AWS Command Line Interface (AWS CLI)

Senthil Nayagan
Senthil Nayagan           

AWS CLI is an open-source tool that allows us to interact with AWS services using command-line shell commands.
AWS Command Line Interface (AWS CLI)

Image Credits: Image generated by DALL-E.

AWS command line interface

The AWS command line interface (AWS CLI) is an open-source tool that allows us to interact with AWS services (S3, EC2, etc.) using commands in our command-line shell. It’s an interface between users and AWS services.

The AWS CLI lets us start running commands that do the same things as the browser-based AWS Management Console from the command prompt in our terminal application with minimal configuration. The AWS CLI provides direct access to the public APIs of AWS services.

AWS CLI version 2

The AWS CLI version 2 is the most current major version and supports all of the most recent features. Some features included in version 2 are not backported to version 1, and we must update to use them.

Note: The AWS CLI version 2 is only available as a packaged installer. While it may be available via package managers, these are unsupported and unofficial packages that are not produced or maintained by AWS.

To install the AWS CLI version 2, refer here.

Use the following command to verify the currently installed version:

aws --version

How to configure AWS CLI to interact with AWS services?

Let’s take a look at how to quickly configure the basic settings that the AWS CLI uses to interact with AWS. In general, the aws configure command is the quickest approach to get our AWS CLI installation up and running.

When we enter this (aws configure) command with no arguments, the AWS CLI prompts us for four pieces of information:

  • Access key ID (sensitive information)
  • Secret access key (sensitive information)
  • AWS Region (non-sensitive information)
  • Output format (non-sensitive information)

The AWS CLI stores sensitive credential information that we specify with aws configure command in a local file named credentials, in a folder named .aws in our home directory-the default location is ~/.aws/credentials.

The non-sensitive configuration options that we specify with aws configure are stored in a local file named config, stored under the same .aws folder in our home directory i.e., ~/.aws/config.

$ ls -ltr ~/.aws
-rw-------  1 user  staff  116 Sep 24 18:02 credentials
-rw-------  1 user  staff   10 Sep 24 18:02 config

Configure AWS CLI to connect to AWS

Here is how we configure the AWS CLI to connect to our AWS account. These are only sample values. Replace them with our own values.

% aws configure
AWS Secret Access Key [None]: TCORDiSPQ5o4B7+SGerdEud1wZHQEQ7N0zhbX7m9
Default region name [None]: us-east-1
Default output format [None]: json

The AWS CLI stores the given details in a profile named [default] in both the credentials and config files as shown below:

% cat ~/.aws/credentials
aws_access_key_id = AKIA4S2AHSC2UKNSQCFM
aws_secret_access_key = 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
% cat ~/.aws/config
region = us-west-2
output = table

Profile: A profile is a collection of settings that include access key id, secret access key, region name and output format. By default, when we run an AWS CLI command that doesn’t say which profile to use, the information in the [default] profile is used.

Managing multiple AWS accounts

If we have multiple AWS accounts to connect using AWS CLI from a single computer, we may use the —-profile parameter to create a named profile. We can specify a --profile profilename and use the credentials and settings stored under that name.

Creating a new named profile

The following example creates a profile named guestuser:

aws configure --profile guestuser
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: table

How to update existing settings?

To update these settings, run aws configure again (with or without the --profile parameter, depending on which profile we want to update) and enter new values as appropriate.

$ aws configure
AWS Access Key ID [****]:
AWS Secret Access Key [****]:
Default region name [us-west-1]: us-west-2
Default output format [None]:

list flag

The list flag will show us the current configuration data.

$ aws configure list [--profile profile-name]


$ aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************XIEM shared-credentials-file
secret_key     ****************OqwS shared-credentials-file
    region                us-east-1              env    ['AWS_REGION', 'AWS_DEFAULT_REGION']

get flag

The get flag gets a configuration value from both the credential and the config file, depending on what value we have given.

$ aws configure get varname [--profile profile-name]


$ aws configure get aws_access_key_id
$ aws configure get default.aws_access_key_id
$ aws configure get region
$ aws configure get aws_secret_access_key --profile guestuser


comments powered by Disqus