Introduction

Yes, but the right method depends on what you actually need. If your tooling understands AWS profiles, setting AWS_PROFILE is often enough; if a process needs raw environment variables such as AWS_ACCESS_KEY_ID, then you need to export those values explicitly or use an AWS CLI command that prints them for you.

Profiles and environment variables are different layers

An AWS CLI profile is a named configuration stored in files under ~/.aws/, typically config and credentials. Environment variables are process-level overrides such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and AWS_REGION.

That distinction matters because environment variables usually win over profile settings. If a shell already exports AWS credential variables, simply setting AWS_PROFILE may not change the behavior you expect.

The simplest option: export AWS_PROFILE

If the program you are running already understands shared AWS config files, the easiest approach is often just:

export AWS_PROFILE=work
export AWS_REGION=$(aws configure get region --profile work)

After that, AWS SDKs and the AWS CLI can resolve credentials from the named profile without copying secrets into the shell environment.

This is usually better than exporting raw keys when the toolchain already knows how to use profiles. It also keeps temporary credentials refreshable when the profile uses an external credential process.

Exporting raw credentials from a profile

If you really need environment variables, you can read the values from the profile and export them:

1export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile work)
2export AWS_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key --profile work)
3export AWS_SESSION_TOKEN=$(aws configure get aws_session_token --profile work)
4export AWS_DEFAULT_REGION=$(aws configure get region --profile work)

This works for ordinary static credential profiles. It is less reliable for more advanced setups such as AWS SSO or role-chaining, where the profile may not store long-lived access keys directly.

Using AWS CLI credential export

When available in your AWS CLI version, aws configure export-credentials is a cleaner way to print credentials in shell-friendly form:

aws configure export-credentials --profile work --format env

That is useful when you need to hand credentials to a subprocess or source them into a shell script. It also avoids manually assembling several aws configure get calls yourself.

When wrappers are a better fit

For temporary sessions, especially with SSO or assumed roles, tools such as aws-vault exec are often safer than exporting credentials permanently into the shell. They launch a child process with the right environment already populated and avoid leaving secrets behind in long-lived terminals.

That is an operational improvement as much as a convenience improvement.

Security and shell hygiene

Raw AWS environment variables are powerful. Once exported, any subprocess launched from that shell can use them. That is why profiles or short-lived wrappers are generally safer than sprinkling permanent exports across shell startup files.

If you do export credentials, prefer session-scoped shells and avoid writing secrets into command history or committed scripts.

Common Pitfalls

• Exporting raw keys when AWS_PROFILE alone would have been enough.
• Forgetting that existing environment variables override the selected profile.
• Assuming static exports will work for SSO or short-lived role credentials forever.
• Leaving exported credentials in long-lived shells or shell startup files without need.

Summary

• Yes, you can export profile-based AWS credentials into environment variables.
• In many cases, setting AWS_PROFILE is the simpler and safer option.
• For raw variables, use aws configure get or a credential-export command when available.
• Be careful with precedence and security because exported variables override profile resolution.