Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Clicking around the console is fine for the first hour and a liability after that — every real workflow eventually moves to the CLI or to an IaC tool that wraps the CLI's API surface. Getting all four installed, authenticated, and producing JSON you can pipe into jq is the on-ramp to everything else in this course.
Install each CLI, authenticate, and make one read-only API call that proves the credential chain works end-to-end.
aws configure list and az account show and confirm the printed identity matches the email you signed up with — wrong identity here will cost you hours later.alias awsr='aws ec2 describe-regions --output json | jq') so you build muscle memory.Use these three in order. Each builds on the one before.
In one paragraph, explain how cloud CLIs authenticate like I'm new to it, covering API keys, OAuth browser login, and instance metadata.
Walk me through how `aws sts get-caller-identity` actually works step by step — from reading ~/.aws/credentials, to signing the request with SigV4, to the IAM evaluation that returns my ARN.
Given a developer laptop that needs to switch between three AWS accounts, two GCP projects, and an Azure tenant daily, design a credential-management setup using profiles, aws-vault, gcloud configurations, and az contexts.
# Install (macOS via homebrew, Linux via official installer)
brew install awscli # or: curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o awscli.zip && unzip awscli.zip && sudo ./aws/install
aws --version
aws configure # paste access key, secret, region, output=json
# Read-only smoke test — if this works, your creds are good
aws sts get-caller-identity
aws ec2 describe-regions --query 'Regions[0:3].RegionName' --output table