# Daily Hack #day73 - AWS CLI –dryrun flag

### AWS CLI –dryrun Flag

The `--dry-run` flag in the AWS Command Line Interface (CLI) is a useful feature for testing commands without actually making any changes. It allows users to see the potential outcome of a command, ensuring that it will execute as expected before making any real modifications to their AWS resources.

### Key Features:

1. **Simulation**: The `--dry-run` flag simulates the execution of an AWS CLI command, providing a preview of what the command will do without making any actual changes.
    
2. **Validation**: It helps validate the syntax and parameters of a command, catching errors and misconfigurations early.
    
3. **Safety**: By using `--dry-run`, users can safely test potentially destructive commands (such as deletions or modifications) to ensure they won't unintentionally affect critical resources.
    

### Use Cases:

* **Testing IAM Policies**: Validate whether an IAM policy has the necessary permissions to perform an action without actually making changes.
    
    ```bash
    aws iam create-role --role-name MyTestRole --assume-role-policy-document file://policy.json --dry-run
    ```
    
* **Verifying EC2 Actions**: Check if an EC2 instance can be started or stopped without affecting the current state.
    
    ```bash
    aws ec2 start-instances --instance-ids i-1234567890abcdef0 --dry-run
    ```
    
* **Cost Management**: Preview the creation of resources (such as EC2 instances or RDS databases) to understand potential costs and configurations without incurring charges.
    
    ```bash
    aws ec2 run-instances --image-id ami-12345678 --count 1 --instance-type t2.micro --dry-run
    ```
    

### Example Commands:

* **EC2 Instance Start**:
    
    ```bash
    aws ec2 start-instances --instance-ids i-1234567890abcdef0 --dry-run
    ```
    
    This command will simulate starting an EC2 instance and display whether the action is permitted.
    
* **IAM Role Creation**:
    
    ```bash
    aws iam create-role --role-name MyTestRole --assume-role-policy-document file://policy.json --dry-run
    ```
    
    This command will check if the IAM role can be created with the provided policy without actually creating it.
    

### Benefits:

* **Error Prevention**: Helps catch errors and misconfigurations before they can cause issues in your environment.
    
* **Confidence**: Provides assurance that a command will execute as intended, reducing the risk of unintended changes.
    
* **Efficiency**: Saves time by allowing users to validate commands and configurations quickly and easily.
    

### Limitations:

* **Support**: Not all AWS CLI commands support the `--dry-run` flag. It's typically used with commands that create, modify, or delete resources.
    

Using the `--dry-run` flag is a best practice when working with AWS CLI, especially for commands that have significant impact on your resources. It enhances the safety and reliability of your AWS operations by providing a straightforward way to validate commands before execution.