Credentials set in environment variables

Environment variables override configuration and credential files. They can be useful for scripting or temporarily by using a Named Profile.

Table 1. AWS CLI Supported Variables
Variable Purpose
AWS_ACCESS_KEY_ID AWS access key.
AWS_SECRET_ACCESS_KEY AWS secret key. Access and secret key variables override credentials that are stored in both credential and config files.
AWS_SECURITY_TOKEN Security token. A web service that allows requests for temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
AWS_PROFILE Name of the profile to use. It can be the name of a profile that is stored in a credential or config file or default to use the default profile.
  • The AWS CLI reads the Named Profiles settings in the default ~/.aws/config file.
  • Credentials are read from and written to the default credentials file (~/.aws/credentials).