AWS CLI

Progress checklist

• AWS CLI v2 installed
• Credentials configured (IAM user or SSO)
• aws sts get-caller-identity returns expected account and identity

The AWS CLI is how you authenticate to AWS AWS
Amazon Web Services — the cloud platform used throughout this walkthrough. from your machine. Terraform uses the same credential chain to create resources, and aws eks update-kubeconfig uses it to write your kubeconfig after the cluster exists. Getting this right first avoids authentication errors in every subsequent step.

1. Install the AWS CLI. Required

   macOS

   Install via Homebrew

   brew install awscli

   Linux

   If needed, install unzip and curl first (e.g. sudo apt install -y unzip curl or sudo dnf install -y unzip curl).

   Install via curl

   curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
   unzip awscliv2.zip
   sudo ./aws/install --update

   For ARM (e.g. Graviton or Raspberry Pi):

   curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"
   unzip awscliv2.zip
   sudo ./aws/install --update

   Verify the installation:

   aws --version

   You should see aws-cli/2.x.x — version 2 is required.

2. Configure AWS access. Required

   Choose the path that matches how you set up access in the previous steps.

   IAM user (access keys)

   You need the Access Key ID and Secret Access Key you created in the AWS Account step.

   aws configure

   Enter the following when prompted:

   • AWS Access Key ID — the key ID (starts with AKIA...)
   • AWS Secret Access Key — the secret
   • Default region name — the region you chose (e.g. ap-southeast-6)
   • Default output format — json

   This writes credentials to ~/.aws/credentials and config to ~/.aws/config.

   IAM Identity Center (SSO)

   If you completed the IAM Identity Center step, your profile is already configured. Log in:

   aws sso login --profile eks-walkthrough

   To avoid typing --profile on every command, set the profile as your shell default:

   export AWS_PROFILE=eks-walkthrough

   Add the export to ~/.bashrc or ~/.zshrc to persist it across sessions.

   SSO sessions expire (typically after 1–8 hours depending on your permission set). Re-run aws sso login when the session expires.

3. Verify access. Required

   aws sts get-caller-identity

   Expected output:

   {
     "UserId": "AIDA...",
     "Account": "123456789012",
     "Arn": "arn:aws:iam::123456789012:user/eks-admin"
   }

   For IAM Identity Center the ARN will contain assumed-role instead of user. Either is correct as long as the account ID matches your account.

   Caution

   If the command returns an error like Unable to locate credentials, re-run aws configure (IAM user) or aws sso login (SSO) and try again.

4. Confirm the default region.

   aws configure get region

   The output should match the region you chose. If it’s blank or wrong, set it:

   aws configure set region ap-southeast-6

   Replace ap-southeast-6 with your region if different.

Next step

Continue to Terraform to install the infrastructure-as-code tool.