To access AWS services with the AWS CLI, you need an AWS account and IAM credentials. When running AWS CLI commands, the AWS CLI needs to have access to those AWS credentials. To increase the security of your AWS account, we recommend that you do not use your root account credentials. You should create a user with least privilege to provide access credentials to the tasks you'll be running in AWS.
Create an IAM or IAM Identity Center administrative
account
Before you can configure the AWS CLI, you need to create an IAM or IAM Identity Center account.
To create an administrator user, choose one of the following options.
Choose one way to manage your administrator | To | By | You can also |
---|---|---|---|
In IAM Identity Center (Recommended) |
Use short-term credentials to access AWS. This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide. |
Following the instructions in Getting started in the AWS IAM Identity Center User Guide. | Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide. |
In IAM (Not recommended) |
Use long-term credentials to access AWS. | Following the instructions in Create an IAM user for emergency access in the IAM User Guide. | Configure programmatic access by Manage access keys for IAM users in the IAM User Guide. |
Next steps
After creating an AWS account and IAM credentials, to use the AWS CLI you can do one of the following:
-
Install the latest release of the AWS CLI version 2 on your computer.
-
Install a past release of the AWS CLI version 2 on your computer.
-
Access the AWS CLI version 2 from your computer using a Docker image.
-
Access the AWS CLI version 2 in the AWS console from your browser using AWS CloudShell. For more information see the AWS CloudShell User Guide.