Bird
Raised Fist0
AWScloud~5 mins

Configuring credentials in AWS - Step-by-Step CLI Walkthrough

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
To use AWS services from your computer, you need to prove who you are. Configuring credentials means saving your secret keys safely so AWS knows it's you when you ask for resources.
When you want to run AWS commands from your laptop or server.
When you need to connect your app to AWS services like S3 or EC2.
When setting up automation scripts that use AWS resources.
When switching between different AWS accounts or users.
When you want to keep your AWS keys safe and separate from your code.
Config File - credentials
credentials
[default]
aws_access_key_id = AKIAEXAMPLEKEY12345
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[project-user]
aws_access_key_id = AKIAANOTHERKEY67890
aws_secret_access_key = 8h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7

This file stores your AWS access keys securely on your computer.

[default] is the main profile used if you don't specify another.

[project-user] is an example of a named profile for different AWS accounts or roles.

Each profile has an aws_access_key_id and aws_secret_access_key which AWS uses to verify your identity.

Commands
This command starts a guided setup to enter your AWS access key, secret key, region, and output format. It saves these details in your credentials and config files.
Terminal
aws configure
Expected OutputExpected
AWS Access Key ID [None]: AKIAEXAMPLEKEY12345 AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-east-1 Default output format [None]: json
This command shows the saved AWS credentials file to verify your keys are stored correctly.
Terminal
cat ~/.aws/credentials
Expected OutputExpected
[default] aws_access_key_id = AKIAEXAMPLEKEY12345 aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
This command checks which AWS user you are authenticated as, confirming your credentials work.
Terminal
aws sts get-caller-identity
Expected OutputExpected
{ "UserId": "AIDAEXAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/example-user" }
Key Concept

If you remember nothing else from this pattern, remember: AWS credentials must be saved locally in a secure file so AWS knows who you are when you use its services.

Common Mistakes
Typing the AWS keys incorrectly during aws configure
AWS will reject your requests because the keys don't match your account.
Carefully copy and paste or type your keys exactly as provided in the AWS console.
Not setting a default region during configuration
AWS commands may fail or use unexpected regions, causing confusion or errors.
Always set the region you want to work in, like us-east-1, during aws configure.
Committing the credentials file to public code repositories
This exposes your secret keys to anyone, risking unauthorized access and charges.
Never commit credentials files; add them to .gitignore and use environment variables or AWS IAM roles for automation.
Summary
Use 'aws configure' to enter and save your AWS access keys and region.
Check your saved keys in the ~/.aws/credentials file to confirm they are stored.
Verify your identity with 'aws sts get-caller-identity' to ensure credentials work.

Practice

(1/5)
1. What is the main purpose of AWS credentials?
easy
A. To prove your identity and allow access to AWS services
B. To store your AWS billing information
C. To configure your AWS service regions
D. To monitor AWS service usage

Solution

  1. Step 1: Understand what credentials do

    AWS credentials are like a key that proves who you are when you use AWS services.

  2. Step 2: Identify the correct purpose

    They allow AWS to know you and give you permission to use services securely.

  3. Final Answer:

    To prove your identity and allow access to AWS services -> Option A

  4. Quick Check:

    Credentials = Identity proof [OK]
Hint: Credentials prove identity to AWS services [OK]
Common Mistakes:
  • Confusing credentials with billing info
  • Thinking credentials set regions
  • Assuming credentials monitor usage
2. Which file stores AWS access keys for different profiles by default?
easy
A. ~/.aws/config
B. ~/.aws/credentials
C. /etc/aws/keys
D. ~/.aws/access

Solution

  1. Step 1: Recall default AWS credential file

    AWS stores access keys in the file named 'credentials' inside the '.aws' folder in your home directory.

  2. Step 2: Differentiate from config file

    The 'config' file stores settings like region and output format, not keys.

  3. Final Answer:

    ~/.aws/credentials -> Option B

  4. Quick Check:

    Access keys = ~/.aws/credentials [OK]
Hint: Access keys live in ~/.aws/credentials file [OK]
Common Mistakes:
  • Mixing up config and credentials files
  • Using wrong file paths
  • Assuming keys are in system folders
3. Given this AWS credentials file snippet:
[default]
aws_access_key_id=AKIA123456
aws_secret_access_key=secret123

[dev]
aws_access_key_id=AKIADEV123
aws_secret_access_key=devsecret456

What happens if you run AWS CLI without specifying a profile?
medium
A. It asks you to enter credentials manually
B. It uses the 'dev' profile credentials
C. It throws an error for missing profile
D. It uses the 'default' profile credentials

Solution

  1. Step 1: Identify default profile usage

    When no profile is specified, AWS CLI uses the 'default' profile credentials automatically.

  2. Step 2: Check the given profiles

    The file has a 'default' and a 'dev' profile; without specifying, 'default' is chosen.

  3. Final Answer:

    It uses the 'default' profile credentials -> Option D

  4. Quick Check:

    No profile specified = default used [OK]
Hint: No profile given? AWS CLI uses 'default' [OK]
Common Mistakes:
  • Assuming 'dev' is default
  • Expecting error without profile
  • Thinking manual input is required
4. You try to run AWS CLI commands but get an error: Unable to locate credentials. What is the most likely cause?
medium
A. The AWS region is not set in config
B. The AWS CLI version is outdated
C. The ~/.aws/credentials file is missing or empty
D. Your internet connection is down

Solution

  1. Step 1: Understand the error meaning

    'Unable to locate credentials' means AWS CLI cannot find your access keys anywhere.

  2. Step 2: Identify common causes

    This usually happens if the credentials file is missing, empty, or incorrectly placed.

  3. Final Answer:

    The ~/.aws/credentials file is missing or empty -> Option C

  4. Quick Check:

    Missing credentials file = error [OK]
Hint: Check if ~/.aws/credentials file exists and has keys [OK]
Common Mistakes:
  • Blaming CLI version for missing credentials
  • Confusing region setting with credentials
  • Assuming internet issues cause credential errors
5. You want to securely allow an EC2 instance to access S3 without storing access keys on the instance. Which method should you use?
hard
A. Use IAM roles attached to the EC2 instance
B. Hardcode access keys in your application code
C. Store access keys in ~/.aws/credentials on the instance
D. Use environment variables with access keys on the instance

Solution

  1. Step 1: Identify secure credential methods

    Storing keys on the instance or in code risks exposure and is not best practice.

  2. Step 2: Use IAM roles for EC2

    IAM roles provide temporary credentials automatically and securely to the instance without manual keys.

  3. Final Answer:

    Use IAM roles attached to the EC2 instance -> Option A

  4. Quick Check:

    EC2 access without keys = IAM roles [OK]
Hint: Use IAM roles for EC2 to avoid storing keys [OK]
Common Mistakes:
  • Storing keys on instance files
  • Hardcoding keys in code
  • Using environment variables insecurely