How to find the AWS CLI config file location

Finding the active AWS CLI config file matters before changing the default Region, output format, assumed-role profile, or IAM Identity Center session settings. Resolving the file path first avoids editing the wrong file when a shell or project uses a non-default configuration location.

The AWS CLI reads named profile settings from the shared config file and uses ~/.aws/config by default on Linux and macOS. On Windows, the same file lives under %USERPROFILE%\.aws\config. If AWS_CONFIG_FILE is set, that environment variable replaces the home-directory default for the current shell or process.

This page is about the config file only. Access keys normally stay in the shared credentials file, and variables such as AWS_REGION or AWS_PROFILE can override values that would otherwise come from the config file. A missing config file can still be normal on a new workstation until aws configure, aws configure sso, or a manual edit creates it.

Steps to find the AWS CLI config file location:

Print the default shared config file path for the current home directory.
```
$ printf '%s\n' "$HOME/.aws/config"
/home/user/.aws/config
```
On Windows, the default file is %USERPROFILE%\.aws\config.
Check whether AWS_CONFIG_FILE is replacing that default path in the current shell.
```
$ printenv AWS_CONFIG_FILE
```
If this prints a path, that path is the active config file location. No output means the AWS CLI still uses the default path from the previous step.

Related: How to use AWS CLI environment variables
Confirm that the resolved file exists before opening or editing it.
```
$ ls -l "${AWS_CONFIG_FILE:-$HOME/.aws/config}"
-rw------- 1 user user 94 Mar 29 06:45 /home/user/.aws/config
```
No such file or directory means the file has not been created at that path yet or the override points to the wrong file.

Run aws configure list to see which source supplied the active profile settings.

$ aws configure list
NAME       : VALUE                    : TYPE             : LOCATION
profile    : <not set>                : None             : None
access_key : ****************MPLE     : shared-credentials-file :
secret_key : ****************EKEY     : shared-credentials-file :
region     : ap-southeast-1           : config-file      : ~/.aws/config

The LOCATION column shows the config file only for values that came from that file. If TYPE is env or None, the current shell is overriding the value or no value is set.

Repeat the same check with --profile when the settings live in a named profile section.

$ aws configure list --profile audit
NAME       : VALUE                    : TYPE             : LOCATION
profile    : audit                    : manual           : --profile
access_key : ****************MPLE     : shared-credentials-file :
secret_key : ****************EKEY     : shared-credentials-file :
region     : us-east-1                : config-file      : ~/.aws/config

--profile changes which profile section the AWS CLI reads, but it does not change the shared config file path unless AWS_CONFIG_FILE is also set.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.