In our last guide, we explained how to install the AWS CLI but a little more setup is required before you can begin using it to interact with AWS services. Don’t worry, though! Configuring the AWS command line interface isn’t complicated. You’ll be up and running before you know it!
The AWS CLI provides a number of options for customization according to your needs. To name a few, you can support multiple profiles, restrict access by assigning user roles to profiles, or even use an HTTP proxy. Let’s get started!
The AWS CLI configures and represents users locally as entities called named profiles or just profiles for short. If a profile is not specified using the –profile option, the default profile will be used, which is conveniently named default.
Default Profile Configuration
- Open a terminal window and enter the following command:
aws configureOn Windows, your preferred terminal application could be PowerShell or the Windows Command Prompt (CMD). On Linux, Mac, or Unix it could be any number of terminal applications using the bash, zsh, or tsch shells.
- Enter the AWS Access Keys, default region name, and default output format:
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default
region name [None]: us-west-2
Default output format [None]: json
What Are the Aws Access Keys and Why Do I Need Them?
The AWS Access Keys, specifically AWS Access Key ID and AWS Secret Access Key, are used to uniquely and securely identify you when making requests. These can be found or created in the AWS Management Console.
More information on creating AWS Access keys can be found here.
NOTE: Amazon recommends that you use access keys for a limited IAM role instead of AWS root account access keys. The reason for this is that, per AWS documentation, IAM lets you securely control access to AWS services and resources in your AWS account.
What Is the Default Region Name?
The default region name is a non-optional field that is typically the name of the region closest to you. This is the default region that will be used to make calls against services.
For a list of services and available regions, see Regions and Endpoints.
What Is the Default Output Format?
The default output format is an optional field and specifies the format of the response from the Amazon Web Service. If you don’t specify a format type, JSON will be used.
The available format types are JSON, text, or table.
So you’ve installed and configured the AWS CLI for the default user. Easy, right? But what if you want to support multiple users? Luckily, the AWS CLI supports multiple users through the use of named profiles. Named profiles are configured almost exactly like the default profile. However, there is one slight difference. You must use the –profile option with the aws configure command and specify a profile name:
aws configure --profile my_profile_name
More information on profiles can be found here.
How Do I Update My Configuration Settings?
You can update your configuration settings by using the AWS CLI or by manually changing the values in the credentials and config files.
Using the AWS CLI
Run the aws configure command in your terminal and enter the updated information. Please refer to the Configuration section above for more details.
Manually Changing the Values
Navigate to the .aws directory and update the key-value pairs in the credentials and config files.
Where Are My Credentials Stored?
The AWS CLI stores credentials in a local file named credentials in a folder named .aws in your home directory.
Where Are My Default Region Name and Output Format Stored?
The AWS CLI stores the default region name and output format in a local file named config in a folder named .aws in your home directory.
You can change the location of the configuration file by setting the AWS_CONFIG_FILE environment variable to another path. More information on setting environment variables can be found here.
Can I Add a Named Profile Manually?
You can manually configure a profile by adding the required information to the credentials and config files. The fields in the credentials and config files are represented by key-value pairs that have names beginning with the profile name enclosed in brackets. The default profile is also located in both of these files.
- Navigate to the .aws folder in your home directory.
- Open the credentials file and add the profile name followed by the key-value-pairs:
- Open the config file and add the profile name, prefixed by >profile, followed by the key-value-pairs. For example
NOTE: The AWS credentials file uses a different naming format than the CLI config file for named profiles. Do not include the ‘profile’ prefix when configuring a named profile in the AWS credentials file. See the AWS documentation for more information.
Can I Specify a Default Profile for Multiple Commands?
Of course! You can do so by setting the AWS_DEFAULT_PROFILE environment variable. More information on setting environment variables can be found here.
NOTE: Setting the environment variable changes the default profile until the end of your shell session or until you set the variable to a different value.
Where Can I Find Even More Information?
Even more information about AWS CLI Configuration can be found in the User Guide under the Configure section here.
That’s it! Now that you’ve configured the CLI, you’re ready to use it to interact with AWS services and start managing your infrastructure from the terminal. Next time, we’ll explain how to make API calls to spin up servers, create security groups, and more with just a few keystrokes.
Check back for the final guide in our series: Using the AWS command line interface.