AWS CLI –dryrun Flag
The --dry-run
flag in the AWS Command Line Interface (CLI) is a useful feature for testing commands without actually making any changes. It allows users to see the potential outcome of a command, ensuring that it will execute as expected before making any real modifications to their AWS resources.
Key Features:
Simulation: The
--dry-run
flag simulates the execution of an AWS CLI command, providing a preview of what the command will do without making any actual changes.Validation: It helps validate the syntax and parameters of a command, catching errors and misconfigurations early.
Safety: By using
--dry-run
, users can safely test potentially destructive commands (such as deletions or modifications) to ensure they won't unintentionally affect critical resources.
Use Cases:
Testing IAM Policies: Validate whether an IAM policy has the necessary permissions to perform an action without actually making changes.
aws iam create-role --role-name MyTestRole --assume-role-policy-document file://policy.json --dry-run
Verifying EC2 Actions: Check if an EC2 instance can be started or stopped without affecting the current state.
aws ec2 start-instances --instance-ids i-1234567890abcdef0 --dry-run
Cost Management: Preview the creation of resources (such as EC2 instances or RDS databases) to understand potential costs and configurations without incurring charges.
aws ec2 run-instances --image-id ami-12345678 --count 1 --instance-type t2.micro --dry-run
Example Commands:
EC2 Instance Start:
aws ec2 start-instances --instance-ids i-1234567890abcdef0 --dry-run
This command will simulate starting an EC2 instance and display whether the action is permitted.
IAM Role Creation:
aws iam create-role --role-name MyTestRole --assume-role-policy-document file://policy.json --dry-run
This command will check if the IAM role can be created with the provided policy without actually creating it.
Benefits:
Error Prevention: Helps catch errors and misconfigurations before they can cause issues in your environment.
Confidence: Provides assurance that a command will execute as intended, reducing the risk of unintended changes.
Efficiency: Saves time by allowing users to validate commands and configurations quickly and easily.
Limitations:
- Support: Not all AWS CLI commands support the
--dry-run
flag. It's typically used with commands that create, modify, or delete resources.
Using the --dry-run
flag is a best practice when working with AWS CLI, especially for commands that have significant impact on your resources. It enhances the safety and reliability of your AWS operations by providing a straightforward way to validate commands before execution.