Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Credential and profile resolution

PDF
RSS
Focus mode
Credential and profile resolution - AWS Tools for PowerShell
Credentials Search Order

Credentials Search Order

When you run a command, AWS Tools for PowerShell searches for credentials in the following order. It stops when it finds usable credentials.

  1. Literal credentials that are embedded as parameters in the command line.

    We strongly recommend using profiles instead of putting literal credentials in your command lines.

  2. A specified profile name or profile location.

    • If you specify only a profile name, the command looks for the specified profile in the AWS SDK store and, if that does not exist, the specified profile from the AWS shared credentials file in the default location.

    • If you specify only a profile location, the command looks for the default profile from that credentials file.

    • If you specify both a name and a location, the command looks for the specified profile in that credentials file.

    If the specified profile or location is not found, the command throws an exception. Search proceeds to the following steps only if you did not specify a profile or location.

  3. Credentials specified by the -Credential parameter.

  4. The session profile, if one exists.

  5. The default profile, in the following order:

    1. The default profile in the AWS SDK store.

    2. The default profile in the AWS shared credentials file.

    3. The AWS PS Default profile in the AWS SDK store.

  6. If the command is running on an Amazon EC2 instance that is configured to use an IAM role, the EC2 instance's temporary credentials accessed from the instance profile.

    For more information about using IAM roles for Amazon EC2 instances, see the SDK for .NET.

If this search fails to locate the specified credentials, the command throws an exception.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.