Introduction

Moving files from an EC2 instance to S3 from the command line is usually just an AWS CLI operation, but the setup matters: the instance needs permissions, the bucket path must be correct, and the command should match whether you are moving one file, many files, or an entire directory. In practice, the safest pattern is to copy to S3 first and then remove local files only after you verify the upload succeeded.

Make Sure the EC2 Instance Can Access S3

Before running any transfer command, confirm that the EC2 instance has AWS credentials through an IAM role or configured CLI profile. The preferred production setup is an IAM role attached to the instance.

A minimal test is:

aws sts get-caller-identity

If this fails, S3 commands will fail too. Also verify that the IAM permissions allow writes to the target bucket or prefix.

Copy a Single File to S3

The simplest command uses aws s3 cp.

aws s3 cp /var/data/report.csv s3://my-bucket/reports/report.csv

This uploads one file from the EC2 instance to the specified S3 key. The S3 path must include the bucket name and, if you want one, the key prefix.

Copy a Directory Recursively

If you need to upload a directory tree, use the recursive option.

aws s3 cp /var/data/logs s3://my-bucket/logs --recursive

This is useful for batch uploads, exports, and backup-style operations. You can also combine it with include and exclude filters.

aws s3 cp /var/data s3://my-bucket/archive --recursive \
  --exclude "*" \
  --include "*.csv"

That uploads only CSV files from the directory tree.

Use mv Only When You Really Mean Move

The AWS CLI also supports aws s3 mv, which copies the object to S3 and removes the source file afterward.

aws s3 mv /var/data/report.csv s3://my-bucket/reports/report.csv

This is convenient, but it is safer to think of it as a copy-plus-delete operation. If the file is important, many teams prefer:

1. cp to S3
2. verify upload success
3. delete local file explicitly

That gives you a clearer recovery path if something unexpected happens during the transfer process.

Verify the Upload

After the transfer, confirm that the object exists where you expect it.

aws s3 ls s3://my-bucket/reports/

For automation, it is also common to check the command exit status and stop the script if the upload fails.

aws s3 cp /var/data/report.csv s3://my-bucket/reports/report.csv || exit 1
rm /var/data/report.csv

That pattern prevents accidental local deletion after a failed upload.

Consider Encryption and Region Details

If your bucket policy requires server-side encryption, include it in the command.

aws s3 cp /var/data/report.csv s3://my-bucket/reports/report.csv --sse AES256

You should also make sure the CLI is targeting the right AWS region, especially when working across multiple environments.

Use sync for Repeated Directory Mirroring

If the real goal is keeping a directory mirrored in S3, aws s3 sync is often better than repeated cp commands.

aws s3 sync /var/data/exports s3://my-bucket/exports

sync is useful when the directory changes incrementally and you want a repeated command that uploads only differences.

Common Pitfalls

• Running S3 commands without confirming the EC2 instance has the right IAM permissions.
• Using mv before establishing a reliable verification or recovery process.
• Uploading to the wrong bucket or key prefix because the S3 path was not checked carefully.
• Forgetting encryption flags when the bucket policy requires them.
• Using repeated cp commands where sync would better match the actual goal.

Summary

• Use aws s3 cp for straightforward uploads from EC2 to S3.
• Use --recursive for directory uploads and filters for selective copies.
• Prefer copy-then-delete over mv when the data is important and you want safer failure handling.
• Verify uploads and check exit status before removing local files.
• Use sync when the real requirement is repeated directory mirroring.