Object Storage: Handy AWS cli cheat sheet

  • 18 November 2022

Userlevel 4


One of the most notable upcoming Veeam Backup and Replication v12 capability is Direct to “Object Storage” backups.

I thought it might come in handy to share a small AWS cli cheat sheet with the community.


Initial AWS cli configuration

The first step is to run aws configure

All you need to provide are access key and secret key. You specify the --endpoint-url directly in the commands.

Next, make sure you are using v4 signature aws configure set default.s3.signature_version s3v4


Creating a simple bucket

aws s3api create-bucket --bucket <yourbucketname> --endpoint-url=<yourendpointurl> --no-verify-ssl

Note: You don’t necessarily need the --no-verify-ssl option except if like me you are lazy with certificates in your lab.


Creating a bucket with object lock

Check out this great post from my colleague Steve Firmes where he discusses “How to avoid an Immutability Migraine”.

The command is pretty straight forward:

aws s3api create-bucket --bucket <yourbucketname> --object-lock-enabled-for-bucket --endpoint-url=<yourendpointurl>

In this example, I am using wasabi and you can see the effect of --object-lock-enabled-for-bucket in the screenshots below:


Cleanup your bucket

It might be useful during testing to wipe a bucket clean.


If versioning is disabled, then the following command works well:

aws s3 rm s3://<yourbucketname> --recursive --endpoint-url=<yourendpointurl>


If versioning is enabled, then you need to list all objects’ versions before deleting them:

objectlist=$(aws s3api list-object-versions --bucket "<yourbuckectname>" --output=json --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}' --endpoint-url=<yourendpointurl>)

aws s3api delete-objects --bucket <yourbucketname> --delete "$objectlist" --endpoint-url=<yourendpointurl>


Note: In the context of a Veeam repository, if versioning is enabled then you are most likely using object lock for immutability. See the following commands to test for versioning and object lock.


Check if object lock is enabled

aws s3api get-object-lock-configuration --bucket <yourbucketname> --endpoint-url=<yourendpointurl>


Check if versioning is enabled

aws s3api get-bucket-versioning --bucket ,yourbucketname> --endpoint-url=<yourendpointurl>


Deleting a bucket

Note: This is only possible if your bucket is empty.

aws s3api delete-bucket --bucket <yourbucketname> --endpoint-url=<yourendpointurl>


Bucket Storage Consumption and Object count

Note1: The following command will become increasingly slow to run as your object count increases. A better option is to look at your object storage vendors metrics directly (here is AWS’s for reference) or to use other tools like s3browser, s3cmd, s4cmd.

Note2: Make sure you understand the API cost associated with listing the content of your bucket (hence the recommendation to look at your vendor’s metrics first)

aws s3 ls s3://<yourbucketname> --recursive --human-readable --summarize --endpoint-url=<yourendpointurl>

Note3: Some vendors may not support --human-readable option


s3cmd du -H s3://<yourbucketname> --host=<yourendpointurl>


Bucket Policy

Can’t write backups to that bucket? Check that its policy matches Veeam repository requirements.

aws s3api get-bucket-policy --bucket <yourbucketname> --endpoint-url=<yourendpointurl>



Thank you for reading.

In this post I shared my AWS cli cheat sheet. Hopefully you will find it useful.

Feel free to add your own commands, tips and tricks in the comments below.


Userlevel 7
Badge +8

This is a really great post.  We are getting into Object Storage for many things including Veeam and this will come in very handy.  👍🏼

Userlevel 7
Badge +7

Nice overview 😎👍🏼

This is very handy for reference.