The .aws/credentials and .aws/config files - AWS SDKs and Tools Shared Configuration and Credentials

The .aws/credentials and .aws/config files

This section describes the settings that the shared config and credentials files support. These files are used by the AWS SDKs and many of the AWS developer tools, such as the AWS Command Line Interface (AWS CLI), the AWS Tools for PowerShell, several command line tools for various services, and tool plugins such as the AWS Toolkit for Visual Studio Code.

Together, these two files provide a single source of settings. The primary file is config, and you can choose to put all settings into it and not use the credentials file at all. However, by default and as a security best practice, sensitive values such as secret keys are stored in a separate credentials file. This enables you to separately protect those settings with different permissions if you choose.


If a setting exists in both the config file and the credentials file for the same profile, the value in the credentials file is used instead of the value in the config file.

The shared config and credentials files are the most common way that you can provide those pieces of information to an AWS tool or SDK. Depending on which tool or SDK you're using, there might be other ways. To learn if there are other ways available and to determine which one is the best for your scenario, see the documentation for the AWS tool or SDK you want to use.


Not every AWS SDK or tool can use every setting defined in this guide. The page for each setting includes a table that shows which SDKs and tools support that setting, and whether or not there is an environment variable or command line parameter that you could use instead.