AWS CLI Incident Response Tools

Top AWS CLI commands for incident response.

EC2

AWS CLI incident response tools is the discipline of using aws cli effectively during incidents. Engineers comfortable with the CLI investigate and remediate faster than those reaching for the console.

What EC2 commands provide:

• aws ec2 describe-instances --filters Name=tag:env,Values=prod surfaces matching instances.: The filter narrows to specific instances. The team finds the right resources quickly; the discipline is targeted.
• Combine with --query for jq-like filtering.: The --query parameter applies JMESPath filtering. The output can be narrowed to specific fields; the discipline produces concise output.
• --output table for readability.: Different output formats fit different needs. JSON for scripting; table for reading; the discipline picks the right one.
• aws ec2 reboot-instances for restart.: Beyond reading, action commands modify state. Reboot, stop, terminate; the discipline handles modifications carefully.
• --dry-run for verification.: Modification commands support --dry-run. The team verifies the change before applying; the discipline catches mistakes.

EC2 commands are the foundation. Most AWS investigations include EC2 queries.

CloudWatch Logs

CloudWatch Logs commands stream and query logs efficiently. The CLI is faster than the console for log investigation.

• aws logs tail /aws/lambda/myfunc --follow streams logs.: The tail command streams logs in real time. The team's investigation is live; the data flows continuously.
• Faster than the console.: The console is slower for log investigation. The CLI's tail is responsive; the discipline produces fast iteration.
• aws logs filter-log-events for queries.: Beyond tailing, query historical logs. The team's investigation can target specific time ranges; the discipline supports postmortem investigation.
• --start-time and --end-time.: Time-bound queries. The team's investigation focuses on the incident window; the discipline produces relevant data.
• Use Insights for complex queries.: aws logs start-query-execution for CloudWatch Insights queries. Complex aggregations, structured queries; the discipline scales beyond simple filtering.

CloudWatch Logs commands accelerate log investigation. The discipline is fluency.

RDS

RDS commands handle database investigation. State checking, modification investigation, and remediation all use aws cli effectively.

• aws rds describe-db-instances --db-instance-identifier prod-db reads current state.: The command shows the database's current state. Engine version, instance class, status, all are visible.
• Look at PendingModifiedValues to spot scheduled changes.: The PendingModifiedValues field shows changes scheduled for next maintenance window. The team's investigation includes pending state; the discipline catches scheduled changes.
• aws rds describe-events for recent events.: Recent database events are visible. Failovers, modifications, backups all are recorded; the discipline produces context.
• aws rds reboot-db-instance for emergency restart.: The reboot command handles emergency restart. The discipline includes the action commands when needed.
• aws rds list-tags-for-resource for tags.: Tagging information is queryable. The team's investigation includes tag-based context; the discipline matches the team's tagging strategy.

AWS CLI incident response tools is one of those engineer-productivity disciplines that pays off in incident response. Nova AI Ops integrates with cloud telemetry, complementing CLI-driven investigation.