
- Querying the current state of EC2, S3, EKS resources
- Troubleshooting AWS issues using status, console output, and logs
- Investigating costs and usage patterns
- Verifying identity and configuring profiles/regions before operations
Quick Start
- Step 1: Configure identity and region using AWS_PROFILE and AWS_DEFAULT_REGION
- Step 2: Run common commands for EC2, S3, and EKS as needed
- Step 3: Inspect CloudWatch Logs with tail and query commands
Best Practices
- Confirm identity and region before making changes
- Use targeted queries with --query and --filters to minimize data
- Prefer non-destructive actions and test with --dry-run when available
- Organize commands by resource type and maintain audit-friendly outputs
- Leverage AWS_PROFILE and region environment variables to avoid cross-account errors
Example Use Cases
- List all EC2 instances with key information
- Start/Stop/Reboot a specific EC2 instance and fetch console output
- List S3 buckets and objects; copy or sync files to/from local or remote
- Update kubeconfig for EKS and describe a cluster
- Tail logs or run CloudWatch log queries (describe-log-groups, start-query, get-query-results)
Frequently Asked Questions
Add this skill to your agents
