# Launch instance
aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t2.micro \
  --key-name my-key-pair \
  --security-group-ids sg-xxxxxxxx \
  --subnet-id subnet-xxxxxxxx

# List instances
aws ec2 describe-instances

# Start/Stop instance
aws ec2 start-instances --instance-ids i-xxxxxxxx
aws ec2 stop-instances --instance-ids i-xxxxxxxx

# Terminate instance
aws ec2 terminate-instances --instance-ids i-xxxxxxxx

# Create bucket
aws s3 mb s3://my-bucket

# List buckets
aws s3 ls

# Upload file
aws s3 cp file.txt s3://my-bucket/

# Download file
aws s3 cp s3://my-bucket/file.txt .

# List objects
aws s3 ls s3://my-bucket/

# Delete object
aws s3 rm s3://my-bucket/file.txt

# Delete bucket
aws s3 rb s3://my-bucket --force

# Create user
aws iam create-user --user-name myuser

# Create group
aws iam create-group --group-name mygroup

# Add user to group
aws iam add-user-to-group \
  --user-name myuser \
  --group-name mygroup

# Attach policy
aws iam attach-user-policy \
  --user-name myuser \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

# Create access key
aws iam create-access-key --user-name myuser

# Create function
aws lambda create-function \
  --function-name my-function \
  --runtime nodejs14.x \
  --handler index.handler \
  --role arn:aws:iam::account-id:role/lambda-role \
  --zip-file fileb://function.zip

# Invoke function
aws lambda invoke \
  --function-name my-function \
  --payload '{"key": "value"}' \
  output.txt

# List functions
aws lambda list-functions

# Update function
aws lambda update-function-code \
  --function-name my-function \
  --zip-file fileb://function.zip

# Create instance
aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t2.micro \
  --engine mysql \
  --master-username admin \
  --master-user-password password \
  --allocated-storage 20

# List instances
aws rds describe-db-instances

# Create snapshot
aws rds create-db-snapshot \
  --db-snapshot-identifier mysnapshot \
  --db-instance-identifier mydb

# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier mydb-restored \
  --db-snapshot-identifier mysnapshot

# Create stack
aws cloudformation create-stack \
  --stack-name my-stack \
  --template-body file://template.yaml \
  --parameters ParameterKey=KeyName,ParameterValue=my-key

# Update stack
aws cloudformation update-stack \
  --stack-name my-stack \
  --template-body file://template.yaml

# List stacks
aws cloudformation list-stacks

# Delete stack
aws cloudformation delete-stack \
  --stack-name my-stack

# Create VPC
aws ec2 create-vpc \
  --cidr-block 10.0.0.0/16

# Create subnet
aws ec2 create-subnet \
  --vpc-id vpc-xxxxxxxx \
  --cidr-block 10.0.1.0/24

# Create security group
aws ec2 create-security-group \
  --group-name my-sg \
  --description "My security group" \
  --vpc-id vpc-xxxxxxxx

# Add rule
aws ec2 authorize-security-group-ingress \
  --group-id sg-xxxxxxxx \
  --protocol tcp \
  --port 80 \
  --cidr 0.0.0.0/0

# Create hosted zone
aws route53 create-hosted-zone \
  --name example.com \
  --caller-reference $(date +%s)

# Create record
aws route53 change-resource-record-sets \
  --hosted-zone-id ZXXXXXXXXXXXXXXX \
  --change-batch '{
    "Changes": [{
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "example.com",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [{"Value": "1.2.3.4"}]
      }
    }]
  }'

# Create distribution
aws cloudfront create-distribution \
  --origin-domain-name my-bucket.s3.amazonaws.com \
  --default-root-object index.html

# List distributions
aws cloudfront list-distributions

# Invalidate cache
aws cloudfront create-invalidation \
  --distribution-id EXXXXXXXXXXXXXXX \
  --paths "/*"

# Create key
aws kms create-key \
  --description "My key" \
  --key-usage ENCRYPT_DECRYPT

# Encrypt data
aws kms encrypt \
  --key-id alias/my-key \
  --plaintext fileb://plaintext.txt \
  --output text \
  --query CiphertextBlob \
  > encrypted.txt

# Decrypt data
aws kms decrypt \
  --ciphertext-blob fileb://encrypted.txt \
  --output text \
  --query Plaintext \
  > decrypted.txt

# Create secret
aws secretsmanager create-secret \
  --name my-secret \
  --secret-string '{"username":"admin","password":"secret"}'

# Get secret
aws secretsmanager get-secret-value \
  --secret-id my-secret

# Update secret
aws secretsmanager update-secret \
  --secret-id my-secret \
  --secret-string '{"username":"admin","password":"new-secret"}'

# Create web ACL
aws wafv2 create-web-acl \
  --name my-web-acl \
  --scope REGIONAL \
  --default-action Allow \
  --visibility-config \
    SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=my-web-acl

# List web ACLs
aws wafv2 list-web-acls \
  --scope REGIONAL

# Security measures
- Use IAM roles
- Enable MFA
- Use KMS encryption
- Implement least privilege
- Regular security audits

# Access management
- Rotate access keys
- Use IAM groups
- Implement password policy
- Enable CloudTrail
- Use AWS Config

# Network security
- Use VPC
- Configure security groups
- Enable WAF
- Use private subnets
- Implement NACLs

# Cost management
- Use reserved instances
- Implement auto-scaling
- Use spot instances
- Enable cost allocation
- Regular cost analysis

# Resource optimization
- Right-size instances
- Use auto-scaling
- Implement caching
- Use serverless
- Optimize storage

# Monitoring
- Set up CloudWatch
- Configure alarms
- Use cost explorer
- Implement budgets
- Regular reviews

# Availability measures
- Use multiple AZs
- Implement auto-scaling
- Use load balancing
- Configure health checks
- Regular testing

# Disaster recovery
- Regular backups
- Cross-region replication
- Recovery procedures
- Regular testing
- Documentation

# Performance
- Use CDN
- Implement caching
- Optimize databases
- Use auto-scaling
- Regular monitoring