Skip to main content

How to Set Up AWS CLI on Linux?

Published on:
.
8 min read
.
For German Version

This guide focus on setting up AWS CLI on a Linux environment, followed by notes on Windows and Mac installation, credential configuration, automation, and best practices.

The AWS Command Line Interface (CLI) is a unified tool for managing AWS services from your terminal. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them via scripts. Instead of navigating the AWS Console, you can directly issue commands like “aws s3 ls” to list buckets or “aws ec2 start-instances” to manage servers. It is cross-platform, supported on Linux, macOS, and Windows systems.

The overall setup process is similar across platforms: download the installer, run it, verify the installation, and then configure your AWS credentials.

note

In this guide, we are using Ubuntu Linux, but you can use it with different Linux distributions.

Get Started with Zenarmor Today For Free

1. Update System and Install Dependencies

Before starting the AWS CLI installation, let's make our Linux environment ready. Open a terminal in your Ubuntu and run the following commands to ensure your system is up-to-date and has the necessary tools like curl and unzip:

sudo apt update && sudo apt upgrade -y
sudo apt install -y curl unzip

This updates your package lists and installs curl for downloading files and unzip for extracting the installer. These are usually present, but it’s good to make sure. The AWS CLI relies on standard libraries and tools (like glibc, groff, and less), which are usually included in Ubuntu.

2. Download the AWS CLI installer

Use curl to download the AWS CLI version 2 bundled installer for Linux ARM (64-bit).

curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"

This command fetches the AWS CLI v2 ZIP package for ARM64 and saves it as awscliv2.zip in your current directory. Choose the correct package from [https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#:~:text=To%20install%20the%20AWS%20CLI%2C,run%20the%20following%20commands](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#:~:text=To%20install%20the%20AWS%20CLI%2C,run%20the%20following%20commands) to ensure compatibility with your system.

3. Unzip the installer

Once the download completes, unzip the package.

unzip awscliv2.zip

This will extract an aws directory containing the CLI installer program.

4. Run the installer

Execute the installer with superuser privileges:

sudo ./aws/install

This will install the AWS CLI under /usr/local/aws-cli and create a symlink to the aws binary in /usr/local/bin by default. You may be prompted for your password. After it finishes, the AWS CLI v2 should be installed.

tip

If you ever need to update it, you can re-run the installer or use the --update flag as shown in AWS docs.

5. Verify installation

Confirm that the AWS CLI is installed and check its version by running the next command.

aws --version

You should see output like given below.

aws-cli/2.27.41 Python/3.11.6 Linux/5.10.x86_64

If the aws command is not found, you might need to open a new terminal or ensure that /usr/local/bin is in your PATH. By default, Ubuntu should include it. If you still encounter aws: command not found, double-check the install step for errors.

Ubuntu 24.04’s default package repository may not have AWS CLI v2. In fact, the older awscli package (which was AWS CLI v1) is not readily available via apt on Ubuntu 24.04. Therefore, using the official installer (as above) or the Snap package is recommended. You should not use sudo apt install awscli on Ubuntu 24.04, as it might not exist or could install an outdated CLI.

6. Configure AWS CLI

With the AWS CLI installed on Ubuntu and your new access keys on hand, you need to configure the CLI to use those credentials. The AWS CLI provides an interactive command to set this up easily.

aws configure

What does aws configure do? It prompts you for your AWS credentials and some default settings and then writes them to configuration files on your system. This spares you from typing credentials for every command.

Steps to configure AWS CLI are listed below.

  1. Run the configure command: In your Ubuntu terminal, type the next command.

    aws configure

    You will be prompted with four items in sequence:

    • AWS Access Key ID [None]: Here you should paste or type the Access Key ID you obtained.

    • AWS Secret Access Key [None]: Enter the Secret Access Key

    • Default region name [None]: Enter an AWS region to use as default, e.g. us-east-1 (N. Virginia) or another region closer to you or relevant to your work. (You can always override the region per command or change this later. If unsure, us-east-1 is a safe default, as it’s AWS’s primary region.)

    • Default output format [None]: Enter your preferred output format for CLI commands. Common choices are json (machine-readable JSON, the default), text (tab-delimited text), or table (formatted table for easy reading). If you just press Enter, it will default to JSON.

    For example, after running aws configure, you might input values like given below.

    aws configure
    AWS Access Key ID [None]: JUSTUSEASANEXAMPLE
    AWS Secret Access Key [None]: SUP3RS3CR3T@CcE55KEY
    Default region name [None]: us-east-1
    Default output format [None]: json

  2. Configuration files created: The aws configure command will save your inputs in two files in your home directory.

    • /.aws/credentials contains your Access Key ID and Secret Access Key

    • /.aws/config contains your default region and output format, and any profile-specific configurations

    By default, these credentials are stored under a profile named “default”. The AWS CLI will automatically use them for commands. The AWS CLI confirms that it updated the credentials and config files when you run aws configure. You can open these files with a text editor to see the contents

tip

These files are read by the AWS CLI whenever you run a command. Keep them secure. By default, /.aws/credentials is set with filesystem permissions so that only your user can read it.

Why Use AWS CLI on Linux?

The AWS Command Line Interface (CLI) is a unified tool that allows you to manage AWS services directly from your terminal without relying on the web console. On Linux, it is especially powerful because it integrates seamlessly with shell scripting, automation workflows, and tools like cron, systemd, or CI/CD pipelines. With AWS CLI, you can quickly provision infrastructure, query resource states, and perform bulk operations (such as uploading thousands of files to S3) using a single command, all of which would be far slower through the AWS Management Console. Linux environments are often the backbone of servers, DevOps pipelines, and cloud automation, making the CLI a natural fit. It enables repeatable, scriptable, and version-controlled cloud operations. In addition, the CLI is lightweight, works consistently across platforms, and eliminates the overhead of GUI navigation, which reduces human error.

In short, using AWS CLI on Linux provides speed, automation, reproducibility, and efficiency, core principles for cloud professionals and security-conscious engineers who want precise control over their AWS environments.

What are the AWS CLI prerequisites on Linux?

Firstly, you need access to AWS services with the AWS CLI, users need an AWS account and IAM credentials. When running AWS CLI commands, the AWS CLI needs to have access to those AWS credentials. To increase the security of your AWS account, Amazon recommends that users not use their root account credentials. You should create a user with the least privilege to provide access credentials to the tasks you'll be running in AWS.

Secondly, before installing AWS CLI v2 on Linux, ensure your system meets the following requirements.

  • Processor Architecture:
    • x86_64 (64-bit Intel/AMD)
    • aarch64 / arm64 (64-bit ARM, required for Apple M1/M2 VMs or ARM servers)
  • Operating System:
    • Linux kernel 2.6.32 or later
    • GNU C Library (glibc) 2.17 or later
  • Disk Space: ~100 MB free for installation + additional space for logs/cache
  • Permissions: sudo or root privileges for system-wide install (optional if installing locally to user’s home directory)
  • Required Packages/Tools:
    • curl (to download installer)
    • unzip (to extract installer)
    • less (for paginated output)
    • groff (for formatted help text)

Supported Linux Distributions

AWS CLI v2 is officially supported on these Linux distributions:

  • Ubuntu (16.04 LTS and newer, including 18.04, 20.04, 22.04, 24.04)
  • Debian (9 and newer)
  • Fedora (32 and newer)
  • CentOS / RHEL (7 and newer)
  • Amazon Linux (2 and newer)
  • SUSE Linux Enterprise Server (SLES) (12 and newer)

Can I install AWS CLI on Windows?

Yes, you can install AWS CLI on Windows. The AWS CLI v2 has an official Windows installer provided by Amazon, available as an .msi package for 64-bit Windows 10, 11, and Windows Server. Installation is straightforward. You may download the installer from AWS and run it, and the CLI binary (aws.exe) is added to your system PATH. After that, you can run AWS CLI commands directly from Command Prompt, PowerShell, or even inside Windows Subsystem for Linux (WSL).

As for dual booting: yes, you can dual-boot Windows alongside Linux and install AWS CLI separately on each OS. However, a dual boot is not required. AWS CLI runs natively on Windows, so unless you specifically want Linux for other reasons, you can just install it directly on Windows.

Bottom line: AWS CLI is fully supported on Windows, and dual boot is optional if you prefer Linux tooling.

Can I install AWS CLI on MacOS?

Yes, you can install AWS CLI on macOS. AWS provides an official pkg installer for macOS (both Intel x86_64 and Apple Silicon arm64 architectures), which works on macOS 10.12 and later. You can either:

  • Use the pkg installer from the [AWS CLI download page], just double-click, follow the prompts, and it places the aws binary under /usr/local/bin.
  • Install via Homebrew (brew install awscli), which is popular for developers who already use Homebrew package management.
  • Verify installation with aws --version in terminal.

On Apple Silicon (M1/M2), AWS provides a native arm64 build. Bottom line is AWS CLI runs natively on macOS, with official installers for both Intel and M1/M2 Macs.

How do you configure AWS CLI with Access Keys?

Once AWS CLI is installed, you need to provide it with your credentials so it can authenticate with AWS. To configure AWS CLI with access keys, you may follow the next steps.

  1. Run the following command.

    aws configure

  2. Enter your credentials when prompted.

    • AWS Access Key ID: Paste your access key ID (e.g., JUSTUSEASANEXAMPLE).

    • AWS Secret Access Key: Paste your secret access key (e.g., SUP3RS3CR3T@CcE55KEY).

    • Default region name: Example: us-east-1 (N. Virginia), eu-central-1 (Frankfurt).

    • Default output format: Choose json, table, or text. If unsure, press Enter for default (json).

  3. The following files are created/updated automatically.

    • /.aws/credentials to store your keys

    • /.aws/config to store default region and output format

  4. Verify configuration by running the next command.

    aws sts get-caller-identity

If configured correctly, it will return your AWS Account ID, User ID, and ARN. In short, running aws configure once sets up your access keys, default region, and output format, so every CLI command you run after is authenticated automatically.

How can I Set up profiles in AWS CLI?

A profile in AWS CLI is simply a named set of credentials and configuration values (Access Key ID, Secret Access Key, default region, output format). By default, aws configure sets up a profile called default, but you can create additional named profiles with:

aws configure --profile <profile_name>

For example;

aws configure --profile username1
aws configure --profile username2

This creates separate credential/config entries under ~/.aws/credentials and ~/.aws/config.

In ~/.aws/credentials:

[default]
aws_access_key_id = AWS...
aws_secret_access_key = ABCD...
[dev]
aws_access_key_id = AWS_USERNAME1...
aws_secret_access_key = KEY...
[prod]
aws_access_key_id = AKIA_USERNAME...
aws_secret_access_key = KEY...
In ~/.aws/config:
[default]
region = us-east-1
output = json
[profile username1]
region = us-west-2
output = table
[profile username2]
region = eu-central-1
output = json

To use a specific profile, you pass --profile with your CLI command:

aws s3 ls --profile username1
aws ec2 describe-instances --profile username2

Or set the environment variable for your session:

export AWS_PROFILE=dev

Now all commands in that shell use the dev profile until you unset it. Named profiles are essential when you work with multiple AWS accounts (e.g., personal, developer, production) or when separating credentials for different roles. The AWS CLI automatically looks for credentials in the profile you specify; if none is given, it defaults to the default profile. This keeps environments isolated and prevents accidental operations in the wrong account.

How do you Update AWS CLI on Linux?

The method depends on how you originally installed AWS CLI. You may update AWS CLI by following the next steps if AWS CLI is installed via ZIP (official installer – common method).

  1. Remove old installation (optional but recommended).

    sudo rm -rf /usr/local/aws-cli
    sudo rm -f /usr/local/bin/aws"

  2. Download the latest AWS CLI v2 (for your architecture).

    For x86_64 (Intel/AMD 64-bit):

    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

    For aarch64/arm64 (M1/M2 Mac VMs, ARM servers):

    curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"

  3. Unzip and install AWS CLI.

    unzip awscliv2.zip
    sudo ./aws/install --update

  4. Verify update by running the next command,

    aws --version

How can I Uninstall AWS CLI on Linux?

You may follow the next steps to uninstall AWS CLI on Linux.

  1. Run the bundled uninstall script.

    sudo /usr/local/aws-cli/v2/current/dist/aws/uninstall

  2. Remove any leftover symlinks or directories.

    sudo rm -rf /usr/local/aws-cli
    sudo rm -f /usr/local/bin/aws

  3. Verify removal.

    aws --version

    Always confirm by running aws –version , if it says command not found, the CLI is gone.

Can I Use AWS CLI with Scripts and Automation?

Yes. AWS CLI is built for scripting and automation on Linux. You can embed it in Bash, run it in CI/CD with environment-provided credentials, and schedule it via cron or orchestrators like Jenkins/GitHub Actions. A sample Bash script (provisioning/monitoring) is given below.

#!/usr/bin/env bash
set -euo pipefail
# fail-fast if not logged in
aws sts get-caller-identity >/dev/null
# Example: provision an S3 bucket + tag it (idempotent)
REGION="eu-central-1"
BUCKET="my-app-logs-$USER"
if ! aws s3api head-bucket --bucket "$BUCKET" 2>/dev/null; then
aws s3api create-bucket \
--bucket "$BUCKET" \
--create-bucket-configuration LocationConstraint="$REGION" \
--region "$REGION"
fi
aws s3api put-bucket-tagging \
--bucket "$BUCKET" \
--tagging 'TagSet=[{Key=env,Value=dev},{Key=owner,Value=platform}]'
# Example: lightweight monitoring (CloudWatch metric sample)
aws cloudwatch get-metric-statistics \
--namespace AWS/S3 \
--metric-name NumberOfObjects \
--dimensions Name=BucketName,Value="$BUCKET" Name=StorageType,Value=AllStorageTypes \
--start-time "$(date -u -d '15 minutes ago' +%FT%TZ)" \
--end-time "$(date -u +%FT%TZ)" \
--period 300 --statistics Average --region "$REGION" | jq .

Use set -euo pipefail, parameterize region/account, and prefer aws ... wait or retry loops for eventually consistent APIs.

Credentials in CI/CD

Minimal env-var approach (works everywhere, including containers):

export AWS_ACCESS_KEY_ID= ....
export AWS_SECRET_ACCESS_KEY=...
export AWS_DEFAULT_REGION=eu-central-1
# (optional) export AWS_SESSION_TOKEN=...

It is better to avoid long-lived keys. Instead use:

  • OIDC to AWS in GitHub Actions,

  • IRSA (IAM Roles for Service Accounts) on EKS,

  • Instance/Task roles on EC2/ECS,

  • Jenkins: assume-role with short-lived creds.

Security & Reliability Essentials

You should follow the best practices for AWS CLI security and reliability.

  • Never hardcode secrets in scripts; prefer roles/OIDC. If you must use keys, store them in a secrets manager and rotate them.

  • Scope least privilege IAM policies; avoid administrator access for pipelines.

  • Lock region/profile per job: AWS_REGION/AWS_PROFILE or --region/--profile.

  • Add retries/backoff for throttling (--no-paginate where appropriate, or paginate intentionally).

  • Log everything (--output json | jq), redact secrets in logs.

  • Time sync matters; unsynced clocks cause signature errors in CI/VMs.

Is AWS CLI secure on Linux?

Yes, AWS CLI is secure on Linux, provided you follow best practices.

The CLI itself uses the same secure AWS API endpoints as the Management Console, but your security depends on how you manage credentials. By default, aws configure stores long-lived access keys in plain text under ~/.aws/credentials. This is safe only if your Linux account and filesystem are properly protected. For stronger security, AWS recommends using IAM roles or temporary credentials (via STS or assumed roles) instead of static keys, especially in automation or on shared systems. If you must use access keys, restrict permissions on ~/.aws/credentials (chmod 600 ~/.aws/credentials) and consider encrypting secrets with a tool like GPG or a secrets manager. Enabling MFA (Multi-Factor Authentication) for root and sensitive IAM users further reduces the risk of account takeover, and you can enforce MFA-based session tokens for CLI commands that manage critical resources.

The AWS CLI itself is secure, but your credential management practices determine whether your setup is safe. Use roles/temporary tokens, lock down credential files, and enable MFA to minimize risk.

Are there alternatives to AWS CLI on Linux?

Yes, there are alternatives to AWS CLI on Linux. While AWS CLI is the most direct tool for command-line management, you can use the following tools:

  • AWS SDKs (e.g., Boto3 for Python, AWS SDK for Java, Node.js, Go, etc.): These allow you to interact with AWS services programmatically within your applications or scripts. For example, Boto3 in Python lets you write code that creates EC2 instances or queries S3 without shelling out to the CLI.

  • Infrastructure as Code (IaC) tools like Terraform and Pulumi: These provide higher-level abstractions to define, version, and manage AWS infrastructure. Instead of issuing individual CLI commands, you declare your resources in code (HCL for Terraform, real programming languages for Pulumi) and the tool provisions them consistently. This is especially powerful for reproducible deployments and team collaboration.

In short, yes, alternatives exist. Use AWS CLI for quick, ad-hoc commands; AWS SDKs for application-level automation; and IaC tools like Terraform or Pulumi when you need scalable, repeatable infrastructure management.

Get Started with Zenarmor Today For Free
Last updated on by Zenarmor