How-To

How To Configure the AWS CLI

The Amazon Web Services (AWS) command-line environment (CLI) requires a bit of configuration before you can do much with it.

• By Brien Posey
• 10/24/2018

One of the things that makes the Amazon Web Services (AWS) command-line environment (CLI) different from native PowerShell is that it requires a bit of configuration before you can do much with it. Think about it for a minute: If you were to enter a normal PowerShell command, that command would run under the permissions of the account that you used when you logged into Windows. The command would also execute against the local OS unless you redirect it to a remote system. AWS is different. Because AWS isn't local to the computer from which you're managing it, it cannot leverage your local security permissions. As such, there's a bit of setup that will need to be done within the AWS CLI environment before you'll be able to use it to its full potential.

Before I just jump in and start showing you how to do the initial configuration, let me give you an example of why this is necessary. I had actually planned to write about the AWS parameter store this week (I'll still be writing that one in the near future). AWS allows you to use the GUI to create parameters, but you'll generally have to reference those parameters from the CLI. So with that said, take a look at Figure 1 and see what happens when I try to use one of my parameters.

As you can see, I tried to run the AWS SSM command and received a message telling me that I have to specify a region, and that I can do so by running AWS Configure. Rather than running AWS Configure, I manually added a region to the command. This time, I received a message telling me that AWS was unable to locate my credentials. Once again, PowerShell tells me to run AWS Configure. Clearly, it's important to run AWS Configure.

In case you're wondering, AWS Configure gives you the opportunity to provide default values that will be used when executing AWS commands. These values correspond to things like your region and your account keys.

When you run AWS Configure, it will prompt you for four pieces of information. The first two things that you're asked for is your AWS key and your secret key, as shown in Figure 2. Hopefully you already have this information documented somewhere, because AWS doesn't allow you to go back and look up your secret key. If you don't have your key information documented, then all you have to do is set up a new key by going to the list of AWS services, and clicking the IAM option found in the Security, Identity & Compliance section.

When the IAM dashboard opens, click on the Encryption Keys container, and then click the blue Get Started Now button, shown in Figure 3.

Now, click on the Create Key button and you'll be taken into the Create Key wizard, shown in Figure 4. Be sure to pay attention to in which region the key is being created. Once you've created the key, you'll be given the key and a secret key. Be sure to download this information right away, because you won't have another chance.

Once you've entered your key pair information, the third thing that AWS Configure asks you for is the default region that you want to use. Entering a region is pretty straightforward, but if you need a little bit of help, you can find a list of the region names on the AWS Web site.  

The fourth and final piece of information you'll need to provide is the default output format. Certainly you're free to use the output format that makes the most sense for you, but I tend to use JSON as the output format. Text is another popular choice.

After you enter your desired output format, you'll be returned to the PowerShell prompt, and AWS CLI will be configured and ready for use.