aws configure: Usage, Profiles & Common CI Errors
Set up AWS CLI credentials and region - and why CI should avoid static keys.
aws configure stores credentials, a default region, and an output format for the AWS CLI. In CI you usually skip it in favor of short-lived OIDC role credentials, but it remains the quickest local setup.
What it does
aws configure prompts for an access key ID, secret access key, default region, and output format, writing them to ~/.aws/credentials and ~/.aws/config. With --profile it manages a named profile, and aws configure set writes a single value non-interactively. The CLI then resolves credentials from environment variables, the named profile, or an attached IAM role.
Common usage
# Interactive setup of the default profile
aws configure
# Configure a named profile
aws configure --profile staging
# Set individual values non-interactively (scriptable)
aws configure set region us-east-1
aws configure set output json --profile stagingCommon error in CI: static keys / "Unable to locate credentials"
CI jobs fail with "Unable to locate credentials. You can configure credentials by running \"aws configure\"" when no keys, profile, or role is available - or worse, teams hardcode long-lived keys. Fix: prefer GitHub OIDC with aws-actions/configure-aws-credentials (set role-to-assume and aws-region), which sets AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN in the environment so the CLI finds them automatically - no aws configure call needed. Rotate or delete any static keys committed to a pipeline.
Key options
| Option / subcommand | Purpose |
|---|---|
| --profile NAME | Configure a named profile |
| configure set KEY VALUE | Write one config value non-interactively |
| configure get KEY | Read one config value |
| configure list | Show the resolved configuration |
| AWS_PROFILE (env) | Select a profile without --profile |