AWScloud~5 mins

Configuring credentials in AWS - Step-by-Step CLI Walkthrough

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

To use AWS services from your computer, you need to prove who you are. Configuring credentials means saving your secret keys safely so AWS knows it's you when you ask for resources.

When you want to run AWS commands from your laptop or server.

When you need to connect your app to AWS services like S3 or EC2.

When setting up automation scripts that use AWS resources.

When switching between different AWS accounts or users.

When you want to keep your AWS keys safe and separate from your code.

Config File - credentials

credentials

[default]
aws_access_key_id = AKIAEXAMPLEKEY12345
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[project-user]
aws_access_key_id = AKIAANOTHERKEY67890
aws_secret_access_key = 8h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7h3r7

This file stores your AWS access keys securely on your computer.

[default] is the main profile used if you don't specify another.

[project-user] is an example of a named profile for different AWS accounts or roles.

Each profile has an aws_access_key_id and aws_secret_access_key which AWS uses to verify your identity.

Commands

This command starts a guided setup to enter your AWS access key, secret key, region, and output format. It saves these details in your credentials and config files.

Terminal

aws configure

Expected OutputExpected

AWS Access Key ID [None]: AKIAEXAMPLEKEY12345 AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-east-1 Default output format [None]: json

This command shows the saved AWS credentials file to verify your keys are stored correctly.

Terminal

cat ~/.aws/credentials

Expected OutputExpected

[default] aws_access_key_id = AKIAEXAMPLEKEY12345 aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

This command checks which AWS user you are authenticated as, confirming your credentials work.

Terminal

aws sts get-caller-identity

Expected OutputExpected

{ "UserId": "AIDAEXAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/example-user" }

Key Concept

If you remember nothing else from this pattern, remember: AWS credentials must be saved locally in a secure file so AWS knows who you are when you use its services.

Common Mistakes

Typing the AWS keys incorrectly during aws configure

AWS will reject your requests because the keys don't match your account.

Carefully copy and paste or type your keys exactly as provided in the AWS console.

Not setting a default region during configuration

AWS commands may fail or use unexpected regions, causing confusion or errors.

Always set the region you want to work in, like us-east-1, during aws configure.

Committing the credentials file to public code repositories

This exposes your secret keys to anyone, risking unauthorized access and charges.

Never commit credentials files; add them to .gitignore and use environment variables or AWS IAM roles for automation.

Summary

Use 'aws configure' to enter and save your AWS access keys and region.

Check your saved keys in the ~/.aws/credentials file to confirm they are stored.

Verify your identity with 'aws sts get-caller-identity' to ensure credentials work.