Setting the connect timeout in AWS CLI controls how long the client waits to open a network connection to an AWS endpoint before it fails. That matters on VPN links, proxy chains, private connectivity, and high-latency networks where the default wait might be longer than desired for fast failure or too short for a legitimate remote path.
The persistent setting is stored as cli_connect_timeout in the shared config file for the active profile. aws configure set writes the value into [default] or a named [profile NAME] section without making an AWS API call, and aws configure get reads the saved value back from that same file. An unqualified variable name such as cli_connect_timeout is scoped to the current profile, or to default when no profile is selected.
The timeout value is measured in seconds. Current AWS CLI documentation sets the default to 60, while 0 makes the socket connect wait indefinitely. The global --cli-connect-timeout option can override the saved profile value for one command, and AWS_CONFIG_FILE can redirect the CLI to a non-default config path.
Related: How to set AWS CLI read timeout
Related: How to configure multiple AWS CLI profiles
Steps to set AWS CLI connect timeout:
- Set the connect timeout for the default profile when most commands on the workstation should use the same connection window.
$ aws configure set cli_connect_timeout 90
This writes
cli_connect_timeout = 90
under the
[default]
section in ~/.aws/config.
- Set a different connect timeout on a named profile when one account, proxy path, or network segment needs a different limit.
$ aws configure set cli_connect_timeout 30 --profile audit
The --profile flag writes the setting under
[profile audit]
and leaves the default profile unchanged.
- Read the saved value back from each updated profile to confirm that the persistent config changed.
$ aws configure get cli_connect_timeout 90 $ aws configure get cli_connect_timeout --profile audit 30
aws configure get reads the shared config file only, so the output confirms the stored profile value rather than a one-command override from the current shell.
- Inspect the shared config file when the exact profile section or saved line needs to be confirmed directly.
$ sed -n '1,20p' ~/.aws/config [default] cli_connect_timeout = 90 [profile audit] cli_connect_timeout = 30
If AWS_CONFIG_FILE is set, inspect that path instead of the default shared file. On Windows, the equivalent default path is
%USERPROFILE%\.aws\config
.
Related: How to find the AWS CLI config file
- Override the saved value for one command when a single request should fail faster or wait longer without changing the profile permanently.
$ aws sts get-caller-identity --profile audit --cli-connect-timeout 10
The global --cli-connect-timeout option takes precedence over the saved profile setting for that one invocation.
- Set the value to 0 only when an indefinite connect wait is intentional and the calling environment already has its own timeout or watchdog controls.
$ aws configure set cli_connect_timeout 0 --profile audit $ aws configure get cli_connect_timeout --profile audit 0
A value of 0 makes the socket connect wait indefinitely, which can leave interactive shells and automation blocked on a dead or unreachable network path.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
