Skip to content



run a DNS lookup on the domain $ dig +nocmd any +multiline +noall +answer
# Returns:
# 5 IN A

$ nslookup
# Returns:
# Non-authoritative answer:
# name =
metadata service


create a profile $ aws configure --profile <profile_name>
get account information (current user) $ aws iam get-user
find what policies are attached to a user $ aws iam list-attached-user-policies --user-name <USERNAME_X>
# Returns:
# arn:aws:iam::975426262029:policy/list_apigateways
get policy version $ aws iam get-policy --policy-arn <arn:aws:iam::975426262029:policy/list_apigateways>
# Returns: <VERSION_X>
retrieve policy content $ aws iam get-policy-version --policy-arn <arn:aws:iam::975426262029:policy/list_apigateways> --version-id <VERSION_X>
retrieve account ID $ aws sts get-caller-identity
list policies attached to account $ aws iam get-user
$ aws iam list-attached-user-policies --user-name <user_name>
show content of policy $ aws iam get-policy --policy-arn <policy_arn>
$ aws iam get-policy-version s--policy-arn <policy_arn> --version-id <DefaultVersionId>
list all users of IAM $ aws iam list-users
list users by ARN $ aws iam list-users –output json | jq -r .Users[].Arn
list user's access key for IAM $ aws iam list-access-keys --user-name [username]
list the groups a user belongs to $ aws iam list-groups-for-user --user [username]
list policy names applied to a group $ aws iam list-group-policies --group-name [groupname]
get the contents of a policy $ aws iam get-group-policy --group-name [groupname] --policy-name [policyname]
investigate policy starting from PolicyId $ aws iam list-policies | jq '.Policies | .[] | select(.PolicyId=="ANPXXXXXXXXX") | .'
$ aws iam list-entities-for-policy --policy-arn="arn:aws:iam::aws:policy/IAMFullAccess"
$ aws iam list-attached-role-policies --role-name="Bot"
$ aws iam get-policy-version --policy-arn="arn:aws:iam::11111111111:policy/CIBot" --version-id=$(aws iam get-policy --policy-arn="arn:aws:iam::11111111111:policy/Bot" | jq -r '.Policy.DefaultVersionId')
$ aws iam get-role --role-name="Bot"


list S3 buckets associated with a profile $ aws s3 ls
list content of bucket (no creds) $ aws s3 ls s3://bucket-name --no-sign-request
list content of bucket (with creds) $ aws s3 ls s3://bucket-name
copy local folder to S3 $ aws s3 cp MyFolder s3://bucket-name --recursive
delete $ aws s3 rb s3://bucket-name –-force
download a whole S3 bucket $ aws s3 sync s3://<bucket>/ . --no-sign-request
move S3 bucket to different location $ aws s3 sync s3://oldbucket s3://newbucket --source-region us-west-1
list the sizes of an S3 bucket and its contents $ aws s3api list-objects --bucket BUCKETNAME --output json --query "[sum(Contents[].Size), length(Contents[])]"
list permissions of bucket $ aws s3api get-bucket-acl --bucket <bucketname>


list available images $ aws ec2 describe-images [ | grep ubuntu]
list info about instances $ aws --region us-east-1 ec2 describe-instances
list stopped instances $ aws ec2 describe-instances --filters Name=instance-state-name,Values=stopped --region eu-west-1 --output json | jq -r .Reservations[].Instances[].StateReason.Message
list volumes $ aws --region us-east-1 ec2 describe-volumes
list available snapshots (ID retrieved from sts get-caller-identity) $ aws ec2 describe-snapshots --owner-id <ID>
create a volume using a snapshot $ aws ec2 create-volume --availability-zone us-west-2a --region us-west-2 --snapshot-id <snap-0b49342abd1bdcb89>

# Attach new volume to instance
$ aws ec2 attach-volume --device /dev/sdh --instance-id <INSTANCE-ID> --volume-id <VOLUME-ID>

# mount the snapshot from within the VM
$ sudo file -s /dev/xvdb1
# Returns:
# /dev/xvdb1: Linux rev 1.0 ext4 filesystem data, UUID=5a2075d0-d095-4511-bef9-802fd8a7610e, volume name "cloudimg-rootfs" (extents) (large files) (huge files)
$ sudo mount /dev/xvdb1 /mnt
list user's access keys for EC2 $ aws --region us-east-1 ec2 describe-key-pairs
get current output $ aws --region us-east-1 ec2 get-console-output --instance-id [id]
list security groups $ aws --region us-east-1 ec2 describe-security-groups


List internet-facing ELBs $ aws elb describe-load-balancers --region eu-west-1 | jq '.LoadBalancerDescriptions[]| select( .Scheme | contains("internet-facing"))|.DNSName'


list lambda functions $ aws lambda list-functions
retrieve function's policy $ aws lambda get-policy --function-name <NAME>
call lambda function $ aws apigateway get-stages --rest-api-id <API_ID>
download lambda's code $ aws lambda get-function --function-name YOUR-FUNCTION_NAME --query Code.Location


list logs $ aws --region us-east-1 cloudtrail describe-trails
get log status $ aws --region us-east-1 cloudtrail get-trail-status --name [default]
stop logging $ aws --region us-east-1 cloudtrail stop-logging --name [default]


list stacks $ aws cloudformation list-stacks
describe stacks $ aws cloudformation describe-stacks


list images in registry (if ECR is public) $ aws ecr list-images --repository-name REPO_NAME --registry-id ACCOUNT_ID


find snapshots $ aws rds describe-db-snapshots --include-public --snapshot-type public
restore snapshot as new instance $ aws rds restore-db-instance-from-db-snapshot --db-instance-identifier <ID> --db-snapshot-identifier <ID> --availability-zone us-west-2a
reset credentials of MasterUsername $ aws rds modify-db-instance --db-instance-identifier <ID> --master-user-password <NewPassword> --apply-immediately