The EC2 tools predate this scheme and still refuse to use it, preferring the credentials to be set directly in the environment. I decided to over-engineer it and pull the EC2 environment variables from the file:
export AWS_ACCESS_KEY=$(grep '^AWSAccessKeyId' "$AWS_CREDENTIAL_FILE" | cut -d= -f2)
export AWS_SECRET_KEY=$(grep '^AWSSecretKey' "$AWS_CREDENTIAL_FILE" | cut -d= -f2)
(Those will probably wrap on blogger; in code, they're two lines, each beginning with "export".) Now I can put the credentials in one place, and they're available to all of the tools.