Configuration and Credential Files
The CLI stores credentials specified with aws configure in a local file
named credentials in a folder named .aws in your home directory.
Home directory location varies but can be referred to using the environment variables
%UserProfile% in Windows and $HOME or ~ (tilde) in
Unix-like systems.
For example, the following commands list the contents of the .aws folder:
Linux, macOS, or Unix
$ls ~/.aws
Windows
>dir "%UserProfile%\.aws"
In order to separate credentials from less sensitive options, region and output format
are stored in a separate file named config in the same folder.
The default file location for the config file can be overridden by setting the AWS_CONFIG_FILE environment variable to another local path. See Environment Variables for details.
Storing Credentials in Config
The AWS CLI will also read credentials from the config file. If you want to keep
all of
your profile settings in a single file, you can. If there are ever credentials in
both
locations for a profile (say you used aws configure to update the profile's
keys), the keys in the credentials file will take precedence.
If you use one of the SDKs in addition to the AWS CLI, you may notice additional warnings if credentials are not stored in their own file.
The files generated by the CLI for the profile configured in the previous section look like this:
~/.aws/credentials
[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
~/.aws/config
[default] region=us-west-2 output=json
The following settings are supported.
aws_access_key_id – AWS access key.
aws_secret_access_key – AWS secret key.
aws_session_token – AWS session token. A session token is only required if you are using temporary security credentials.
region – AWS region.
output – output format (json, text, or table)
