The "old" command line tools all used different auth mechanisms - some pulled from env vars, others wanted one type of config file or another, etc. I know very early tools allowed you to use an X.509 certificate, but have never used that. I don't believe that the X.509 cert is the same key that you use to launch instances.
I would recommend using the new "unified" aws cli tools, which have a single config file, and allow you to store multiple profiles in that file.