Skip to content
Latchkey

aws configure: Usage, Profiles & Common CI Errors

Set up AWS CLI credentials and region - and why CI should avoid static keys.

aws configure stores credentials, a default region, and an output format for the AWS CLI. In CI you usually skip it in favor of short-lived OIDC role credentials, but it remains the quickest local setup.

What it does

aws configure prompts for an access key ID, secret access key, default region, and output format, writing them to ~/.aws/credentials and ~/.aws/config. With --profile it manages a named profile, and aws configure set writes a single value non-interactively. The CLI then resolves credentials from environment variables, the named profile, or an attached IAM role.

Common usage

Terminal
# Interactive setup of the default profile
aws configure

# Configure a named profile
aws configure --profile staging

# Set individual values non-interactively (scriptable)
aws configure set region us-east-1
aws configure set output json --profile staging

Common error in CI: static keys / "Unable to locate credentials"

CI jobs fail with "Unable to locate credentials. You can configure credentials by running \"aws configure\"" when no keys, profile, or role is available - or worse, teams hardcode long-lived keys. Fix: prefer GitHub OIDC with aws-actions/configure-aws-credentials (set role-to-assume and aws-region), which sets AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN in the environment so the CLI finds them automatically - no aws configure call needed. Rotate or delete any static keys committed to a pipeline.

Key options

Option / subcommandPurpose
--profile NAMEConfigure a named profile
configure set KEY VALUEWrite one config value non-interactively
configure get KEYRead one config value
configure listShow the resolved configuration
AWS_PROFILE (env)Select a profile without --profile

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →