If you have multiple AWS accounts that you would like to access using the AWS CLI tools then you will need an easy way to switch between accounts before running any CLI commands. AWS Named Profiles offers an easy way to manage CLI access to your different AWS accounts.
An AWS account with a user that can run commands using the CLI from multiple AWS accounts. I’m running CLI tools on a Mac using the native terminal. Instructions on how to get setup with the AWS CLI tools using your mac can be Found Here.
AWS Named Profiles
Installing the CLI tools will produce a local credentials file located at ~/.aws/credentials. This file contains headings with named profiles followed by the credentials needed to interact with your AWS account, aws_access_key_id and aws_secret_access_key. Each time you run an AWS CLI command, tool will read an environment variable called AWS_PROFILE to determine which account to use.
For example, my ~/.aws/credentials file looks like this:
[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Adding a New Profile
Using the AWS CLI tools we can add an entry to your local credentials file with the following command:
aws configure --profile [profile name]
where profile name is the name of your additional AWS account. Running this command will prompt you for the following:
- AWS Access Key ID: Check your IAM user for the account you are trying to add
- AWS Secret Access Key: Also check your IAM user for the account you are trying to add
- Default region name: Enter a default region you would like to use, or leave blank
- Default output format: Typically JSON
After running this command and filling in the blanks checking your credentials file you’ll see your new entry. In this example I used chrismitchellonline as my second AWS account:
[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY [chrismitchellonline] aws_access_key_id=AKIAI44QH8DHBEXAMPLE aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Switching AWS Profiles
Now that both profiles exist in your credentials file, its simple enough to change the AWS_PROFILE environment variable to use your new profile. run this command each time you need run a command against a different AWS account:
And conversely, you can switch back to your default AWS account by using:
In this article we talked about using named profiles and the AWS CLI tool to switch between AWS accounts when using the CLI tools. This practice makes it easy to run CLI commands against multiple AWS accounts using IAM credentials to switch between accounts.
Official AWS documentation does a good job helping to get started with named profiles: AWS Official Documentation.