Configuration basics – AWS Command Line Interface

Configuration basics

This section explains how to quickly configure basic settings that the AWS Command Line Interface ( AWS CLI ) uses to interact with AWS. These include your security credentials, the default end product format, and the default AWS Region.


AWS requires that all incoming requests are cryptographically signed. The AWS CLI does this for you. The “ signature ” includes a date/time stamp. therefore, you must ensure that your calculator ‘s date and meter are set correctly. If you do n’t, and the date/time in the signature is excessively far off of the date/time recognized by the AWS service, AWS rejects the request .

Quick configuration with aws

For general use, the aws configure command is the fastest way to set up your AWS CLI installation. When you enter this dominate, the AWS CLI prompts you for four pieces of information :
The AWS CLI stores this data in a profile ( a collection of settings ) named default in the credentials charge. By default, the information in this profile is used when you run an AWS CLI instruction that does n’t explicitly specify a profile to use. For more information on the credentials file, see Configuration and certificate file settings
The following example shows sample values. Replace them with your own values as described in the trace sections .

$ aws configure
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Access key ID and secret access

Access keys use an access key ID and confidential access key that you use to sign programmatic requests to AWS .

Creating a key pair

Access keys consist of an access cardinal ID and secret access samara, which are used to sign programmatic requests that you make to AWS. If you do n’t have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS report root exploiter access keys for any task where it ‘s not required. alternatively, create a new administrator IAM drug user with access keys for yourself .
The merely time that you can view or download the secret access key is when you create the keys. You can not recover them former. however, you can create new access keys at any time. You must besides have permissions to perform the necessitate IAM actions. For more data, see Permissions required to access IAM resources in the IAM User Guide .
To create access keys for an IAM user

  1. sign in to the AWS Management Console and open the IAM console at hypertext transfer protocol : // .
  2. In the navigation acid, choose Users .
  3. Choose the mention of the drug user whose entree keys you want to create, and then choose the Security credentials tab key .
  4. In the Access keys section, choose Create access key .
  5. To view the new access key pair, choose Show. You will not have access to the hidden access key again after this dialogue box closes. Your credentials will look something like this :

    • Secret access key : wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  6. To download the key match, choose Download .csv file. Store the keys in a secure location. You will not have entree to the secret access key again after this dialogue box closes .
    Keep the keys confidential in arrange to protect your AWS explanation and never email them. Do not share them outside your constitution, even if an inquiry appears to come from AWS or No one who legitimately represents Amazon will ever ask you for your hidden cardinal .
  7. After you download the .csv charge, choose Close. When you create an access keystone, the key pair is active by default, and you can use the pair properly away .

associate topics

  • What is IAM ? in the IAM User Guide
  • AWS security credentials in AWS General Reference

Importing a key pair via

alternatively of using aws configure to enter in a samara pair, you can import the .csv charge you downloaded after you created your key pair .
The .csv file must contain the follow headers .


During initial key pair creation, once you close the Download .csv
dialogue box, you can not access your secret access key after you close the dialogue box. If you need a .csv charge, you’ll need to create one yourself with the command headers and your store cardinal pair information. If you do not have access to your key pair data, you need to create a modern identify copulate. To import the .csv file, use the aws configure
dominate with the --csv option as follows :

$ aws configure import --csv file://credentials.csv

For more information, see aws_configure_import .


The Default region name identifies the AWS Region whose servers you want to send your requests to by default. This is typically the Region closest to you, but it can be any Region. For example, you can type us-west-2 to use US West ( Oregon ). This is the region that all later requests are sent to, unless you specify otherwise in an individual command .


You must specify an AWS region when using the AWS CLI, either explicitly or by setting a default Region. For a list of the available Regions, see Regions and Endpoints. The area designators used by the AWS CLI are the same names that you see in AWS Management Console URLs and serve endpoints .

Output format

The Default output format specifies how the results are formatted. The respect can be any of the values in the following tilt. If you do n’t specify an output format, json is used as the default .

  • json – The output is formatted as a JSON string .
  • yaml – The output is formatted as a YAML string .
  • yaml-stream – The output is streamed and formatted as a YAML string. Streaming allows for faster handling of big data types .
  • text – The output is formatted as multiple lines of tab-separated string values. This can be utilitarian to pass the output to a text central processing unit, like grep, sed, or awk .
  • table – The output is formatted as a board using the characters +|- to form the cellular telephone borders. It typically presents the information in a “ human-friendly ” format that is much easier to read than the others, but not as programmatically useful .


A collection of settings is called a profile. By default option, the AWS CLI uses the default profile. You can create and use extra named profiles with varying credentials and settings by specifying the --profile choice and assigning a name .
The follow case creates a profile named produser .

$ aws configure --profile produser
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text

You can then specify a --profile profilename and use the credentials and settings stored under that name .

$ aws s3 ls --profile produser

To update these settings, run aws configure again ( with or without the --profile argument, depending on which profile you want to update ) and enter new values as appropriate. The future sections contain more data about the files that aws configure creates, extra settings, and named profiles .
For more data on named profiles, see Named profiles for the AWS CLI .

Configuration settings and

The AWS CLI uses credentials and configuration settings located in multiple places, such as the organization or user environment variables, local AWS configuration files, or explicitly declared on the command line as a argument. certain locations take precession over others. The AWS CLI credentials and configuration settings take precedence in the follow order :

  1. Command line
    – Overrides settings in any other localization. You can specify --region, --output, and --profile as parameters on the control course .
  2. Environment
    – You can store values in your organization ‘s environment variables .
  3. CLI credentials
    – The credentials and config file are updated when you run the command aws
    . The credentials file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\USERNAME\.aws\credentials on Windows. This file can contain the certificate details for the default profile and any diagnose profiles.

  4. CLI configuration
    – The credentials and config file are updated when you run the command aws
    . The config file is located at ~/.aws/config on Linux or macOS, or at C:\Users\USERNAME\.aws\config on Windows. This file contains the configuration settings for the default profile and any name profiles .
  5. Container
    – You can associate an IAM role with each of your Amazon Elastic Container Service ( Amazon ECS ) task definitions. irregular credentials for that function are then available to that job ‘s containers. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide .
  6. Instance profile credentials – You can associate an IAM function with each of your Amazon Elastic Compute Cloud ( Amazon EC2 ) instances. impermanent credentials for that function are then available to code running in the example. The credentials are delivered through the Amazon EC2 metadata service. For more information, see IAM Roles for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances and Using Instance Profiles in the IAM User Guide .
reference :
Category : Tech

About admin

I am the owner of the website, my purpose is to bring all the most useful information to users.

Check Also


Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.