AWS CLI Credentials Not Found — Unable to Locate Credentials Error
About AWS CLI Credentials Not Found
Fix AWS CLI 'Unable to locate credentials' error when running commands without configured access keys, IAM roles, or environment variables. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: AWS CLI requires credentials (access key ID and secret access key) to authenticate API requests. Credentials can come from: environment variables, ~/.aws/credentials file, IAM roles, or SSO. The error 'Unable to locate credentials' means none of the credential sources returned valid credentials. AWS CLI checks credentials in order: environment variables > credentials file > IAM instance role. On EC2 instances, IAM instance profiles provide credentials automatically without configuration. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: AWS CLI not configured — aws configure was never run on this machine. Credentials file (~/.aws/credentials) missing, corrupted, or has wrong permissions. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) not set or expired. IAM role not attached to the EC2 instance, Lambda function, or ECS task. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Run 'aws configure' and enter your access key ID, secret access key, default region, and output format. Verify credentials file exists: cat ~/.aws/credentials — should have [default] profile with keys. For EC2: attach an IAM instance profile/role to the instance via AWS Console > EC2 > Actions > Security. For temporary credentials: set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables. Test configuration: run 'aws sts get-caller-identity' to verify credentials are working. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Linux Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Should I use access keys or IAM roles?
Always prefer IAM roles over access keys. IAM roles provide temporary credentials that rotate automatically. Access keys are long-lived and must be manually rotated. Use roles for EC2, Lambda, ECS, and any AWS service.
Overview
Fix AWS CLI 'Unable to locate credentials' error when running commands without configured access keys, IAM roles, or environment variables.
Key Details
- AWS CLI requires credentials (access key ID and secret access key) to authenticate API requests
- Credentials can come from: environment variables, ~/.aws/credentials file, IAM roles, or SSO
- The error 'Unable to locate credentials' means none of the credential sources returned valid credentials
- AWS CLI checks credentials in order: environment variables > credentials file > IAM instance role
- On EC2 instances, IAM instance profiles provide credentials automatically without configuration
Common Causes
- AWS CLI not configured — aws configure was never run on this machine
- Credentials file (~/.aws/credentials) missing, corrupted, or has wrong permissions
- Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) not set or expired
- IAM role not attached to the EC2 instance, Lambda function, or ECS task
Steps
- 1Run 'aws configure' and enter your access key ID, secret access key, default region, and output format
- 2Verify credentials file exists: cat ~/.aws/credentials — should have [default] profile with keys
- 3For EC2: attach an IAM instance profile/role to the instance via AWS Console > EC2 > Actions > Security
- 4For temporary credentials: set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables
- 5Test configuration: run 'aws sts get-caller-identity' to verify credentials are working