Configuring AWS Profiles

Configuring AWS profile settings for the Command Line Interface (CLI) provides users with flexibility and control over their interactions with AWS services. One common method is through the AWS CLI configuration command, “aws configure,” which prompts users to input their Access Key ID, Secret Access Key, default region, and output format. This straightforward approach is suitable for basic configurations.

Dec 20, 2023

Configuring AWS profile settings for the Command Line Interface (CLI) provides users with flexibility and control over their interactions with AWS services. One common method is through the AWS CLI configuration command, “aws configure,” which prompts users to input their Access Key ID, Secret Access Key, default region, and output format. This straightforward approach is suitable for basic configurations.

Alternatively, users can manually edit the AWS CLI1 configuration files, typically located in the “~/.aws” directory. The “credentials” file stores access keys, while the “config” file contains region and output format information. This method allows for more advanced configurations, including the creation of named profiles to manage multiple sets of credentials. Additionally, environment variables, such as “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY,” can be set to configure credentials on a per-session basis. These diverse approaches cater to users’ preferences and needs, offering a range of options to customize AWS CLI settings efficiently.

AWS Profile using AccessKey and Secret

Avoid this method if possible.

[profile my-account]
region = us-east-1
output = json
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY

AWS Profile using SSO IAM Role

SSO based IAM profiles require directory/sso configuration. Read more about SSO set up here.

[profile my-sso-based-role]
sso_region = us-east-1
sso_start_url = https://<your-sso-url>.awsapps.com/start
sso_account_id = 000000000000
sso_role_name = IAMRoleName

AWS Profile using EC2 meta data

EC2 metadata service, requires EC2 instance IAM role to have assume role permissions.

[profile ec2-role-based]
role_arn = arn:aws:iam::000000000000:role/MyAppIAMRole
credential_source = Ec2InstanceMetadata

  1. Download AWS CLI - https://aws.amazon.com/cli/