0
0
AWScloud~5 mins

Using profiles for multiple accounts in AWS - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
When you work with more than one AWS account, you need a way to switch between them easily. AWS profiles let you save different login details so you can use multiple accounts without typing credentials every time.
When you manage separate AWS accounts for development and production environments.
When you work on projects for different clients, each with their own AWS account.
When you want to test features in a sandbox account without affecting your main account.
When you share a computer with teammates who use different AWS accounts.
When automating scripts that need to access different AWS accounts.
Config File - config
config
[default]
region = us-east-1
output = json

[profile dev-account]
region = us-west-2
output = json

[profile prod-account]
region = us-east-1
output = json

This file defines AWS CLI profiles.

[default] is the main profile used if no other is specified.

[profile dev-account] and [profile prod-account] are named profiles for different AWS accounts with their own regions and output formats.

Commands
This command sets the access key ID for the 'dev-account' profile so AWS CLI knows which credentials to use for that account.
Terminal
aws configure set aws_access_key_id AKIADEVEXAMPLE --profile dev-account
Expected OutputExpected
No output (command runs silently)
--profile - Specifies which profile to configure
This command sets the secret access key for the 'dev-account' profile to authenticate requests.
Terminal
aws configure set aws_secret_access_key devsecretkeyexample1234567890 --profile dev-account
Expected OutputExpected
No output (command runs silently)
--profile - Specifies which profile to configure
This command sets the access key ID for the 'prod-account' profile.
Terminal
aws configure set aws_access_key_id AKIAPRODEXAMPLE --profile prod-account
Expected OutputExpected
No output (command runs silently)
--profile - Specifies which profile to configure
This command sets the secret access key for the 'prod-account' profile.
Terminal
aws configure set aws_secret_access_key prodsecretkeyexample0987654321 --profile prod-account
Expected OutputExpected
No output (command runs silently)
--profile - Specifies which profile to configure
This command lists all S3 buckets in the AWS account linked to the 'dev-account' profile. It shows that the CLI is using the correct account.
Terminal
aws s3 ls --profile dev-account
Expected OutputExpected
2023-05-01 10:00:00 dev-bucket-example 2023-05-02 11:30:00 dev-logs
--profile - Selects which AWS account profile to use for the command
This command lists all S3 buckets in the AWS account linked to the 'prod-account' profile to verify access.
Terminal
aws s3 ls --profile prod-account
Expected OutputExpected
2023-04-15 09:00:00 prod-bucket-main 2023-04-20 14:45:00 prod-backups
--profile - Selects which AWS account profile to use for the command
Key Concept

If you remember nothing else from this pattern, remember: AWS profiles let you switch between multiple accounts easily by saving their credentials separately.

Common Mistakes
Not specifying the --profile flag when running AWS CLI commands.
The CLI uses the default profile, which may connect to the wrong AWS account.
Always add --profile profile-name to target the correct account.
Mixing up profile names or using inconsistent names in config and commands.
Commands fail or connect to unintended accounts because the profile does not exist or is misspelled.
Use consistent, clear profile names in both config files and CLI commands.
Storing AWS credentials in the config file instead of the credentials file.
AWS CLI expects sensitive keys in the credentials file; putting them in config can cause errors or security risks.
Use 'aws configure' commands or edit the credentials file for keys, and config file for region/output.
Summary
Create named profiles in the AWS config file to separate account settings.
Use 'aws configure set' with --profile to add credentials for each account.
Run AWS CLI commands with --profile to specify which account to use.