Chris Mitchell Online

Chris blogging about cloud, IT, and programming. What could go wrong?

Managing AWS CLI Accounts

2019-05-01

If you have multiple AWS accounts that you would like to access using the AWS CLI tools then you will need an easy way to switch between accounts before running any CLI commands. AWS Named Profiles offers an easy way to manage CLI access to your different AWS accounts.

Prerequisites

An AWS account with a user that can run commands using the CLI from multiple AWS accounts. I’m running CLI tools on a Mac using the native terminal. Instructions on how to get setup with the AWS CLI tools using your mac can be Found Here.

AWS Named Profiles

Installing the CLI tools will produce a local credentials file located at ~/.aws/credentials. This file contains headings with named profiles followed by the credentials needed to interact with your AWS account, aws_access_key_id and aws_secret_access_key. Each time you run an AWS CLI command, tool will read an environment variable called AWS_PROFILE to determine which account to use.

For example, my ~/.aws/credentials file looks like this:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Adding a New Profile

Using the AWS CLI tools we can add an entry to your local credentials file with the following command:

aws configure --profile [profile name]

where profile name is the name of your additional AWS account. Running this command will prompt you for the following:

  • AWS Access Key ID: Check your IAM user for the account you are trying to add
  • AWS Secret Access Key: Also check your IAM user for the account you are trying to add
  • Default region name: Enter a default region you would like to use, or leave blank
  • Default output format: Typically JSON

After running this command and filling in the blanks checking your credentials file you’ll see your new entry. In this example I used chrismitchellonline as my second AWS account:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[chrismitchellonline]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Switching AWS Profiles

Now that both profiles exist in your credentials file, its simple enough to change the AWS_PROFILE environment variable to use your new profile. run this command each time you need run a command against a different AWS account:

export AWS_PROFILE=chrismitchellonline.com

And conversely, you can switch back to your default AWS account by using:

export AWS_PROFILE=default

OR

export AWS_PROFILE=""

Conclusion

In this article we talked about using named profiles and the AWS CLI tool to switch between AWS accounts when using the CLI tools. This practice makes it easy to run CLI commands against multiple AWS accounts using IAM credentials to switch between accounts.

References

Official AWS documentation does a good job helping to get started with named profiles: AWS Official Documentation.

comments powered by Disqus