How do I fix "aws: command not found" errors?

You get this error because AWS CLI isn't installed or your PATH is fucked. Install AWS CLI v2 with the official installer, not homebrew or apt - those cause dependency hell. Run `which aws` to see if it's installed, and if it shows nothing, add the installation directory to your PATH. On macOS it's usually `/usr/local/bin/aws`. Warning: Homebrew installations can have PATH issues. If you get weird permission errors after brew install, uninstall and use the official installer.

What's the difference between AWS CLI v1 and v2?

AWS CLI v2 is what you want. V1 was a Python dependency nightmare that broke every time you updated anything. V2 embeds Python so you don't have to deal with conflicting packages. Plus it has SSO support, better pagination, and YAML output that doesn't look like garbage. Stick with v2 unless you're stuck on legacy systems.

How do I manage multiple AWS profiles?

Use `aws configure --profile profile-name` to create named profiles for different environments or accounts. Switch between profiles using `--profile` flag in commands or set `AWS_PROFILE` environment variable. Profiles support different authentication methods including IAM users, assumed roles, and SSO integration.

Can I use AWS CLI without storing credentials locally?

Yes, through multiple secure methods: IAM roles for EC2 instances, container task roles in ECS/Fargate, IAM Identity Center SSO, or environment variables for temporary credentials. These approaches avoid storing long-term keys that inevitably get leaked to GitHub.

Why do I get "Access Denied" errors even with admin permissions?

Access Denied errors are the worst - I've wasted entire afternoons on this shit. 90% of the time it's a region mismatch. You're trying to access a resource in us-west-2 but your CLI is defaulted to us-east-1. Always specify `--region` explicitly or you'll spend hours debugging phantom permissions issues. Other culprits: wrong AWS account (check with `aws sts get-caller-identity`), expired SSO credentials (run `aws sso login`), or you're hitting a resource-based policy that overrides your admin permissions. If you see `An error occurred (SignatureDoesNotMatch) when calling the X operation: Signature expired`, your system clock is wrong - sync your time. IAM evaluation is Byzantine - when in doubt, use the IAM policy simulator.

How do I debug AWS CLI permission issues?

Debugging permissions will eat your entire afternoon. Start with `aws sts get-caller-identity` to make sure you're authenticated as who you think you are. Use `--debug` flag to see the actual API calls - warning: it's extremely verbose but shows exactly what's failing. The IAM policy simulator is theoretically helpful but practically useless for complex scenarios. CloudTrail logs are your best bet for seeing exactly why something was denied, but you need CloudTrail enabled first (it's not free).

What IAM permissions does AWS CLI need?

Permissions depend on specific operations performed. Don't be lazy and grant `AdministratorAccess` to everything - use service-specific managed policies like `AmazonS3ReadOnlyAccess` instead of broad permissions like `PowerUserAccess`. Your security team will thank you when you're not the one who caused the next breach.

How do I set default regions and output formats?

Configure defaults using `aws configure` for the default profile or per-profile settings. Set `AWS_DEFAULT_REGION` environment variable for temporary overrides. Available output formats include json (default), yaml, yaml-stream, text, and table. Use `--output` flag for command-specific formatting.

Why are my AWS CLI commands slow?

AWS CLI is slow because you're doing something wrong. Most common issue: you're downloading huge result sets without pagination. Use `--max-items 10` to limit results, or `--page-size 100` for better performance with large datasets. Network latency kills performance - if you're in Europe hitting us-east-1 endpoints, everything will be slow. Set your default region properly. SSO authentication adds overhead too - temporary credentials need to be refreshed constantly which slows everything down.

How do I handle rate limiting and retry logic?

AWS loves to throttle you, especially if you're doing bulk operations. AWS CLI v2 handles retries automatically with exponential backoff, but you can still hit limits. For heavy API usage, add delays between operations or you'll get "Throttling" errors all day. S3 operations are the worst for rate limiting. If you're doing bulk uploads, use `aws s3 sync` instead of individual `aws s3 cp` commands - the sync command handles concurrency better.

How do I handle errors in AWS CLI scripts?

AWS CLI exit codes are actually useful: 0 = success, 1-2 = your fault, 3+ = AWS's fault. Use `set -e` in bash to bail out on errors, or check `$?` to handle specific failure cases. The JSON error output contains useful details, but you'll need to parse it with `jq` to extract anything meaningful. Real advice: Always check exit codes in automation. I've seen scripts continue running after auth failures and create resources in the wrong account.

Can I use AWS CLI in CI/CD pipelines?

Every CI/CD platform on the planet supports AWS CLI. Use IAM roles or platform-specific credential integrations (GitHub Actions has built-in AWS auth). **Never** hardcode access keys in your pipeline configs - I've seen this leak credentials to public repos more times than I can count. Docker images keep CLI versions consistent across environments. Pin to specific versions (`amazon/aws-cli:2.0.55`) or your pipeline will break when AWS updates something.

How do I parse AWS CLI output effectively?

AWS CLI output is ridiculously verbose by default. Learn JMESPath queries with `--query` to filter data at the source instead of downloading everything and parsing locally. The syntax looks like someone sneezed on a keyboard, but it's worth learning. For quick scripts, use `--output text` with `--query` to get just the values you need: ```bash aws ec2 describe-instances --query 'Reservations[*].Instances[*].InstanceId' --output text ``` For anything complex, pipe JSON to `jq` - it's more readable than JMESPath and every server has it installed. Just remember that `--output table` is useless for scripting but great for human consumption.

Currently viewing the AI version

Switch to human version

AWS CLI: AI-Optimized Technical Reference

EXECUTIVE SUMMARY

What it does: Command-line tool for managing AWS resources without browser-based console navigation
Why it matters: Manages 200+ AWS services from terminal, essential for automation and bulk operations
Critical decision point: Use v2 only - v1 is deprecated with Python dependency conflicts
Production readiness: Required for CI/CD, scales better than web console for operations

CONFIGURATION THAT WORKS IN PRODUCTION

Version Selection

Use AWS CLI v2 exclusively
Avoid v1: Python dependency conflicts, broken authentication, unreliable tab completion
Migration impact: Authentication behaviors differ between versions, breaks CI/CD pipelines
Installation method: Official installer only, avoid package managers (homebrew/apt cause PATH issues)

Authentication Setup

# SSO (recommended for multi-account)
aws configure sso
aws sso login --profile production

# Environment variables (CI/CD)
AWS_DEFAULT_REGION=us-west-2
AWS_PROFILE=production

Critical Settings

Always specify region explicitly: Defaults to us-east-1, causes 90% of "Access Denied" errors
Pin CLI versions in Docker: amazon/aws-cli:2.0.55 prevents breaking changes
Set default region in shell profile: Prevents accidental wrong-region resource creation

FAILURE MODES AND SOLUTIONS

Authentication Failures

Error	Root Cause	Solution	Time to Fix
`aws: command not found`	Installation/PATH issue	Use official installer, check PATH	15 minutes
`Error loading SSO Token`	Expired SSO session	`aws sso login`	2 minutes
`UnauthorizedOperation`	Wrong region or permissions	Check region, verify IAM policies	30-180 minutes
`SignatureDoesNotMatch`	System clock drift	Sync system time	5 minutes

Performance Issues

Slow commands: Using wrong region (latency), downloading large datasets without pagination
Rate limiting: Bulk operations without delays, S3 operations hit limits fastest
Solution: Use --page-size 100, --max-items 10, add delays between operations

Regional Configuration Failures

Problem: Commands default to us-east-1 regardless of intended region
Impact: Resources created in wrong region, debugging takes hours
Prevention: Set AWS_DEFAULT_REGION environment variable
Detection: Use aws sts get-caller-identity to verify account/region

RESOURCE REQUIREMENTS

Learning Curve

Basic usage: 2-4 hours (standard commands, authentication)
Advanced features: 8-16 hours (JMESPath queries, automation patterns)
Production expertise: 40+ hours (troubleshooting, security, multi-account)

Infrastructure Requirements

Bandwidth: Significant for large result sets, use pagination
Storage: Credential caching requires local storage
Network: Direct internet access to AWS endpoints required

Human Expertise Required

IAM permissions: Understanding of AWS security model essential
JSON/YAML parsing: Required for automation
Shell scripting: Necessary for production automation

CRITICAL WARNINGS

What Documentation Doesn't Tell You

Credential Handling in Containers
- Mounting ~/.aws fails on Windows WSL2
- Use IAM roles instead of credential files
- Credential files frequently committed to Git accidentally
Multi-Account Management
- SSO credential cache corrupts randomly (weekly on macOS)
- Profile switching doesn't update environment variables
- Wrong account operations can't be undone
Automation Gotchas
- Exit codes reliable for error handling (0=success, 1-2=user error, 3+=AWS error)
- Always use set -e in bash scripts
- Rate limiting requires exponential backoff

Breaking Points

1000+ API calls: Rate limiting becomes severe
Large S3 buckets: List operations timeout without pagination
Complex IAM: Policy evaluation becomes unpredictable
Multi-region: Authentication state doesn't transfer

IMPLEMENTATION PATTERNS

Production-Ready Automation

# Error handling
set -e
aws sts get-caller-identity > /dev/null  # Verify auth

# Region specification
aws ec2 describe-instances --region us-west-2 --output table

# Pagination for large datasets
aws s3api list-objects-v2 --bucket huge-bucket --page-size 100

Query Optimization

# Bandwidth-efficient filtering
aws ec2 describe-instances \
  --query 'Reservations[*].Instances[?State.Name==`running`].[InstanceId,Tags[?Key==`Name`].Value|[0]]' \
  --output table

DECISION CRITERIA

AWS CLI vs Alternatives

Factor	AWS CLI	Azure CLI	GCP CLI	Decision Impact
Service Coverage	200+ services	~150 services	100+ services	AWS wins for completeness
Installation Pain	Single binary	Package manager hell	Multi-component	AWS v2 simplest
Authentication	Complex but powerful	AD integration	OAuth-based	Choose based on existing identity system
Scripting Quality	Excellent exit codes	Good enough	Solid	AWS best for automation

When NOT to Use AWS CLI

One-off simple tasks: Web console faster for learning
Visual resource management: Console better for understanding relationships
Complex infrastructure: Consider Terraform/CloudFormation
Team without command-line experience: GUI tools more appropriate

TROUBLESHOOTING DECISION TREE

Authentication Error?
- Check aws sts get-caller-identity
- Verify region with --region flag
- Run aws sso login if using SSO
Slow Performance?
- Add --page-size for large datasets
- Check region latency
- Verify not hitting rate limits
Access Denied with Admin Permissions?
- 90% chance: wrong region
- Check resource-based policies
- Verify account with caller identity

MIGRATION CONSIDERATIONS

From AWS CLI v1

Breaking changes: Authentication behavior, output formats
Timeline: 2-4 hours for simple setups, 1-2 days for complex automation
Risk: CI/CD pipeline failures during transition
Mitigation: Test in non-production first, maintain parallel installations

Integration Requirements

CI/CD platforms: All major platforms supported
Container orchestration: Use official Docker images
Infrastructure tools: Terraform, CloudFormation integrate well
Monitoring: CloudTrail required for debugging permissions

SUCCESS METRICS

Performance Indicators

Command completion time: <5 seconds for simple operations
Authentication success rate: >99% with proper SSO setup
Script reliability: Zero manual intervention for routine operations
Error resolution time: <30 minutes for common issues

Quality Gates

All automation includes error handling
No hardcoded credentials in any scripts
Region specified explicitly in all commands
CLI version pinned in all containers

Useful Links for Further Investigation

Essential AWS CLI Resources

Link	Description
AWS CLI Official Homepage	The marketing page where AWS lies about how easy installation is. Has download links buried under feature fluff.
AWS CLI User Guide for Version 2	The actual documentation you'll bookmark. Covers everything from installation hell to why your credentials don't work.
AWS CLI Command Reference	Every single command AWS CLI supports, with examples that sometimes work. You'll live in this when you forget command syntax.
AWS CLI Version 2 Changelog	Check this when AWS inevitably breaks something with an update. Raw text file because AWS can't be bothered with pretty formatting.
AWS CLI GitHub Repository	Where you go to complain when AWS CLI does something stupid. Also where you'll find issues identical to yours that were closed without resolution.
Installing AWS CLI Version 2	The installation guide that makes it sound easier than it is. Follow this exactly or spend hours debugging PATH issues.
AWS CLI Docker Images	For when you want to containerize your CLI instead of fixing your local environment. Includes credential mounting hell.
Configuring the AWS CLI	How to set up authentication without leaking your keys to GitHub. Spoiler: most people still mess this up.
AWS CLI Workshop	Hands-on workshop where you'll break things in a safe environment before breaking them in production.
AWS CLI Cookbook Examples	Copy-pasteable examples organized by service. These actually work, unlike most Stack Overflow answers.
AWS CLI Best Practices Guide	Advanced patterns for when you've outgrown basic commands and want to do things properly.
IAM Best Practices for CLI Usage	How to not accidentally give your CLI admin access to everything. Read this before you become a security incident.
AWS CLI SSO Configuration	Enterprise SSO setup that sounds complicated but saves you from rotating access keys every 90 days.
AWS Security Token Service Documentation	How temporary credentials work when you want to assume roles properly instead of hardcoding admin keys.
Practicing CI/CD on AWS	AWS whitepaper on CI/CD best practices. Includes CLI usage patterns that actually work in production pipelines.
AWS CLI Exit Codes Reference	Exit codes that let your scripts know what went wrong. Because "Command failed" isn't helpful at 3 AM.
JMESPath Tutorial for AWS CLI	Learn the query language that looks like line noise but saves bandwidth. Interactive examples that actually help.
AWS CLI Extensions	Community-built extensions for functionality AWS forgot to include. Quality varies wildly.
AWS Samples Repository	AWS-provided sample scripts that sometimes work as advertised. Good starting point for common patterns.
AWS CLI Cheat Sheet	Commands you'll forget and need to look up constantly. Bookmark this for when your memory fails you.
AWS CDK CLI Documentation	For when you want to write infrastructure in TypeScript instead of bash scripts. Because apparently that's easier.
AWS SAM CLI	Serverless framework that works with AWS CLI. For when Lambda functions and API Gateway make you want to cry.
Terraform AWS Provider	Infrastructure as code for when you want state files to get corrupted instead of manually managing resources.

AWS CLI: AI-Optimized Technical Reference

EXECUTIVE SUMMARY

CONFIGURATION THAT WORKS IN PRODUCTION

Version Selection

Authentication Setup

Critical Settings

FAILURE MODES AND SOLUTIONS

Authentication Failures

Performance Issues

Regional Configuration Failures

RESOURCE REQUIREMENTS

Learning Curve

Infrastructure Requirements

Human Expertise Required

CRITICAL WARNINGS

What Documentation Doesn't Tell You

Breaking Points

IMPLEMENTATION PATTERNS

Production-Ready Automation

Query Optimization

DECISION CRITERIA

AWS CLI vs Alternatives

When NOT to Use AWS CLI

TROUBLESHOOTING DECISION TREE

MIGRATION CONSIDERATIONS

From AWS CLI v1

Integration Requirements

SUCCESS METRICS

Performance Indicators

Quality Gates

Useful Links for Further Investigation

Essential AWS CLI Resources

Related Tools & Recommendations

GitHub Actions is Fucking Slow: Alternatives That Actually Work

GitHub Actions Security Hardening - Prevent Supply Chain Attacks

GitHub Actions Cost Optimization - When Your CI Bill Is Higher Than Your Rent

Docker Daemon Won't Start on Windows 11? Here's the Fix

Deploy Django with Docker Compose - Complete Production Guide

Docker 프로덕션 배포할 때 털리지 않는 법

AWS CodeBuild - Managed Builds That Actually Work

Terraform is Slow as Hell, But Here's How to Make It Suck Less

Terraform - AWS 콘솔에서 3시간 동안 클릭질하는 대신 코드로 인프라 정의하기

Terraform Enterprise - HashiCorp's $37K-$300K Self-Hosted Monster

Pulumi : Ce que Personne ne Vous Dit Avant de Migrer

Terraform vs Pulumi : Mon retour d'expérience après 2 ans

Pulumi Review: Real Production Experience After 2 Years

AWS CDK Production Deployment Horror Stories - When CloudFormation Goes Wrong

AWS CDK - Finally, Infrastructure That Doesn't Suck

Terraform vs Pulumi vs AWS CDK: Which Infrastructure Tool Will Ruin Your Weekend Less?

Jenkins + Docker + Kubernetes: How to Deploy Without Breaking Production (Usually)

Stop Fighting Your CI/CD Tools - Make Them Work Together

GitHub Actions + Jenkins Security Integration

AWS Control Tower - The Account Sprawl Solution That Actually Works (If You're Lucky)