Prerequisites to use the Amazon CLI version 2 - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Prerequisites to use the Amazon CLI version 2

To access Amazon services with the Amazon CLI, you need an Amazon Web Services account and IAM credentials. When running Amazon CLI commands, the Amazon CLI needs to have access to those Amazon credentials. To increase the security of your Amazon account, we recommend that you do not use your root account credentials. You should create a user with least privilege to provide access credentials to the tasks you'll be running in Amazon.

Create an IAM or IAM Identity Center administrative account

Before you can configure the Amazon CLI, you need to create an IAM or IAM Identity Center account.

Secure IAM users

After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the IAM User Guide:

Next steps

After creating an Amazon Web Services account and IAM credentials, to use the Amazon CLI you can do one of the following: