AWS VPC Cheatsheet

Top commands.

Overview

The VPC CLI cheatsheet captures the patterns operators actually use during AWS networking investigation. Routing failures and security-group misconfigurations cause more outages than the underlying network does; fluency at the CLI shortens the path from "broken" to "found."

• Top commands. describe-vpcs, describe-subnets, describe-route-tables, describe-flow-logs; the four investigation paths.
• Filter by tag. --filters Name=tag:env,Values=prod; narrow scope before reading; the alternative is parsing every VPC in the account.
• Flow logs. describe-flow-logs plus Athena queries; the forensic surface for network traffic.
• VPC endpoints plus Transit Gateway. describe-vpc-endpoints for service connectivity; describe-transit-gateway-attachments for hub-and-spoke topologies.

The approach

The practical approach: filter by tag to narrow scope, query flow logs with Athena, document the topology in the repo. The team’s discipline produces fast network investigation.

• aws ec2 describe-vpcs --filters Name=tag:env,Values=prod. Per-environment VPCs; first call when an environment scope is implied.
• aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-xxx. Per-VPC subnet inspection; supports CIDR and AZ verification.
• aws ec2 describe-route-tables. Routing inspection; catches the missing route or wrong target gateway.
• Athena over flow logs. SQL queries on VPC traffic; supports forensics, anomaly detection, cost analysis.
• Document the topology. Per-VPC layout committed to the repo; supports operational reviews and onboarding.

Why this compounds

VPC fluency compounds across investigations. Each captured pattern grows the team’s networking expertise; cost-per-question falls as the operational playbook matures.

• Faster network investigation. Fluent VPC produces fast root cause; routing issues triaged in minutes, not hours.
• Better security. Flow log queries reveal anomalies; unexpected traffic surfaces before a real incident.
• Better cost management. Flow log analysis reveals expensive cross-AZ traffic patterns; the optimisation lever is data, not guesswork.
• Institutional knowledge. Each command teaches AWS networking; the team’s network engineering muscle grows.

VPC fluency is an operational discipline that pays off across years. Nova AI Ops integrates with networking telemetry, surfaces patterns, and supports the team’s network engineering discipline.