Quick Install (TL;DR)
brew install awscli
aws --version
aws configure
That’s it. Read on for configuration, troubleshooting, and advanced setup.
Prerequisites
- macOS (Intel or Apple Silicon — both work)
- Homebrew installed. If not:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - An AWS account with access keys (create one here)
Step 1: Update Homebrew
brew update
This ensures you get the latest version of the AWS CLI package.
Step 2: Install AWS CLI
brew install awscli
Homebrew installs AWS CLI v2 and all dependencies automatically. Takes 1-2 minutes.
Step 3: Verify Installation
aws --version
Expected output:
aws-cli/2.17.x Python/3.12.x Darwin/24.x source/arm64
If you see a version number, the installation worked.
Step 4: Configure AWS CLI
aws configure
You’ll be prompted for four values:
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json
Where to Find Your Access Keys
- Go to IAM Console → Users → Your user
- Click Security credentials tab
- Click Create access key
- Save both the Access Key ID and Secret Access Key
Named Profiles
If you use multiple AWS accounts:
# Create a profile for work
aws configure --profile work
# Create a profile for personal
aws configure --profile personal
# Use a specific profile
aws s3 ls --profile work
# Set default profile for the session
export AWS_PROFILE=work
Step 5: Test the Connection
# Verify your identity
aws sts get-caller-identity
Expected output:
{
"UserId": "AIDAEXAMPLE",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/your-username"
}
# List S3 buckets
aws s3 ls
# List EC2 instances
aws ec2 describe-instances --query "Reservations[].Instances[].{ID:InstanceId,State:State.Name}" --output table
Upgrade AWS CLI
# Upgrade to the latest version
brew upgrade awscli
# Check the new version
aws --version
Uninstall AWS CLI
brew uninstall awscli
Alternative: Install Without Homebrew
If you prefer the official installer:
# Download the macOS installer
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
# Install
sudo installer -pkg AWSCLIV2.pkg -target /
# Verify
aws --version
The Homebrew method is easier to manage (upgrade/uninstall), which is why we recommend it.
Troubleshooting
“command not found: aws”
Homebrew didn’t add aws to your PATH. Fix:
# For Apple Silicon Macs (M1/M2/M3)
echo 'export PATH="/opt/homebrew/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc
# For Intel Macs
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc
“Unable to locate credentials”
Unable to locate credentials. You can configure credentials by running "aws configure".
Run aws configure and enter your access keys. Or check that your credentials file exists:
cat ~/.aws/credentials
“InvalidClientTokenId”
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation:
The security token included in the request is invalid.
Your access key is wrong or deactivated. Generate a new one in the IAM Console.
“ExpiredToken”
If using temporary credentials (SSO, assume role), refresh them:
aws sso login --profile your-profile
Old Version Still Showing
If aws --version shows v1 after installing v2:
# Check which aws binary is being used
which aws
# If it's /usr/local/bin/aws (old v1), remove it
sudo rm /usr/local/bin/aws
# Homebrew's version should now take priority
aws --version
Homebrew Permission Errors
# Fix permissions
sudo chown -R $(whoami) /opt/homebrew
# or for Intel Macs:
sudo chown -R $(whoami) /usr/local
Configuration Files
AWS CLI stores config in two files:
# Credentials (access keys)
~/.aws/credentials
# Configuration (region, output format)
~/.aws/config
Example ~/.aws/credentials:
[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[work]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Example ~/.aws/config:
[default]
region = us-east-1
output = json
[profile work]
region = eu-west-1
output = table
Using AWS CLI with Terraform
Once AWS CLI is configured, Terraform uses the same credentials automatically:
provider "aws" {
region = "us-east-1"
# Terraform reads ~/.aws/credentials automatically
# Or use a named profile:
# profile = "work"
}
Verify Terraform can access AWS:
terraform init
terraform plan
Useful AWS CLI Commands
# S3
aws s3 ls # List buckets
aws s3 cp file.txt s3://bucket/ # Upload file
aws s3 sync . s3://bucket/ # Sync directory
# EC2
aws ec2 describe-instances # List instances
aws ec2 start-instances --instance-ids i-12345 # Start
aws ec2 stop-instances --instance-ids i-12345 # Stop
# IAM
aws iam list-users # List IAM users
aws iam get-user # Current user info
# CloudFormation
aws cloudformation list-stacks # List stacks
# Output formatting
aws ec2 describe-instances --output table
aws ec2 describe-instances --output json
aws ec2 describe-instances --query "Reservations[].Instances[].InstanceId"
Links
Hands-On Courses
Learn by doing with interactive courses on CopyPasteLearn:
Conclusion
Installing AWS CLI on macOS with Homebrew is the simplest method: brew install awscli. Configure it with aws configure, test with aws sts get-caller-identity, and you’re ready to manage AWS from your terminal. Use brew upgrade awscli to keep it updated. Terraform picks up the same credentials automatically, so once AWS CLI works, Terraform works too.
