Getting started with the AWS CLI

1. What the AWS CLI is for
2. Installing the AWS CLI v2
3. Configuring your credentials
4. Where credentials are stored
5. Named profiles for multiple accounts
6. A few real commands
7. Where to go next

#What the AWS CLI is for

Clicking through the AWS Console is fine for poking around, but the moment you want to script anything, list buckets quickly, or copy files to S3, the AWS CLI is the tool. It talks to every AWS service from your terminal, which means you can automate it and put it in deploy scripts. Here's how I get it running on a fresh machine.

#Installing the AWS CLI v2

Always install v2. Version 1 still floats around in package managers but is no longer the one you want.

On macOS, use the official installer:

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

On Linux (x86_64):

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

On an ARM box (like a Graviton instance or some Raspberry Pis), swap the URL for awscli-exe-linux-aarch64.zip.

Confirm it landed:

aws --version

You should see something like aws-cli/2.x.x.

#Configuring your credentials

Before anything works, the CLI needs an access key. Create one under IAM, Users, Security credentials in the Console, then run:

aws configure

It asks four questions:

• AWS Access Key ID — your key, like AKIA...
• AWS Secret Access Key — the secret half (shown only once when created)
• Default region name — e.g. eu-west-1 or us-east-1
• Default output format — json, table, or text. I use json.

#Where credentials are stored

aws configure writes two plain-text files to ~/.aws/:

• ~/.aws/credentials holds your keys.
• ~/.aws/config holds the region and output format.

Because these are plain text, treat ~/.aws/credentials like a private SSH key: never commit it, and lock down its permissions if you're unsure. You can inspect the configured values without opening the files:

aws configure list

#Named profiles for multiple accounts

The moment you deal with more than one AWS account (work and personal, staging and production), named profiles save you. Set one up:

aws configure --profile staging

Then pass --profile on any command:

aws s3 ls --profile staging

You can also export it for a whole shell session so you don't repeat yourself:

export AWS_PROFILE=staging

#A few real commands

List your S3 buckets:

aws s3 ls

List the contents of one bucket, then copy a file up to it:

aws s3 ls s3://my-bucket/
aws s3 cp ./backup.tar.gz s3://my-bucket/backups/

The aws s3 cp command works just like a normal cp, including --recursive for whole directories. To sync a folder (only changed files), there's aws s3 sync, which behaves a lot like rsync.

Check your EC2 instances:

aws ec2 describe-instances

That dumps a lot of JSON. Narrow it down with the built-in --query (JMESPath) to pull just what you need:

aws ec2 describe-instances \
  --query "Reservations[].Instances[].{ID:InstanceId,State:State.Name}" \
  --output table

#Where to go next

From here, almost everything is aws <service> <command>, and aws <service> help documents each one. Tab completion is worth setting up too. With credentials configured and v2 installed, you've got the foundation for scripting anything AWS exposes.