Yes. AWS CLI is free and open-source under the Apache 2.0 license. You pay for the AWS resources your agent creates or manages, not the CLI itself. It works with AWS Free Tier accounts. Setup takes 60 seconds with `aws configure`.

What is the difference between AWS CLI v1 and v2?

AWS CLI v2 is the current, actively developed version with auto-complete, SSO support, interactive wizards, and bundled installers that do not require Python. V1 enters maintenance mode on July 15, 2026. Use v2 exclusively for new projects and agent workflows.

How do you manage multiple AWS accounts with the CLI?

Use named profiles. Run `aws configure --profile staging` to set up credentials for each account. Your agent switches between environments with `--profile staging` on any command. For AWS SSO, `aws configure sso` sets up profiles that authenticate through your identity provider with automatic token refresh.

Does AWS CLI work with MCP servers?

Yes. AWS provides official MCP servers through the `awslabs/mcp` repository on GitHub. The MCP servers give AI agents structured access to AWS services via the Model Context Protocol. They complement the CLI for agent workflows. Your agent can use both depending on the operation.

Can AWS CLI be used in CI/CD pipelines?

Yes. AWS CLI is the standard for CI/CD automation. Set `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` as environment variables, or use IAM roles via OIDC federation (GitHub Actions) or instance profiles (EC2). Most CI platforms pre-install the CLI or provide a setup action.

AWS CLI

16.8k stars

official open-source Has MCP macOS Linux Windows Actively maintained

Amazon's official command-line tool for managing AWS services. Control EC2, S3, Lambda, IAM, and 200+ services from the terminal.

AWS CLI has both a CLI and an MCP server. See when to use each

Part of the AWS CLI tools for AI agents

What your agent can do

A Lambda function can't write to S3. Debugging this through the Console means clicking through IAM roles, expanding inline policies, checking managed policies, verifying the trust relationship, inspecting the bucket's resource-based policy, then checking SCPs at the org level. Six screens for one "Access Denied" error. Your agent runs `aws iam simulate-principal-policy` and gets the answer in seconds.Your agent has direct access to every AWS service API through the CLI. It runs `aws logs filter-log-events --log-group-name /app/production --filter-pattern "ERROR" --start-time $(date -d '1 hour ago' +%s000)` to search CloudWatch logs. It runs `aws ecs update-service --force-new-deployment` to roll out a new container image. It runs `aws s3 sync ./dist s3://my-bucket --delete` to push static assets to a CDN. One command each, replacing minutes of Console clicking.The `--query` flag uses JMESPath expressions to filter API responses. Your agent doesn't parse raw JSON. It runs `aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,State.Name,Tags[?Key==Name].Value|[0]]' --output table` and gets exactly the data it needs. Four output formats (JSON, table, text, YAML) mean the agent picks the right one for the task.Named profiles handle multi-account workflows. Your agent switches between dev, staging, and production with `--profile` instead of juggling browser sessions. SSO integration authenticates once, and the CLI handles token refresh across all accounts.AWS shipped Agent Plugins in February 2026. The `deploy-on-aws` plugin accepts plain English like "deploy this Express app to AWS" and the agent scans the codebase, recommends architecture (App Runner for backend, RDS for DB, CloudFront + S3 for frontend), generates infrastructure code, and produces cost estimates. Under 10 minutes vs. hours of manual Console configuration.The Console has a hidden "Console-to-Code" feature that records your clicks and generates equivalent CLI commands. AWS itself acknowledges the Console is too slow for repeatable work. Your agent skips the middleman entirely.

Limitations

AWS-only. No cross-cloud support. The CLI covers 200+ services with thousands of subcommands, so your agent needs context about which service and operation to use. For repeatable infrastructure provisioning, Terraform or CloudFormation are better than imperative CLI commands. The CLI lacks `--dry-run` for many destructive operations, so your agent should validate before executing deletes.

Key Commands

aws configure Set up credentials, default region, and output format interactively

aws s3 ls List S3 buckets or objects in a bucket

aws s3 cp Copy files between local filesystem and S3

aws ec2 describe-instances List EC2 instances with details like state, type, and IP

aws lambda invoke Invoke a Lambda function and capture the response

aws iam list-users List IAM users in your AWS account

aws sts get-caller-identity Verify which AWS identity your CLI session is using

GitHub Stats

repo aws/aws-cli

stars 16.8k

language Python

license Apache-2.0

last commit Mar 13, 2026

Links

Official documentation docs.aws.amazon.com/cli/latest/userguide/ Command reference awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html GitHub repository github.com/aws/aws-cli AWS MCP servers github.com/awslabs/mcp

Alternatives

tool	description
AWS CLI	current tool
AWS CloudShell	Browser-based shell with AWS CLI pre-installed. No local setup required, runs inside the AWS Console.
aws-shell	Interactive shell for AWS CLI with inline documentation, autocomplete, and fuzzy search. Built by AWS.
awsume	Tool for managing and switching between AWS profiles and roles. Simplifies multi-account credential management.
Steampipe	Query AWS resources using SQL. Treats cloud APIs as database tables for compliance, inventory, and reporting.

FAQ

Is AWS CLI free?: Yes. AWS CLI is free and open-source under the Apache 2.0 license. You pay for the AWS resources your agent creates or manages, not the CLI itself. It works with AWS Free Tier accounts. Setup takes 60 seconds with `aws configure`.
What is the difference between AWS CLI v1 and v2?: AWS CLI v2 is the current, actively developed version with auto-complete, SSO support, interactive wizards, and bundled installers that do not require Python. V1 enters maintenance mode on July 15, 2026. Use v2 exclusively for new projects and agent workflows.
How do you manage multiple AWS accounts with the CLI?: Use named profiles. Run `aws configure --profile staging` to set up credentials for each account. Your agent switches between environments with `--profile staging` on any command. For AWS SSO, `aws configure sso` sets up profiles that authenticate through your identity provider with automatic token refresh.
Does AWS CLI work with MCP servers?: Yes. AWS provides official MCP servers through the `awslabs/mcp` repository on GitHub. The MCP servers give AI agents structured access to AWS services via the Model Context Protocol. They complement the CLI for agent workflows. Your agent can use both depending on the operation.
Can AWS CLI be used in CI/CD pipelines?: Yes. AWS CLI is the standard for CI/CD automation. Set `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` as environment variables, or use IAM roles via OIDC federation (GitHub Actions) or instance profiles (EC2). Most CI platforms pre-install the CLI or provide a setup action.