DEV Community

Cover image for AWS CLI — Multiple profiles
Bachar Hakam for AWS Community Builders

Posted on • Originally published at Medium

AWS CLI — Multiple profiles

How to take advantage of multiple profiles feature? (with examples and tips)

Why and How?

The cloud environment should have multiple accounts, according to AWS best practice "Well-Architected Framework". Based on the security requirements, each account has different groups, roles, and users.
In such a configuration, you may have multiple profiles to use on a daily basis, either between different accounts or even within the same account, with each profile having different permissions or roles.

Setting Multiple profiles

Here is how you can add multiple profiles on AWS CLI

To create multiple AWS CLI profiles, you can use the aws configure command. This command will prompt you for information such as your AWS Access Key ID and Secret Access Key, as well as the default region and output format for your profile.

To create a new profile, you can use the --profile option, followed by the name of your profile. For example, if you wanted to create a profile named "dev", you could use the following command:

aws configure --profile dev


You can create as many profiles as you need, each with its own set of credentials and configuration options.

To use a specific profile, you can use the --profile option followed by the name of the profile you want to use. For example, if you wanted to use the "dev" profile you created earlier, you could use the following command:

aws s3 ls --profile dev

Now let's walk through the steps:

  1. Open the command line or terminal.

  2. Type in the following command: aws configure

  3. When prompted, enter the access key ID and secret access key for the first profile.

  4. When prompted for the default region name and output format, enter the desired values for the first profile.

  5. Repeat steps 2-4 for each additional profile, using a different name and access key ID/secret access key for each one.

  6. To switch between profiles, use the --profile flag followed by the profile name in subsequent AWS CLI commands. For example, to use the "dev" profile, you would use the command: aws --profile dev [command] [options]

  • Here is an example:
PS C:\> aws configure
AWS Access Key ID [None]: ANY0TH3R4CC3SSK3YL6V
AWS Secret Access Key [None]: 0C+tH1Sc0uLdb3aNYS3CR3tk3YG3n3RAt3d92
Default region name [None]: us-east-1
Default output format [None]: json

Enter fullscreen mode Exit fullscreen mode
  • Add another profile:
PS C:\> aws configure --profile userdev2
AWS Access Key ID [None]: ANY0TH3R4CC3SSK3YOOZ
AWS Secret Access Key [None]: cP-0C+tH1Sc0uLdb3aNYS3CR3tk3YG3n3RAt3d6z
Default region name [None]: us-east-1
Default output format [None]: json
Enter fullscreen mode Exit fullscreen mode
  • To list the available profiles, run the this command:
PS C:\>  aws configure list-profiles
default
userdev2
Enter fullscreen mode Exit fullscreen mode
  • To view the default profile, run the below command:
PS C:\> aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                  userdev              env    ['AWS_PROFILE', 'AWS_DEFAULT_PROFILE']
access_key     ****************YL6V              env
secret_key     ****************3d92              env
    region                us-east-1      config-file    ~/.aws/config
Enter fullscreen mode Exit fullscreen mode
  • To view another profile, add "--profile" and the name of the profile to the above command:
PS C:\> aws configure list --profile userdev2
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                 userdev2           manual    --profile
access_key     ****************AGGH shared-credentials-file
secret_key     ****************Fpne shared-credentials-file
    region                us-east-1      config-file    ~/.aws/config

Enter fullscreen mode Exit fullscreen mode

So what is the default profile?

The default profile is determined by the settings in the ~/.aws/credentials file on your local machine. You do not need to add "--profile" in your AWS CLI command, you can just type: aws [command] [options]

You can change the default profile manually by editing the ~/.aws/credentials file or you can run this command:

  • Windows - PowerShell:
PS C:\> $Env:AWS_PROFILE = 'userdev2'
Enter fullscreen mode Exit fullscreen mode
  • Windows - CMD:

The below command will change the variable in the current CMD session only!

set AWS_PROFILE=userdev2
Enter fullscreen mode Exit fullscreen mode

The below command will change the variable in all NEW CMD sessions

setx AWS_PROFILE userdev2
Enter fullscreen mode Exit fullscreen mode

Note: make sure that the below variables are not set, otherwise setting AWS_PROFILE to the new profile will not force changing the credentials

-   AWS_ACCESS_KEY_ID
-   AWS_SECRET_ACCESS_KEY
Enter fullscreen mode Exit fullscreen mode

  • Linux:
$ export AWS_PROFILE=userdata
Enter fullscreen mode Exit fullscreen mode

Now run this command to verify that the default profile has been changed

aws configure list
Enter fullscreen mode Exit fullscreen mode

You can run the following command to check the AWS account and IAM user of the current profile

$ aws sts get-caller-identity
{
    "UserId": "AUs3r1DF0rtH1sUs3rZL",
    "Account": "432109876543",
    "Arn": "arn:aws:iam::432109876543:user/userdev"
}
Enter fullscreen mode Exit fullscreen mode

For more details, you may refer to the AWS CLI - Configuration basics.

You may be interested in:
How to use (AWS CLI -- Auto-prompt) to help you build your command faster!

Please feel free to share your feedback.

Top comments (0)