AWS CLI Cache

Why clean AWS CLI Cache?

• Expired STS session files in the cache can make commands fail with ExpiredToken or InvalidClientTokenId until the CLI fetches fresh credentials
• Corrupted JSON cache entries under ~/.aws/cli/cache can trigger credential resolution errors, showing up as sudden auth failures even though the profile configuration is still correct
• Stale AssumeRole cache data after permission or trust-policy changes can cause AccessDenied responses until the old cached session is discarded
• Switching between accounts, roles, or SSO sessions can leave behind many cached credential files, making the cache directory grow unexpectedly and clutter disk usage
• Cached temporary credentials tied to an old MFA or SSO login state can cause repeated prompts or confusing login failures until the session cache is rebuilt
• After clock skew corrections or local time changes, previously cached temporary credentials may appear invalid, and users often notice commands that worked earlier now fail immediately
• Old cache files can make troubleshooting harder because the CLI keeps reusing a bad session; clearing them forces a clean credential refresh without changing profiles or saved settings

Common questions about AWS CLI Cache

Download Kudu and reclaim your disk space.

Available on Windows, macOS, and Linux. No account required, no feature gates, no telemetry without consent. All cleaning targets are open source and community-auditable.