How to Configure AWS CLI

2k Views

How to Configure AWS CLI

How to Configure AWS CLI

Amazon Web Services (AWS) provides a powerful command-line tool called the AWS Command Line Interface (AWS CLI) that allows users to manage cloud resources directly from a terminal. Instead of navigating through the AWS Management Console, you can control services, automate tasks, deploy infrastructure, and manage security using simple commands.

This guide walks you through everything you need to know to configure AWS CLI properly, including installation, authentication methods, profiles, security best practices, and troubleshooting.

How to Configure AWS CLI

What is the AWS CLI?

The AWS CLI is an open-source tool that enables you to interact with AWS services using commands in your command-line shell. With it, you can:

  • Launch EC2 instances

  • Manage S3 storage buckets

  • Configure IAM users and roles

  • Deploy cloud infrastructure

  • Automate DevOps workflows

It is widely used by cloud engineers, developers, system administrators, and DevOps professionals.

How to Configure AWS CLI

AWS CLI Versions

Before configuring, you should know that there are two major versions:

VersionStatusRecommendation
AWS CLI v1OlderNot recommended for new installations
AWS CLI v2LatestRecommended (better security & features)

Always install AWS CLI version 2 unless you have legacy dependencies.

Installing AWS CLI

Windows

  1. Download the AWS CLI v2 installer from the official AWS website.

  2. Run the .msi installer.

  3. Open Command Prompt and verify installation:

aws --version

You should see output similar to:

aws-cli/2.x.x Python/3.x Windows/10 exe/AMD64

macOS

Using Homebrew:

brew install awscli

Or install via the official package installer.

Linux

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Verify installation:

aws --version

Understanding AWS Credentials

To use AWS CLI, you must authenticate using AWS credentials. These credentials are tied to an IAM (Identity and Access Management) user or role.

There are two key components:

CredentialDescription
Access Key IDPublic identifier for the IAM user
Secret Access KeyPrivate password-like key

⚠️ Never share your secret key or upload it to public repositories.

How to Configure AWS CLI

Creating IAM User for CLI Access

It is not recommended to use your root AWS account. Instead:

  1. Go to AWS Console → IAM → Users

  2. Click Create user

  3. Enable Programmatic access

  4. Attach a policy (e.g., AdministratorAccess for learning, but use least privilege in production)

  5. Download or copy the Access Key ID and Secret Access Key

How to Configure AWS CLI

Configuring AWS CLI (Basic Setup)

Run:

aws configure

You will be prompted to enter:

AWS Access Key ID [None]: YOUR_ACCESS_KEY
AWS Secret Access Key [None]: YOUR_SECRET_KEY
Default region name [None]: us-east-1
Default output format [None]: json

Explanation of Each Field

FieldMeaning
Access Key IDIdentifies your IAM user
Secret Access KeyAuthenticates your requests
RegionDefault AWS region (e.g., us-east-1, eu-west-1)
Output formatjson, table, or text

This creates two configuration files:

Credentials file

~/.aws/credentials

Config file

~/.aws/config

Using Named Profiles

You may want to manage multiple AWS accounts (e.g., dev, staging, production).

Create a named profile:

aws configure --profile dev

Now you can run commands like:

aws s3 ls --profile dev

Profiles are stored like this:

credentials

[dev]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX

config

[profile dev]
region=us-west-2
output=json

Setting Default Region Without Reconfiguring

You can change the region directly:

aws configure set region eu-central-1

Or for a specific profile:

aws configure set region ap-southeast-1 --profile dev

Using Environment Variables (Alternative Method)

Instead of storing credentials in files, you can use environment variables.

Linux/macOS

export AWS_ACCESS_KEY_ID=YOUR_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_SECRET
export AWS_DEFAULT_REGION=us-east-1

Windows (PowerShell)

setx AWS_ACCESS_KEY_ID "YOUR_KEY"
setx AWS_SECRET_ACCESS_KEY "YOUR_SECRET"
setx AWS_DEFAULT_REGION "us-east-1"

This method is useful in CI/CD pipelines.

Using AWS SSO (Single Sign-On)

Modern organizations use AWS IAM Identity Center (SSO).

Configure SSO:

aws configure sso

You will provide:

  • SSO start URL

  • SSO region

  • Account ID

  • Role name

Then log in:

aws sso login --profile my-sso-profile

This method avoids long-term access keys and is much more secure.

Testing Your Configuration

Run:

aws sts get-caller-identity

If successful, you will see:

{
"UserId": "AIDXXXXXXXXXXXX",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/your-user"
}

If you see an error, credentials are incorrect or permissions are missing.

How to Configure AWS CLI

Common Configuration Errors & Fixes

Error: Unable to locate credentials

Cause: AWS CLI cannot find credentials
Fix: Run aws configure again or check environment variables

Error: AccessDenied

Cause: IAM user lacks permissions
Fix: Attach required IAM policy

Error: InvalidClientTokenId

Cause: Wrong access key
Fix: Regenerate IAM access keys

How to Configure AWS CLI

Advanced Configuration Options

You can manually edit:

~/.aws/config

Example:

[default]
region=us-east-1
output=json

[profile prod]
region=eu-west-1
output=table
cli_pager=

Disable CLI pager:

aws configure set cli_pager ""
How to Configure AWS CLI

Security Best Practices

✅ Use IAM Roles instead of access keys (especially on EC2)

✅ Rotate access keys regularly

✅ Use MFA for sensitive accounts

❌ Never hard-code credentials in scripts

❌ Never commit .aws/credentials to Git

How to Configure AWS CLI

Using AWS CLI with MFA

For enhanced security:

aws sts get-session-token --serial-number arn:aws:iam::ACCOUNT:mfa/user --token-code 123456

This generates temporary credentials.

How to Configure AWS CLI

Automating Configuration in Scripts

Example Bash script:

aws configure set aws_access_key_id $AWS_KEY --profile automation
aws configure set aws_secret_access_key $AWS_SECRET --profile automation
aws configure set region us-east-1 --profile automation

Used in CI/CD systems like Jenkins, GitHub Actions, or GitLab CI.

Updating AWS CLI

Keep CLI updated:

aws --version

Reinstall latest version if outdated.

How to Configure AWS CLI

Uninstalling AWS CLI

Windows

Remove from “Add or Remove Programs”

macOS/Linux

sudo rm -rf /usr/local/aws-cli
sudo rm /usr/local/bin/aws

Key Takeaways

  • AWS CLI enables full cloud management from terminal

  • Always use IAM users or SSO — never root account

  • Profiles help manage multiple AWS environments

  • Environment variables are best for automation

  • Security should always be a top priority

How to Configure AWS CLI

Conclusion

Configuring the AWS CLI is one of the first essential skills in cloud computing. Once set up, it becomes a powerful tool for automation, DevOps workflows, infrastructure deployment, and daily cloud operations. Whether you’re managing S3 buckets, launching EC2 instances, or scripting deployments, mastering AWS CLI configuration gives you speed, control, and flexibility that the web console cannot match.

With proper configuration, secure credentials, and best practices, you can safely unlock the full power of AWS directly from your command line.

Leave a Reply

Your email address will not be published. Required fields are marked *

What Is SaaS Examples

What Is SaaS Examples

Desktop as a Service (DaaS)

Desktop as a Service (DaaS)