AWS vs GCP vs Azure CLI Cheat Sheet

Q: Which cloud CLI is easiest to learn?

Most engineers find gcloud the most consistent and readable, largely because GCP's resource model is simpler. The AWS CLI is the most powerful but also the most verbose, with complex JMESPath query expressions. Azure CLI is well-structured but the resource group requirement adds a layer of indirection.

Q: Can I use all three CLIs together in a script?

Yes. Many DevOps teams run multi-cloud scripts that mix aws, gcloud, and az commands. The key is consistent error handling — each CLI has different exit codes and output formats. Use --output json everywhere and parse with jq for reliable cross-cloud scripting.

Setting Up: Installation at a Glance

CLI	Install (macOS)	Version Check
AWS CLI v2	`brew install awscli`	`aws --version`
gcloud CLI	`brew install --cask google-cloud-sdk`	`gcloud version`
Azure CLI	`brew install azure-cli`	`az version`

For Linux, all three are available via package manager or as standalone installers. AWS and Azure also have Docker images if you prefer containerised tooling.

Authentication

Getting authenticated is step one — and all three CLIs handle it differently.

# AWS — interactive or SSO
aws configure
# Enter: Access Key ID, Secret Access Key, default region, output format

# Or use SSO:
aws sso login --profile my-profile

# GCP
gcloud auth login
gcloud config set project my-project-id

# For service accounts:
gcloud auth activate-service-account --key-file=key.json

# Azure — browser-based login
az login

# Or with service principal:
az login --service-principal -u APP_ID -p PASSWORD --tenant TENANT_ID

Compute: Managing Virtual Machines and Instances

List running instances / VMs

# AWS — EC2 instances
aws ec2 describe-instances \
  --filters "Name=instance-state-name,Values=running" \
  --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,PublicIpAddress]' \
  --output table

# GCP — Compute Engine instances
gcloud compute instances list --filter="status=RUNNING"

# Azure — Virtual Machines
az vm list --show-details \
  --query "[?powerState=='VM running'].[name,location,hardwareProfile.vmSize]" \
  -o table

Start / stop a machine

# AWS
aws ec2 start-instances --instance-ids i-0abcd1234efgh5678
aws ec2 stop-instances --instance-ids i-0abcd1234efgh5678

# GCP
gcloud compute instances start my-instance --zone=us-central1-a
gcloud compute instances stop my-instance --zone=us-central1-a

# Azure
az vm start --resource-group myRG --name myVM
az vm stop --resource-group myRG --name myVM

SSH into an instance

# AWS — EC2 Instance Connect + standard SSH
aws ec2-instance-connect send-ssh-public-key \
  --instance-id i-0abc123 --instance-os-user ec2-user \
  --ssh-public-key file://~/.ssh/id_rsa.pub
ssh -i ~/.ssh/key.pem ec2-user@<public-ip>

# GCP — gcloud wraps SSH for you
gcloud compute ssh my-instance --zone=us-central1-a

# Azure — via Bastion
az network bastion ssh --resource-group myRG --name myBastion \
  --target-resource-id /subscriptions/.../myVM --auth-type ssh-key \
  --username azureuser --ssh-key ~/.ssh/id_rsa

Storage: Buckets and Blob Storage

Three clouds, three names: S3, Cloud Storage, Blob Storage. Same concept, very different commands.

Create a bucket / storage account

# AWS S3
aws s3 mb s3://my-bucket-name --region us-east-1

# GCP Cloud Storage
gcloud storage buckets create gs://my-bucket-name --location=us-central1

# Azure Blob Storage (requires storage account first)
az storage account create --name mystorageacct --resource-group myRG \
  --location eastus --sku Standard_LRS
az storage container create --name mycontainer --account-name mystorageacct

Upload a file

# AWS
aws s3 cp ./myfile.txt s3://my-bucket/myfile.txt

# GCP
gsutil cp ./myfile.txt gs://my-bucket/myfile.txt

# Azure
az storage blob upload --account-name mystorageacct \
  --container-name mycontainer --name myfile.txt --file ./myfile.txt

List bucket contents

# AWS
aws s3 ls s3://my-bucket/ --recursive --human-readable

# GCP
gsutil ls -lh gs://my-bucket/

# Azure
az storage blob list --account-name mystorageacct \
  --container-name mycontainer -o table

IAM: Managing Permissions

IAM is where conceptual models diverge the most. AWS uses policies attached to users/roles. GCP uses bindings at the resource level. Azure uses RBAC with role assignments.

List IAM policies / roles on a resource

# AWS — policies attached to a user
aws iam list-attached-user-policies --user-name john.smith

# GCP — IAM bindings on a project
gcloud projects get-iam-policy my-project-id

# Azure — role assignments in a resource group
az role assignment list --resource-group myRG -o table

Create a service account / access key

# AWS — IAM user and access key
aws iam create-user --user-name ci-deploy
aws iam create-access-key --user-name ci-deploy

# GCP — service account + key file
gcloud iam service-accounts create ci-deploy \
  --display-name "CI Deploy Account"
gcloud iam service-accounts keys create key.json \
  [email protected]

# Azure — service principal
az ad sp create-for-rbac --name ci-deploy \
  --role Contributor --scopes /subscriptions/SUBSCRIPTION_ID

Logs and Monitoring

Debugging starts with logs. Here's how to pull them on each cloud.

# AWS — CloudWatch Logs
aws logs tail /aws/lambda/my-function --follow

# GCP — Cloud Logging
gcloud logging read "resource.type=cloud_function" --limit 50 --format=json

# Azure — App Insights
az monitor app-insights query --app myAppInsights \
  --analytics-query "requests | order by timestamp desc | take 50"

☁️

DevOpsArsenal Cloud CLI Command Builder

Pick your cloud provider, resource type, and action — and get the correct, ready-to-run command generated for you. Particularly useful when you know what you want to do but can't remember how a specific cloud phrases it.

Try CLI Command Builder →

Frequently Asked Questions

Which cloud CLI is easiest to learn? ▼

Most engineers find gcloud the most consistent and readable, largely because GCP's resource model is simpler. The AWS CLI is the most powerful but also the most verbose, with complex JMESPath query expressions. Azure CLI is well-structured but the resource group requirement adds a layer of indirection.

Can I use all three CLIs together in a script? ▼

Yes. Many DevOps teams run multi-cloud scripts that mix aws, gcloud, and az commands. The key is consistent error handling — each CLI has different exit codes and output formats. Use --output json everywhere and parse with jq for reliable cross-cloud scripting.

What's the difference between AWS CLI v1 and v2? ▼

AWS CLI v2 added SSO login support, improved paginators, and a new installer. It is not fully backward compatible, so scripts written for v1 may need minor changes. AWS recommends v2 for all new work.

Is there a single CLI that works across all three clouds? ▼

Tools like Pulumi, Terraform, and Crossplane provide a unified abstraction layer for infrastructure management, but they are not general-purpose CLIs. For operational tasks — listing resources, tailing logs, managing permissions — you still need the native CLIs.

Multi-cloud is the new normal, and that means living with three different CLIs and their quirks. The commands in this guide cover 80% of daily operations — bookmark it, keep it in your notes, or use the Cloud CLI Command Builder when you need the exact syntax on demand. The goal isn't to memorise everything. It's to know enough to find the right command quickly and keep moving.