Configure AWS Command Line Interface


AWS offers an interface for its users to interact with its services through AWS Management Console and Command Line Interface, CLI. AWS management console is a web application that allows its users to view, monitor, and manage resources offered by AWS.  It is a user-friendly way of interacting with the system using a graphical user interface known as GUI.  Kindly refer to our related AWS guides: Creating IAM Users, Adding MFA and Policies on AWS, how to manage cost with AWS Budgets, how to deploy an Angular App to AWS S3, and how to deploy Dynamic Website to AWS EC2. In this article, you will learn how to configure AWS Command Line Interface. This is an update to the old article.

Learn more about AWS Command Line Interface

The Command-Line Interface allows the user to create and delete files, run programs and navigate through folders and files. Cloud computing relies on CLI largely along with the console.

The Command Line Interface is another tool to manage AWS services. It is a command-line program that accepts the text input to execute the functions of an operating system. For example, every CLI has a command prompt that is displayed when the interface is ready to accept a command. Kindly refer to these related guides: How to add an EBS volume to AWS EC2 via the AWS Console and CLI, and how to configure AWS CLI [Part 1].

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. Developers use AWS CLI for interacting with virtual machines, launching instances, running applications in the cloud, and for other cloud transactions.

The core functionality provided by the Command Line Interface is the same as that of the console since both make use of APIs to interact with AWS services. However, there is an option for additional commands and a faster response time when using the CLI.

Install and configure the AWS Command Line Interface

The AWS CLI comes pre-installed on Amazon Linux. However, we can install it on Windows, macOS, Linux, and Docker containers. The latest and most recent version available for AWS CLI is version 2, supporting all the latest features. Before you run any of the AWS commands, you need to follow three steps:

  1. Install AWS CLI
  2. Create an IAM user with Administrator permissions
  3. Configure the AWS CLI

Step 1. Install AWS Command Line Interface v2

Refer to the official AWS instructions to install/update AWS CLI (version 2) based on your underlying OS. You can verify the installation using the following command in your terminal (macOS)/cmd (Windows).

# Display the folder that contains the symlink to the aws cli tool
which aws
# See the current version
aws --version

See the sample output below. Note that the exact version of AWS CLI and Python may vary in your system. If you wish to uninstall AWS CLI on Windows in the future, please take a look at this link.

Mac/Linux/Windows: Verify the successful installation of AWS CLI 2

Step 2. Create an IAM User

In this step, you will create an IAM user with Administrator permissions who is allowed to perform any action in your AWS account, only through CLI. After creating such an IAM user, we will use its Access key (long-term credentials) to configure the AWS CLI locally.

Let’s create an AWS IAM user, and copy its Access key. AWS Identity and Access Management (IAM) service allow you to authorize users/applications (such as AWS CLI) to access AWS resources.

The Access key is a combination of an Access Key ID and a Secret Access Key. Let’s see the steps to create an IAM user, and generate its Access key.

Add a new IAM user

Set the user details, such as the name, and access type as Programmatic access only.

Enter the user name, and type (mode) of access

Set the permissions to the new user by attaching the AWS Managed AdministratorAccess policy from the list of existing policies.

Attach the AdministratorAccess policy from the list of pre-created policies

Provide tags [optional], review the details of the new user, and finally create the new user.

  • After a user is created successfully, download the access key file (.csv) containing the Access Key ID and a Secret Access Key. You can even copy the keys and stay on the same page. Don’t skip this step as this will be your only opportunity to download the secret access key file.
Copy the Access key of the new user OR download the .csv file containing the Access key

Step 3. Configure the AWS CLI

You will need to configure the following four items on your local machine before you can interact with any of the AWS services:

  1. Access key – It is a combination of an Access Key ID and a Secret Access Key. Together, they are referred to as Access key. You can generate an Access key from the AWS IAM service, and specify the level of permissions (authorization) with the help of IAM Roles.
  2. Default AWS Region – It specifies the AWS Region where you want to send your requests by default.
  3. Default output format – It specifies how the results are formatted. It can either be a json, yaml, text, or a table.
  4. Profile – A collection of settings is called a profile. The default profile name is default, however, you can create a new profile using the aws configure --profile new_name command.

Here are the steps to configure the AWS CLI in your terminal:

Run the command below to configure the AWS CLI using the Access Key ID and a Secret Access Key generated in the previous step. If you have closed the web console that showed the access key, you can open the downloaded access key file (.csv) to copy the keys later.

aws configure 

If you already have a profile set locally, you can use --profile <profile-name> option with any of the AWS commands above. This will resolve the conflict with the existing profiles set up locally.

The command above will store the access key in a default file ~/.aws/credentials and store the profile in the ~/.aws/config file. Upon prompt, paste the copied access key (access key id and secret access key). Enter the default region of your choice and output format as json. You can verify the saved config using:

# View the current configuration
aws configure list 
# View all existing profile names
aws configure list-profiles
# In case, you want to change the region in a given profile
# aws configure set <parameter> <value>  --profile <profile-name>
aws configure set region <default region> 
Mac/Linux: A successful configuration

Let the system know that your sensitive information is residing in the .aws folder

export AWS_CONFIG_FILE=~/.aws/config
export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials

Windows users with GitBash only

You will have to set the environment variables. Run the following commands in your GitBash terminal:

setx AWS_DEFAULT_REGION us-west-2

Replace the access key ID and secret, as applicable to you. Windows users using WSL do not need this step, they will follow all steps as if they are Linux users.

Windows: Successful configuration using the GitBash terminal

Step 4. Run your first AWS CLI command

Check the successful configuration of the AWS CLI, by running either of the following AWS commands:

# If you've just one profile set locally
aws iam list-users
# If you've multiple profiles set locally
aws iam list-users --profile <profile-name>

The output will display the details of the recently created user:

"Users": [
      "Path": "/",
      "UserName": "Admin",
      "UserId": "AIDAZMXYZ3LY2BNC5ZM5E",
      "Arn": "arn:aws:iam::388752792305:user/Admin",
      "CreateDate": "2021-01-28T13:44:15+00:00"

If you are facing issues while following the commands above, kindly let me know in the comment section.

I hope you found this blog post helpful on how to configure AWS Command Line Interface [Part 2]. Please let me know in the comment session if you have any questions.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x