4 minute read

What This Guide Covers

This guide walks through installing and configuring AWS Command Line Interface (CLI) v2 on Windows, and using it effectively in real-world cloud workflows.

You’ll learn how to:

  • Install AWS CLI v2 using the official MSI installer
  • Verify installation and confirm the CLI is available in PowerShell
  • Understand the difference between AWS Console credentials and programmatic credentials
  • Create IAM access keys for CLI and automation workflows
  • Configure the CLI using aws configure and understand where credentials are stored
  • Use aws sts get-caller-identity to verify authentication
  • Troubleshoot common AWS CLI errors and misconfigurations
  • Work with regions, defaults, and configuration profiles
  • Run essential AWS CLI commands for Lambda, IAM, and SSM
  • Use SSM Parameter Store for programmatic configuration management
  • Apply PowerShell-specific tips for cleaner, more reliable CLI usage
  • Build reproducible, professional cloud workflows from the terminal

This guide is written for learners ready to move beyond the AWS Console and start working pro-style from the command line.

Why AWS CLI?

The AWS Command Line Interface (CLI) allows you to:

  • Interact with AWS services programmatically
  • Automate workflows (Lambda, SES, SSM, etc.)
  • Practice real infrastructure operations
  • Prepare for DevOps / Cloud / Security roles

If you want to build reproducible systems, the CLI is essential.

1. Installing AWS CLI v2

  1. Go to the official AWS CLI page:
    https://aws.amazon.com/cli/

  2. Download AWS CLI v2 – Windows 64-bit

  3. Run the installer
    • Leave “Add AWS CLI to PATH” checked
    • Install for all users (recommended)
  4. Restart PowerShell

Verify installation

aws --version

Expected output:

aws-cli/2.x.x Python/3.x Windows/...

2. Understanding AWS Authentication

AWS uses two primary credential types, depending on how you access services:

A. Console Credentials (Browser Login)

Used for:

  • AWS Management Console
  • Navigating services like IAM, Lambda, SES, S3, etc.
  • Manual configuration through the web interface

Credentials include:

  • IAM username
  • Password
  • Optional Multi-Factor Authentication (MFA) — strongly recommended

B. Programmatic Credentials (CLI / API Access)

Used for:

  • AWS CLI
  • SDKs (e.g., boto3 for Python)
  • Infrastructure automation
  • CI/CD pipelines
  • Scripts and serverless workflows

Credentials include:

  • Access Key ID
  • Secret Access Key

👉 Important: Programmatic credentials are completely separate from your console username and password.

They are designed for machine-to-machine authentication and should be stored securely and never committed to source control.

3. Creating an Access Key (IAM)

  • Open AWS Console → IAM
  • Click Users
  • Select your IAM user
  • Go to Security credentials
  • Under Access keys, click Create access key
  • Choose Command Line Interface (CLI)

⚠️ Download or securely store the key — the secret is shown only once.

4. Configuring AWS CLI Credentials

In PowerShell run the following command:

  aws configure

You’ll be prompted for the following information:

  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region (example: us-east-1)
  • Default output format (json)

This creates files at:

  C:\Users\<you>\.aws\credentials
  C:\Users\<you>\.aws\config

5. Verifying Your Connection

Run the command:

aws sts get-caller-identity

Expected output:

{
  "UserId": "...",
  "Account": "123456789012",
  "Arn": "arn:aws:iam::123456789012:user/your-user"
}

If you see this, your CLI is authenticated and ready.

6. Common AWS CLI Errors & How to Fix Them

Even experienced engineers run into configuration issues. Below are some of the most common AWS CLI errors and how to resolve them quickly.

aws : The term 'aws' is not recognized

What it means:
PowerShell cannot find the AWS CLI executable.

Common causes:

  • AWS CLI was not installed successfully
  • The system PATH variable was not updated
  • PowerShell session was not restarted after installation

Fix:

  1. Confirm installation in:
C:\Program Files\Amazon\AWSCLIV2\
  1. Restart PowerShell
  2. Run:
aws --version

If the command still fails, verify your PATH environment variable includes the AWS CLI installation directory.

Unable to locate credentials

What it means:
AWS CLI cannot find valid credentials for authentication.

Common causes:

  • aws configure was never run
  • Credentials were entered incorrectly
  • Credentials were saved under a different Windows user profile
  • You’re using a named profile but didn’t specify it

Fix:

Run:

aws configure

Then verify credentials exist in:

C:\Users<your-username>.aws\credentials

You can also test authentication with:

aws sts get-caller-identity

SignatureDoesNotMatch

What it means:
AWS rejected the request because the request signature does not match your credentials.

Common causes:

  • Copy/paste errors when entering access keys
  • Hidden trailing spaces
  • Wrong secret key paired with access key
  • Region mismatch

Fix:

  1. Re-copy the Access Key ID and Secret Access Key directly from IAM
  2. Re-run:
aws sts get-caller-identity

If successful, AWS will return your Account ID and IAM ARN.
If not, your authentication is still misconfigured.

7. Understanding Regions

  • Many AWS services are region-specific.

Check current region:

  • aws configure get region

Set region:

  • aws configure set region us-east-1
  • (SES inbound email is commonly configured in us-east-1.)

8. Basic AWS CLI Usage Examples

List Lambda functions

aws lambda list-functions

Inspect a Lambda runtime

aws lambda get-function `
  --function-name my-function `
  --query "Configuration.Runtime" `
  --output text

9. Programmatic Configuration with SSM Parameter Store

  • AWS Systems Manager (SSM) Parameter Store is used to store configuration centrally.

Example: upload a JSON config file

aws ssm put-parameter `
  --name "/myproject/app/config" `
  --type "String" `
  --value file://config.json `
  --overwrite

Retrieve it:

aws ssm get-parameter --name "/myproject/app/config"

This pattern allows:

  • No hardcoded config in code
  • Runtime configuration updates
  • Cleaner Lambda deployments

10. PowerShell Tips for AWS CLI

  • Use backticks ` for line continuation
  • Avoid JSON inline when possible
  • Prefer file:// for structured data
  • Always verify with read-only commands first

Check working directory:

pwd

Confirm files exist:

Test-Path .\config.json

Key Takeaways

  • AWS CLI is the foundation of real cloud automation
  • Console access ≠ programmatic access
  • IAM access keys power the CLI
  • SSM Parameter Store is a professional way to manage configuration
  • Always validate before writing or overwriting resources

Built and tested on Windows using AWS CLI v2 and PowerShell.

Data Inside Data™.

Tech Hands, a Science Mind, and a Heart For Community™.

Updated: