aws-configure

Configure AWS CLI interactively (creates a new configuration or updates the default)

$ aws configure

$ aws configure --profile [profile_name]

$ aws configure get [name]

$ aws configure get [name] --profile [profile_name]

$ aws configure set [name] [value]

$ aws configure set [name] [value] --profile [profile_name]

$ aws configure list

$ aws configure list --profile [profile_name]

aws configure [--profile profile_name]

--profile profile_name
    Specifies a named profile to configure or create. If omitted, the 'default' profile is configured. The CLI will prompt you for the necessary credentials and region for this specific profile.

The aws configure command is the primary interactive tool used to set up the AWS Command Line Interface (CLI) for the first time or to manage existing configurations. When executed, it prompts the user for four crucial pieces of information: the AWS Access Key ID, the AWS Secret Access Key, the Default region name, and the Default output format (e.g., json, text, table).

These settings are then automatically saved into configuration files located in the user's home directory, typically within ~/.aws/. Specifically, the access key ID and secret access key are stored in ~/.aws/credentials, while the default region and output format are stored in ~/.aws/config. By default, these settings are saved under the [default] profile.

This configuration is fundamental because it allows subsequent AWS CLI commands to interact with your AWS account without requiring you to explicitly provide credentials or specify a region for every single command, significantly streamlining your workflow. It's an essential step for anyone starting to use the AWS CLI. While highly convenient for initial setup, it's important to be aware of security best practices concerning the storage of long-term credentials.

Security Risk: Storing permanent AWS Access Key IDs and Secret Access Keys directly on a local machine, especially for root users or long-term credentials, poses a security risk if the machine is compromised. For production environments, it is strongly recommended to use IAM roles, temporary credentials through AWS STS, or AWS SSO for enhanced security.
Overwriting Default: Running aws configure without the --profile option will overwrite the settings for your existing 'default' profile.
Not for Scripting: The aws configure command is interactive. For non-interactive or automated configuration (e.g., in scripts), use aws configure set to set individual configuration values, or directly modify the configuration files.

The aws configure command populates or updates two primary files in the user's ~/.aws/ directory:
~/.aws/credentials: This file stores your AWS Access Key ID and AWS Secret Access Key, typically under a named profile section (e.g., [default] or [my_profile]).
~/.aws/config: This file stores your default AWS region and default output format, as well as other configuration settings for named profiles (e.g., output, region).

aws configure allows you to set up multiple named profiles, each with its own set of credentials and configuration. This is useful for managing access to different AWS accounts, different IAM users within an account, or different environments (e.g., dev, test, prod). To configure a named profile, use the --profile option (e.g., aws configure --profile my_dev_account). Once configured, you can specify which profile to use for any AWS CLI command by adding --profile <profile_name> to the command.

The aws configure command has been a cornerstone of the AWS CLI since its early development. It was designed to provide a simple, interactive onboarding experience for users setting up their AWS CLI environment. Over time, while its core functionality has remained consistent, the broader AWS CLI has evolved to include more sophisticated authentication mechanisms, such as aws configure sso, to cater to complex enterprise environments and federated access patterns, without altering the fundamental role of aws configure for basic setup.

aws configure set(1), aws configure get(1), aws sso configure(1), aws sts get-caller-identity(1), aws(1)