Credentials set in environment variables
Environment variables override configuration and credential files. They can be useful for scripting or temporarily by using a Named Profile.
| Variable | Purpose |
|---|---|
AWS_ACCESS_KEY_ID |
AWS access key. |
AWS_SECRET_ACCESS_KEY |
AWS secret key. Access and secret key variables override credentials that are stored in both credential and config files. |
AWS_SECURITY_TOKEN |
Security token. A web service that allows requests for temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). |
AWS_PROFILE |
Name of the profile to use. It can be the name of a profile that is stored in a credential or config file or default to use the default profile. |
- The AWS CLI reads the Named Profiles settings in the default
~/.aws/configfile. - Credentials are read from and written to the default credentials file
(
~/.aws/credentials).