Bird
Raised Fist0
AWScloud~20 mins

Using profiles for multiple accounts in AWS - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
AWS Profiles Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding AWS CLI Profiles

You have configured two AWS CLI profiles named dev and prod for different AWS accounts. Which command correctly lists the S3 buckets in the prod account?

Aaws s3 ls --profile dev
Baws s3 ls --account prod
Caws s3 ls --profile prod
Daws s3 ls
Attempts:
2 left
💡 Hint

Use the --profile option to specify which account profile to use.

Configuration
intermediate
2:00remaining
Configuring Multiple AWS Profiles

You want to add a new AWS CLI profile named test with access key AKIA123TEST and secret key secretTestKey. Which command correctly sets this profile?

Aaws configure set profile test aws_access_key_id AKIA123TEST aws_secret_access_key secretTestKey
Baws configure set aws_access_key_id AKIA123TEST --profile test && aws configure set aws_secret_access_key secretTestKey --profile test
Caws configure create test AKIA123TEST secretTestKey
Daws configure add-profile test --access-key AKIA123TEST --secret-key secretTestKey
Attempts:
2 left
💡 Hint

Use aws configure set with the --profile option to set keys for a named profile.

Architecture
advanced
2:00remaining
Best Practice for Managing Multiple AWS Accounts

You manage multiple AWS accounts for development, testing, and production. Which approach best isolates credentials and reduces risk?

AUse separate AWS CLI profiles for each account with unique credentials stored locally.
BUse the same AWS CLI profile with shared credentials for all accounts.
CUse environment variables to switch credentials manually without profiles.
DUse a single root account access key for all environments.
Attempts:
2 left
💡 Hint

Consider isolation and security best practices when managing multiple accounts.

service_behavior
advanced
2:00remaining
Effect of Profile on AWS SDK Behavior

You run a Python script using boto3 without specifying a profile. Your AWS CLI has two profiles: default and staging. Which profile will boto3 use by default?

AWS
import boto3
s3 = boto3.client('s3')
buckets = s3.list_buckets()
print([b['Name'] for b in buckets['Buckets']])
AThe <strong>default</strong> profile configured in AWS CLI.
BNo profile; the script will fail with a credentials error.
CThe <strong>staging</strong> profile because it is the last created.
DThe profile specified in the AWS_PROFILE environment variable, if set; otherwise <strong>default</strong>.
Attempts:
2 left
💡 Hint

Check how boto3 selects credentials when no profile is explicitly given.

security
expert
2:00remaining
Security Risk of Storing AWS Credentials in Plain Text

You have multiple AWS CLI profiles stored in ~/.aws/credentials file in plain text. What is the main security risk of this setup?

AIf the file permissions are too open, unauthorized users or processes can read the credentials and access your AWS accounts.
BAWS automatically encrypts the credentials file, so there is no risk.
CStoring credentials in plain text causes AWS to reject API calls for security reasons.
DThe credentials file can only be accessed by root user, so there is no risk.
Attempts:
2 left
💡 Hint

Consider file permissions and who can read the credentials file.

Practice

(1/5)
1. What is the main purpose of using AWS profiles when working with multiple accounts?
easy
A. To store different account credentials separately on the same computer
B. To speed up AWS CLI commands by caching results
C. To automatically switch regions without user input
D. To encrypt data stored in AWS S3 buckets

Solution

  1. Step 1: Understand AWS profiles

    AWS profiles allow you to save different sets of credentials and settings for multiple accounts on one computer.

  2. Step 2: Identify the purpose

    This separation helps you choose which account to use without mixing credentials.

  3. Final Answer:

    To store different account credentials separately on the same computer -> Option A

  4. Quick Check:

    Profiles separate credentials = B [OK]
Hint: Profiles separate accounts by credentials [OK]
Common Mistakes:
  • Thinking profiles speed up commands
  • Confusing profiles with region switching
  • Assuming profiles encrypt data
2. Which AWS CLI command syntax correctly uses a profile named dev-account to list S3 buckets?
easy
A. aws s3 ls dev-account --profile
B. aws --profile s3 ls dev-account
C. aws --profile dev-account s3 ls
D. aws s3 ls dev-account

Solution

  1. Step 1: Recall AWS CLI profile usage

    The correct syntax places --profile dev-account as a global option right after aws, before the service s3 ls.

  2. Step 2: Match syntax to options

    aws --profile dev-account s3 ls correctly uses the profile flag.

  3. Final Answer:

    aws --profile dev-account s3 ls -> Option C

  4. Quick Check:

    Correct flag placement = A [OK]
Hint: --profile after aws, before service [OK]
Common Mistakes:
  • Placing --profile after profile name
  • Swapping command and profile flag order
  • Omitting --profile flag
3. Given these AWS CLI commands run on the same machine: 
aws --profile prod s3 ls
aws --profile dev s3 ls
What will happen if the prod profile has access to 5 buckets and dev profile has access to 2 buckets?
medium
A. Both commands fail due to profile conflict
B. The first command lists 5 buckets; the second lists 2 buckets
C. Both commands list 5 buckets only
D. Both commands list 7 buckets combined

Solution

  1. Step 1: Understand profile isolation

    Each profile uses its own credentials and permissions, so commands run under different profiles see different resources.

  2. Step 2: Apply to bucket listing

    The prod profile lists 5 buckets it can access; the dev profile lists 2 buckets it can access.

  3. Final Answer:

    The first command lists 5 buckets; the second lists 2 buckets -> Option B

  4. Quick Check:

    Profiles isolate access = D [OK]
Hint: Profiles show only their own account's buckets [OK]
Common Mistakes:
  • Assuming buckets combine across profiles
  • Expecting profile conflicts cause failure
  • Thinking both profiles show same buckets
4. You run the command aws --profile test ec2 describe-instances but get an error: Could not find credentials for profile: test. What is the most likely cause?
medium
A. The EC2 service is down in your region
B. The AWS CLI version is outdated
C. You forgot to specify the region with --region
D. The profile test is not configured in your AWS credentials file

Solution

  1. Step 1: Analyze error message

    The error says credentials for profile test are missing, meaning AWS CLI cannot find that profile in config files.

  2. Step 2: Identify cause

    This usually happens if the profile was never added or misspelled in ~/.aws/credentials or ~/.aws/config.

  3. Final Answer:

    The profile test is not configured in your AWS credentials file -> Option D

  4. Quick Check:

    Missing profile config = A [OK]
Hint: Check profile exists in credentials file [OK]
Common Mistakes:
  • Blaming AWS CLI version
  • Assuming region missing causes credential error
  • Thinking service outage causes credential error
5. You want to run an AWS CLI command that uses the prod profile but also specify the region us-west-2 without changing your default region. Which command correctly does this?
hard
A. aws --profile prod --region us-west-2 s3 ls
B. aws s3 ls --region us-west-2 --profile prod
C. aws s3 ls --profile prod region us-west-2
D. aws s3 ls prod --region us-west-2

Solution

  1. Step 1: Understand flag order and usage

    Global options like --profile and --region must be placed after aws but before the service name. Their relative order does not matter.

  2. Step 2: Check options for correctness

    Only aws --profile prod --region us-west-2 s3 ls correctly places both flags before the service.

  3. Final Answer:

    aws --profile prod --region us-west-2 s3 ls -> Option A

  4. Quick Check:

    Global flags before service = C [OK]
Hint: Global flags (--profile, --region) after aws before service [OK]
Common Mistakes:
  • Omitting --profile or --region flags
  • Placing profile name without --profile flag
  • Using incorrect flag syntax