AWS CLI Profile Configuration Error: Fixing “The config profile (adminuser) could not be found”


4 views

When working with AWS CLI, profile configuration errors are common but often misunderstood. The error message The config profile (adminuser) could not be found typically indicates one of these scenarios:

  1. The profile section is missing in either ~/.aws/config or ~/.aws/credentials
  2. There's a mismatch between the profile naming in config and credentials files
  3. Improper file permissions preventing AWS CLI from reading the configuration

Here's the proper way to structure your AWS configuration files:

# ~/.aws/config
[default]
region = us-east-1
output = json

[profile adminuser]
region = us-east-1
output = json
# ~/.aws/credentials
[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[adminuser]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Notice two critical differences from your initial attempt:

  1. In config file, profiles (except default) must be prefixed with profile (e.g., [profile adminuser])
  2. In credentials file, profiles should NOT have the profile prefix (e.g., [adminuser])

After setting up your files correctly, verify the configuration with:

aws configure list --profile adminuser

This should output your configuration details. If you see empty values, there's still an issue with your setup.

If the problem persists:

  1. Ensure file permissions are correct (600 for both files): 
    chmod 600 ~/.aws/config ~/.aws/credentials
  2. Check for hidden characters or encoding issues: 
    cat -A ~/.aws/config
  3. Try specifying the config file explicitly: 
    AWS_CONFIG_FILE=~/.aws/config aws lambda list-functions --profile adminuser

For temporary usage, you can bypass profile configuration with environment variables:

export AWS_ACCESS_KEY_ID="AKIAXXXXXXXXXXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
export AWS_DEFAULT_REGION="us-east-1"
aws lambda list-functions
  • Always use profile prefix in config file (except for default)
  • Keep credentials file strictly for access keys
  • Consider using AWS named profiles for different environments
  • Use AWS CLI version 2 for better profile management

When working with AWS CLI, profile configuration is crucial for managing multiple AWS accounts or roles. The error "The config profile (adminuser) could not be found" typically occurs when:

  1. The profile section is missing in ~/.aws/config or ~/.aws/credentials
  2. There's a mismatch between profile names in config and credentials files
  3. The configuration files are not properly formatted

Here's the correct way to configure your AWS CLI for multiple profiles:

~/.aws/config

[default]
region = us-east-1
output = json

[profile adminuser]
region = us-east-1
output = json

~/.aws/credentials

[default]
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[adminuser]
aws_access_key_id = AKIAYYYYYYYYYYYYYYYY
aws_secret_access_key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
  • In the config file, profile names must be prefixed with profile (e.g., [profile adminuser])
  • In the credentials file, profile names should NOT be prefixed with profile
  • Both files must have matching profile sections for the same profile name

After setting up your configuration, verify it works with:

aws sts get-caller-identity --profile adminuser

If properly configured, this will return information about the IAM user or role associated with the profile.

Case 1: When you get "You must specify a region" error even after configuring it:

aws lambda list-functions --profile adminuser --region us-east-1

Case 2: If you're still having issues, check file permissions:

chmod 600 ~/.aws/credentials
chmod 600 ~/.aws/config

Case 3: For debugging purposes, you can enable debug output:

AWS_DEBUG=True aws lambda list-functions --profile adminuser

Instead of manually editing files, you can use the AWS CLI configure command:

aws configure --profile adminuser

This will interactively prompt you for the access key, secret key, region, and output format.

When writing scripts, it's often better to set the profile through environment variables:

export AWS_PROFILE=adminuser
aws lambda list-functions

Or for temporary use in a single command:

AWS_PROFILE=adminuser aws lambda list-functions