How to use Amazon EC2 command line interface?

The AWS command-line tools use private keys and certificates to establish your identity, just like the AWS web service APIs do. So you have to pass your private key or certificate with each command. (On a related note, you don't need to connect to an EC2 instance to run the commands. You can run them from any machine with the tools installed and an internet connection.)

It's usually easiest to create a script that sets the private key and certificate in EC2_PRIVATE_KEY and EC2_CERT environment variables. That way, you don't have to specify them explicitly via command-line options each time.

See the documentation below (especially the --private-key and --cert options) for more information. Common Options for API Tools

And as always, be careful not to share your private keys and certificates any more broadly than necessary.


Follow the steps to generate private-key and certificate for your AWS account.

Generating Your Aws Private Key & Certificate File

You have two choices:

1.You can export these keys (make sure it is in your bashrc file) and execute the EC2 commands

export EC2_PRIVATE_KEY=$HOME/<where your private key is>/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
export EC2_CERT=$HOME/<where your certificate is>/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
ec2-describe-images ami-12345abc

2.Give the path of private key & certificate file when you execute AWS in CLI

ec2-describe-images \
-C <path-to-certificate-file>/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem \
-K <path-to-private-key>/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem ami-12345abc

I would suggest to choose option 2, since it always make me remember those important files.


The easiest way to provide your access keys to the Amazon EC2 CLI is to set the AWS_ACCESS_KEY and AWS_SECRET_KEY environment variables. First, add the following lines to ~/.bashrc and save the file.

export AWS_ACCESS_KEY=your-aws-access-key-id

export AWS_SECRET_KEY=your-aws-secret-key

After you've updated ~/.bashrc, run the following command:

source ~/.bashrc

To verify that your CLI tools are set up correctly, run the following command:

ec2-describe-regions

Source: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/set-up-ec2-cli-linux.html