AWS Command Line Interface (AWS CLI)
Table of contents
AWS command line interface
The AWS command line interface (AWS CLI) is an open-source tool that allows us to interact with AWS services (S3, EC2, etc.) using commands in our command-line shell. It’s an interface between users and AWS services.
The AWS CLI lets us start running commands that do the same things as the browser-based AWS Management Console from the command prompt in our terminal application with minimal configuration. The AWS CLI provides direct access to the public APIs of AWS services.
AWS CLI version 2
The AWS CLI version 2 is the most current major version and supports all of the most recent features. Some features included in version 2 are not backported to version 1, and we must update to use them.
Note: The AWS CLI version 2 is only available as a packaged installer. While it may be available via package managers, these are unsupported and unofficial packages that are not produced or maintained by AWS.
To install the AWS CLI version 2, refer here.
Use the following command to verify the currently installed version:
How to configure AWS CLI to interact with AWS services?
Let’s take a look at how to quickly configure the basic settings that the AWS CLI uses to interact with AWS. In general, the
aws configure command is the quickest approach to get our AWS CLI installation up and running.
When we enter this (
aws configure) command with no arguments, the AWS CLI prompts us for four pieces of information:
- Access key ID (sensitive information)
- Secret access key (sensitive information)
- AWS Region (non-sensitive information)
- Output format (non-sensitive information)
The AWS CLI stores sensitive credential information that we specify with
aws configure command in a local file named
credentials, in a folder named
.aws in our home directory-the default location is
The non-sensitive configuration options that we specify with
aws configure are stored in a local file named
config, stored under the same
.aws folder in our home directory i.e.,
$ ls -ltr ~/.aws -rw------- 1 user staff 116 Sep 24 18:02 credentials -rw------- 1 user staff 10 Sep 24 18:02 config
Configure AWS CLI to connect to AWS
Here is how we configure the AWS CLI to connect to our AWS account. These are only sample values. Replace them with our own values.
% aws configure AWS Access Key ID [None]: AKIA4S2AHSC2UKNSQCFM AWS Secret Access Key [None]: TCORDiSPQ5o4B7+SGerdEud1wZHQEQ7N0zhbX7m9 Default region name [None]: us-east-1 Default output format [None]: json
The AWS CLI stores the given details in a profile named
[default] in both the
config files as shown below:
% cat ~/.aws/credentials [default] aws_access_key_id = AKIA4S2AHSC2UKNSQCFM aws_secret_access_key = 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
% cat ~/.aws/config [default] region = us-west-2 output = table
Profile: A profile is a collection of settings that include access key id, secret access key, region name and output format. By default, when we run an AWS CLI command that doesn’t say which profile to use, the information in the
[default]profile is used.
Managing multiple AWS accounts
If we have multiple AWS accounts to connect using AWS CLI from a single computer, we may use the
—-profile parameter to create a named profile. We can specify a
--profile profilename and use the credentials and settings stored under that name.
Creating a new named profile
The following example creates a profile named
aws configure --profile guestuser AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]: table
How to update existing settings?
To update these settings, run
aws configure again (with or without the
--profile parameter, depending on which profile we want to update) and enter new values as appropriate.
$ aws configure AWS Access Key ID [****]: AWS Secret Access Key [****]: Default region name [us-west-1]: us-west-2 Default output format [None]:
list flag will show us the current configuration data.
$ aws configure list [--profile profile-name]
$ aws configure list Name Value Type Location ---- ----- ---- -------- profile <not set> None None access_key ****************XIEM shared-credentials-file secret_key ****************OqwS shared-credentials-file region us-east-1 env ['AWS_REGION', 'AWS_DEFAULT_REGION']
get flag gets a configuration value from both the credential and the config file, depending on what value we have given.
$ aws configure get varname [--profile profile-name]
$ aws configure get aws_access_key_id $ aws configure get default.aws_access_key_id $ aws configure get region $ aws configure get aws_secret_access_key --profile guestuser