AWS command line (AWS CLI)

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. The AWS CLI introduces a new set of simple file commands for file transfers to and from Amazon S3.

For using AWS command line you need to setup access in IAM.

Set up IAM roles

  • Click Services, Click IAM under Security, Identity, & Compliance section.
  • Click Users and then click Add user. Here we are creating a new user to make us understand, how permission and policies work.


  • Add user name and Select Access type, here we are selecting programatic access as user only need to use AWS CLI.


  • Set permissions , you can set permissions like you can add user to the existing group or create a new group. You can also copy permissions fro existing user or you can attach existing policies directly.


  • Here we will attach existing policies directly, search the policy name in the search box and then select the policy. We have selected AmazonEC2FullAccess. You can read more about the policy by clicking on the name of the policy.


  • Add tags: It is optional, we will skip and move to next step.


  • Review: review your user and then click Create User.


  • When you create a new user you get Access key Id and Security access key. To view the Secret access key pair, choose Show. You will not have access to the secret access key again after this dialog box closes.
  • To download the key pair, choose Download .csv file. Store the keys in a secure location. You will not have access to the secret access key again after this dialog box closes.
  • After you download the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.

Configuring AWS CLI on your Terminal

Open your terminal and write the command aws configure

$ aws configure
AWS Access Key ID [None]:AKIAIOSFODNN7
AWS Secret Access Key [None]:wJalrXUtnFEMI/K7MDENG/bPxRfiC
Default region name [None]:eu-west-3a
Default output format [None]:json

AWS Access Key ID and Secret Access Key:

If you have your downloaded .csv file you copy your Access key id and Secret access key to you terminal and configure AWS.

But if you don’t have the Secret access key, then click IAM under Security, Identity, & Compliance section. Click Users and click user name.

Then click Security credentials tab, Look at your Access key Id it shows active status, click make inactive to delete existing one . After that in the Access keys section, choose Create access key. To view the new access key pair, choose Show. You will not have access to the secret access key again after this dialog box closes.



After you download the .csv file it can be used to configure AWS.

Default region:

The Default region name identifies the AWS Region whose servers you want to send your requests to by default. This is typically the Region closest to you, but it can be any Region.

Output format :

The Default output format specifies how the results are formatted. json is used as the default.

Once you Configure AWS on your terminal you can use various AWS commands.

$ aws ec2 describe-instances
$ aws help