AWS CLI Commands for Cloud Network Engineers

Configure AWS SSO

To set up AWS SSO, run:

aws configure sso

Follow these prompts:

• **SSO session name** (optional, press Enter to use default):

SSO session name (Recommended): my-sso-session

• **SSO start URL** (provided by your admin):

SSO start URL [None]: https://my-sso.awsapps.com/start

• **SSO region** (where SSO is set up, e.g., `us-east-1`):

SSO region [None]: us-east-1

• **SSO registration scopes** (press Enter for default):

SSO registration scopes [None]: (Press Enter)

• **Authenticate SSO** – The CLI opens a browser to log in.

• **Select an AWS account and role** – Choose from the available accounts and roles.

• **Set the default region for this profile**:

CLI default client Region [None]: us-west-2

• **Set the default output format** (optional, default is `json`):

CLI default output format [None]: json

• **Set the profile name** (for use with `--profile` flag):

CLI profile name [None]: my-profile

Once configured, log in with:

aws sso login --profile my-profile

1. VPC Management

View VPCs

aws ec2 describe-vpcs

Use Case: Lists all VPCs in your account.

Create a VPC

aws ec2 create-vpc --cidr-block 10.0.0.0/16

Use Case: Creates a new VPC.

Delete a VPC

aws ec2 delete-vpc --vpc-id vpc-12345678

Use Case: Deletes a VPC.

2. Subnet Management

List Subnets

aws ec2 describe-subnets
aws ec2 describe-subnets --query 'Subnets[*]' --output table --profile network

Use Case: Lists all subnets.

Create a Subnet

aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24 --availability-zone us-east-1a

Use Case: Creates a subnet.

Delete a Subnet

aws ec2 delete-subnet --subnet-id subnet-12345678

Use Case: Deletes a subnet.

3. Route Table Management

List Route Tables

aws ec2 describe-route-tables
aws ec2 describe-route-tables --query 'RouteTables[*]' --output table --profile network

Use Case: Displays route tables.

Create a Route Table

aws ec2 create-route-table --vpc-id vpc-12345678

Use Case: Creates a custom route table.

Add Route to Internet Gateway

aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678

Use Case: Enables internet access.

4. Internet Gateway & NAT Gateway

List Internet Gateways

aws ec2 describe-internet-gateways

Use Case: Shows all IGWs.

Create an Internet Gateway

aws ec2 create-internet-gateway

Use Case: Creates an IGW.

Attach IGW to a VPC

aws ec2 attach-internet-gateway --vpc-id vpc-12345678 --internet-gateway-id igw-12345678

Use Case: Connects an IGW to a VPC.

List NAT Gateways

aws ec2 describe-nat-gateways

Use Case: Checks NAT gateways.

5. Security Groups & Network ACLs

List Security Groups

aws ec2 describe-security-groups

Use Case: Shows security groups.

Create a Security Group

aws ec2 create-security-group --group-name MySG --description "My Security Group" --vpc-id vpc-12345678

Use Case: Defines a security group.

Add Inbound Rule to Security Group

aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 22 --cidr 0.0.0.0/0

Use Case: Allows SSH access.

List Network ACLs

aws ec2 describe-network-acls

Use Case: Displays network ACLs.

6. Elastic Load Balancer (ELB)

List Load Balancers

aws elbv2 describe-load-balancers

Use Case: Shows all ALBs and NLBs.

Register an Instance to a Target Group

aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:region:account-id:targetgroup/my-target-group/123456 --targets Id=i-12345678

Use Case: Adds an EC2 instance to a target group.

7. AWS Transit Gateway

List Transit Gateways

aws ec2 describe-transit-gateways

Use Case: Checks Transit Gateways.

Attach a VPC to a Transit Gateway

aws ec2 create-transit-gateway-vpc-attachment --transit-gateway-id tgw-12345678 --vpc-id vpc-12345678 --subnet-ids subnet-12345678

Use Case: Connects a VPC to a TGW.

8. AWS VPN (Site-to-Site & Client VPN)

List Site-to-Site VPNs

aws ec2 describe-vpn-connections

Use Case: Displays VPN connections.

Create a VPN Connection

aws ec2 create-vpn-connection --customer-gateway-id cgw-12345678 --vpn-gateway-id vgw-12345678 --type ipsec.1

Use Case: Establishes a VPN connection.

List Client VPN Endpoints

aws ec2 describe-client-vpn-endpoints

Use Case: Checks Client VPN endpoints.

9. Direct Connect

List Direct Connect Connections

aws directconnect describe-connections

Use Case: Shows Direct Connect links.

Create a Virtual Interface

aws directconnect create-private-virtual-interface --connection-id dxcon-12345678 --new-private-virtual-interface ...

Use Case: Sets up Direct Connect.

10. Network Troubleshooting

Check Reachability of an Instance

aws ec2 get-console-output --instance-id i-12345678

Use Case: Retrieves logs for debugging.

Run Reachability Analyzer

aws ec2 start-network-insights-analysis --network-insights-path-id nip-12345678

Use Case: Analyzes connectivity issues.

11. Elastic IP (EIP) Management

List Elastic IPs

aws ec2 describe-addresses

Use Case: Shows allocated EIPs.

Allocate a New EIP

aws ec2 allocate-address

Use Case: Reserves a new EIP.

Associate an EIP with an Instance

aws ec2 associate-address --instance-id i-12345678 --allocation-id eipalloc-12345678

Use Case: Assigns an EIP to an instance.

12. AWS Global Accelerator

List Accelerators

aws globalaccelerator list-accelerators

Use Case: Shows AWS Global Accelerators.

Update Accelerator Attributes

aws globalaccelerator update-accelerator --accelerator-arn arn:aws:globalaccelerator::12345678 --enabled

Use Case: Enables or disables Global Accelerator.

Conclusion

These AWS CLI commands are essential for managing cloud networking components efficiently. Use them to automate network tasks, troubleshoot issues, and configure AWS network services.