How to Install and Configure AWS CLI on Linux

Install and Configure AWS CLI on Linux

In this blog, you will learn to install and configure AWS CLI on a Linux system. We will also look at all the important configuration details and best practices of AWS CLI.

AWS CLI Prerequisites

The following are the prerequisites to install and configure AWS CLI.

  1. A Valid AWS account.
  2. AWS IAM user access key and secret key with permission to access AWS services. If you don’t have access and secret keys, you can get one created from the AWS IAM service.

Install AWS CLI on Linux

Step 1: Download the AWC CLI installation files using curl.

curl "" -o ""

Step 2: Unzip the files. Ensure you have unzip utility installed on your system.


Step 3: Install aws-cli using the following command.

sudo ./aws/install

The above command creates a symlink named aws in the /usr/local/bin directory and adds the AWS CLI executable to the to /usr/local/aws-cli location.

Step 4: Verify the installation by checking the AWS CLI version.

aws --version

Configure AWS CLI

To access AWS services using the CLI, you must configure the CLI with AWS secret and access keys. You can do this using the following two ways.

  1. Using aws configure command: Using the CLI command you can configure the AWS keys and default values and persist them in the system under ~/.aws folder.
  2. Using CLI Environment variables: AWS CLI supports many environment variables. If you export the values as environment variables, the AWS CLI will use it to authenticate to the AWS account.

Choosing an option depends upon your use case and personal preference. Let’s take a look at both methods practically.

Configure AWS CLI Using Command

You can choose this option for your workstation. If you want to use multiple AWS accounts, you can use the named profiles option which we discuss later in this article.

To configure the CLI, execute the following AWS CLI command.

aws configure

You will be prompted to provide the access key, secret key, default region, and default output format (json/yaml). Provide the required details as shown below.

vagrant@de:~$ aws configure
AWS Access Key ID : [****************LBSW]
AWS Secret Access Key: [****************QKwi]
Default region name: us-west-2
Default output format: json

After configuration, a folder named .aws gets created in the user’s home directory.

cd $HOME/.aws

Inside the .aws directory, you will see the following two files.

  1. config: It contains all the default configs like region and output. You can change these values anytime and add new values as default.
  2. credentials: This file contains the access key and secret key as plain text.

The values in the above files can be overridden using the CLI environment variables.

Now that we have configured the CLI, let’s execute an AWC CLI command to describe the instances.

aws ec2 describe-instances

If you have instances running you will see the instances details in json format as shown below.

Validate AWS CLI configurations

Also, you can try creating an ec2 instance using AWS CLI.

Configure AWS CLI Using Environment Variables

AWS CLI supports many environment variables. The following are the important environment variables.

CLI Environment VariableValue
AWS_DEFAULT_REGIONDefault AWS region. Example, us-west-2
AWS_DEFAULT_OUTPUTSupported AWS CLI output formats.
[json, yaml, yaml-stream, text & table]
AWS CLI Environment Variables

You can set the environment variable using the export command as shown below. Replace the highlighted values with your own.

export AWS_DEFAULT_REGION=us-west-2

To know the available environment variables, check the official CLI documentation.

To verify the export, execute the describe instance command.

aws ec2 describe-instances

Important Note: If you export CLI environement variables, it will be available only during thar user shell session. If you logout you need to export the variables again for it to be available for the CLI. Also, AWS CLI environemnt variables overrides the default config present in the $HOME/.aws location.

Configure AWS CLI To Access Multiple AWS Accounts Using Named Profiles

There are use cases where you need to connect to multiple AWS accounts from a single workstation. For example, dev, stage, and prod accounts. For this, you can make use of AWS CLI named profiles.

You can create a new profile using the following command. Where dev is the profile name. You can create more profiles with different names.

aws configure --profile dev

Once you configure the profile, you can see the default profile values in the $HOME/.aws/config file as shown below.

Also, the credentials of the profile get stored in the $HOME/.aws/credentials file under [dev] profile.

Note: You can also manually enter profile information in the config and credentials files

To select or switch between different named profiles, export the AWS_PROFILE environment variable with the profile name as shown below.

export AWS_PROFILE=dev

Alternatively, you can pass the profile name in individual CLI commands as shown below.

aws ec2 describe-instances --profile dev

Changing AWS CLI Output Format

To change the CLI output format, you can edit the config file or run the aws configure command to update the new output format.

Alternatively, you can use the --output flag with the aws CLI command to override the default output format.

For example, to list ec2 instances in the table output format, you can use the following command with the --output flag.

aws ec2 describe-instances --output table

Here is the table output format.

Changing AWS CLI Output Format

Similarly, you can use other formats like json and yaml with the –output flag.

AWS CLI Important Configurations

The following table has all the important AWS CLI configurations and their locations.

AWS CLI ConfigurationDetails
Default config location.$HOME/.aws/config
Default credential location.$HOME/.aws/credentials
Environment variable to change the AWS CLI profileAWS_PROFILE

AWS CLI Best Practices

Following are some of the best practices when using AWS CLI.

  1. Always secure your AWS credentials by following AWS security best practices. Ensure you are not updating the access and secret keys in code files.
  2. Use named profiles to connect to different AWS accounts.
  3. When using named profiles, always verify the environment you are running the CLI command. You might end up accidentally deleting or updating production services.
  4. If you want to use AWS CLI on ec2 instances, always use IAM roles instead of access and secret keys.


By default, the CLI output goes to less in Linux. If you want to see the whole output in the command line, export AWS_PAGER environment variable to an empty string as shown below.

export AWS_PAGER=""

You can also set this configuration in the config file as shown below.

region = us-west-2
output = json


Where is the AWS CLI config stored?

If you have used the aws configure command to configure the CLI, the config files get stored in the $HOME/.aws/config location. It will have all the default values to connect to the AWS account.

What are the supported AWS CLI output formats?

AWS CLI output supports json, yaml, yaml-stream, text & table formats. You can set the default output format in the CLI config file located in $HOME/.aws/config location.


In this blog, we looked at AWS CLI installation and all its important configurations.

Working with AWS CLI is an important skillset for a DevOps Engineer. It could be setting up a CLI on workstations or servers in terms of automation.

When working with CI/CD pipelines, always configure the CLI with security best practices in mind by limiting AWS service access to required services.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like