Curious about the differences between ~/.aws/credentials and ~/.aws/config? This article nails it. Software archeology thread time! The reason I changed the config file to require a profile prefix back in the day was because there are other non-profile sections you can add. https://twitter.com/ben11kehoe/status/1294296668074991616

Originally, there was only ~/.aws/config supported by the CLI. We saw value in separating config vs. secrets/credentials, and besides not every SDK could support all the CLI's config options. Hence ~/.aws/credentials was born, supported by all SDKs.

The ~/.aws/credentials file only supported static credentials, which was always tied to a profile, so the "profile" prefix was unnecessary and dropped from ~/.aws/credentials. Conceptually we then merge ~/.aws/credentials on top of ~/.aws/config.

Next, due to an "implementation quirk" (i.e me not being careful when I coded it), we inadvertently let you specify things like "region" in ~/.aws/credentials. Unintentional and undocumented. Naturally, people immediately relied on this behavior.

Eventually, customers wanted this *exact* behavior of the CLI in all the AWS SDKs (including ~/.aws/config support) so we added an "AWS_SDK_LOAD_CONFIG" env var. Set this var if you want consistent behavior with the CLI (which you do).

If I could redesign this and go for something more ambitious I'd try: 1) ~/.aws/config file contains profile-only data, no CLI specific stuff 2) CLI stuff goes to a new ~/.aws/cli/config and 3) Remove ~/.aws/credentials and disallow static creds in plain text in general.