How to find the AWS CLI config file

Finding the active AWS CLI config file matters before changing the default Region, output format, retry behavior, role settings, or IAM Identity Center profile data. Editing the wrong file leaves commands reading stale values and makes profile troubleshooting harder than it needs to be.

The AWS CLI reads shared configuration from a plaintext file named config inside the local .aws directory for the current user context. That file usually stores non-secret settings such as region, output, named profile blocks, role settings, and sso_* entries, while long-term access keys usually live in the separate shared credentials file.

The default config path is ~/.aws/config on Linux and macOS and %USERPROFILE%\.aws\config on Windows, but AWS_CONFIG_FILE can redirect the CLI to another local path. A missing file can be normal in a new environment or when commands rely on environment variables instead of profile files, and a different home directory changes the default location as well.

Steps to find the AWS CLI config file:

Print the effective config path for the current shell, falling back to the default home-directory location when AWS_CONFIG_FILE is unset.
```
$ printf '%s\n' "${AWS_CONFIG_FILE:-$HOME/.aws/config}"
/home/user/.aws/config
```
On Windows, the default path is %USERPROFILE%\.aws\config unless AWS_CONFIG_FILE overrides it.
Check whether the current shell is overriding the default path explicitly.
```
$ printenv AWS_CONFIG_FILE
/opt/project/aws-config
```
No output means the CLI is still using the default path from the previous step.

Related: How to use environment variables in AWS CLI
Verify that the resolved file exists before opening it.
```
$ ls -l "${AWS_CONFIG_FILE:-$HOME/.aws/config}"
-rw-------  1 user  user  82 Mar 29 09:10 /home/user/.aws/config
```
A No such file or directory result usually means the config file has not been created yet or the override points somewhere else.
Inspect the file contents to confirm that the path is the shared AWS CLI config file.
```
$ sed -n '1,40p' "${AWS_CONFIG_FILE:-$HOME/.aws/config}"
[default]
region = ap-southeast-1
output = json

[profile audit]
region = us-east-1
output = table
```
The shared config file uses [default] and [profile name] headers. Role settings, IAM Identity Center settings, and other profile options live here, while long-term keys usually stay in the shared credentials file.

Related: How to find the AWS CLI credentials file
Ask the CLI which file supplied the active profile settings by reading the LOCATION column in aws configure list.
```
$ aws configure list
NAME       : VALUE                    : TYPE             : LOCATION
profile    : <not set>                : None             : None
access_key : <not set>                : None             : None
secret_key : <not set>                : None             : None
region     : ap-southeast-1           : config-file      : ~/.aws/config
```
The LOCATION column shows the path for values that actually came from the config file. When AWS_CONFIG_FILE points elsewhere, the same column shows that custom absolute path instead of ~/.aws/config, while rows showing None are unset or coming from another source.

Repeat the location check with --profile when the target settings belong to a named profile.

$ aws configure list --profile audit
NAME       : VALUE                    : TYPE             : LOCATION
profile    : audit                    : manual           : --profile
access_key : <not set>                : None             : None
secret_key : <not set>                : None             : None
region     : us-east-1                : config-file      : ~/.aws/config

The profile selector changes which section is read, but the LOCATION column still identifies the shared config file backing that profile.