Bird
Raised Fist0
AWScloud~30 mins

Using profiles for multiple accounts in AWS - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Using profiles for multiple accounts
📖 Scenario: You work as a cloud engineer managing resources across two AWS accounts: a development account and a production account. To switch between these accounts easily, you want to set up AWS CLI profiles.
🎯 Goal: Set up AWS CLI configuration with two profiles named dev and prod for the development and production accounts respectively.
📋 What You'll Learn
Create a basic AWS CLI config file with a default profile
Add a profile named dev with specific region and output format
Add a profile named prod with different region and output format
Verify the profiles are correctly configured in the AWS CLI config file
💡 Why This Matters
🌍 Real World
Managing multiple AWS accounts is common in companies to separate development, testing, and production environments. Profiles help switch contexts easily.
💼 Career
Cloud engineers and DevOps professionals often configure and use multiple AWS profiles to manage resources securely and efficiently across accounts.
Progress0 / 4 steps
1
Create the default AWS CLI config section
Create a file named ~/.aws/config and add the default profile section with region = us-east-1 and output = json.
AWS
Hint

The default profile is used when no other profile is specified. It must have region and output keys.

2
Add the development profile
Add a profile section named [profile dev] with region = us-west-2 and output = text to the ~/.aws/config file.
AWS
Hint

Profile sections start with [profile profilename]. Use the exact profile name dev.

3
Add the production profile
Add a profile section named [profile prod] with region = eu-central-1 and output = table to the ~/.aws/config file.
AWS
Hint

Use the exact profile name prod and set the region and output as specified.

4
Verify the AWS CLI profiles
Ensure the ~/.aws/config file contains the [default], [profile dev], and [profile prod] sections with their respective region and output settings.
AWS
Hint

Check that all three profiles exist with correct settings in the config file.

Practice

(1/5)
1. What is the main purpose of using AWS profiles when working with multiple accounts?
easy
A. To store different account credentials separately on the same computer
B. To speed up AWS CLI commands by caching results
C. To automatically switch regions without user input
D. To encrypt data stored in AWS S3 buckets

Solution

  1. Step 1: Understand AWS profiles

    AWS profiles allow you to save different sets of credentials and settings for multiple accounts on one computer.

  2. Step 2: Identify the purpose

    This separation helps you choose which account to use without mixing credentials.

  3. Final Answer:

    To store different account credentials separately on the same computer -> Option A

  4. Quick Check:

    Profiles separate credentials = B [OK]
Hint: Profiles separate accounts by credentials [OK]
Common Mistakes:
  • Thinking profiles speed up commands
  • Confusing profiles with region switching
  • Assuming profiles encrypt data
2. Which AWS CLI command syntax correctly uses a profile named dev-account to list S3 buckets?
easy
A. aws s3 ls dev-account --profile
B. aws --profile s3 ls dev-account
C. aws --profile dev-account s3 ls
D. aws s3 ls dev-account

Solution

  1. Step 1: Recall AWS CLI profile usage

    The correct syntax places --profile dev-account as a global option right after aws, before the service s3 ls.

  2. Step 2: Match syntax to options

    aws --profile dev-account s3 ls correctly uses the profile flag.

  3. Final Answer:

    aws --profile dev-account s3 ls -> Option C

  4. Quick Check:

    Correct flag placement = A [OK]
Hint: --profile after aws, before service [OK]
Common Mistakes:
  • Placing --profile after profile name
  • Swapping command and profile flag order
  • Omitting --profile flag
3. Given these AWS CLI commands run on the same machine: 
aws --profile prod s3 ls
aws --profile dev s3 ls
What will happen if the prod profile has access to 5 buckets and dev profile has access to 2 buckets?
medium
A. Both commands fail due to profile conflict
B. The first command lists 5 buckets; the second lists 2 buckets
C. Both commands list 5 buckets only
D. Both commands list 7 buckets combined

Solution

  1. Step 1: Understand profile isolation

    Each profile uses its own credentials and permissions, so commands run under different profiles see different resources.

  2. Step 2: Apply to bucket listing

    The prod profile lists 5 buckets it can access; the dev profile lists 2 buckets it can access.

  3. Final Answer:

    The first command lists 5 buckets; the second lists 2 buckets -> Option B

  4. Quick Check:

    Profiles isolate access = D [OK]
Hint: Profiles show only their own account's buckets [OK]
Common Mistakes:
  • Assuming buckets combine across profiles
  • Expecting profile conflicts cause failure
  • Thinking both profiles show same buckets
4. You run the command aws --profile test ec2 describe-instances but get an error: Could not find credentials for profile: test. What is the most likely cause?
medium
A. The EC2 service is down in your region
B. The AWS CLI version is outdated
C. You forgot to specify the region with --region
D. The profile test is not configured in your AWS credentials file

Solution

  1. Step 1: Analyze error message

    The error says credentials for profile test are missing, meaning AWS CLI cannot find that profile in config files.

  2. Step 2: Identify cause

    This usually happens if the profile was never added or misspelled in ~/.aws/credentials or ~/.aws/config.

  3. Final Answer:

    The profile test is not configured in your AWS credentials file -> Option D

  4. Quick Check:

    Missing profile config = A [OK]
Hint: Check profile exists in credentials file [OK]
Common Mistakes:
  • Blaming AWS CLI version
  • Assuming region missing causes credential error
  • Thinking service outage causes credential error
5. You want to run an AWS CLI command that uses the prod profile but also specify the region us-west-2 without changing your default region. Which command correctly does this?
hard
A. aws --profile prod --region us-west-2 s3 ls
B. aws s3 ls --region us-west-2 --profile prod
C. aws s3 ls --profile prod region us-west-2
D. aws s3 ls prod --region us-west-2

Solution

  1. Step 1: Understand flag order and usage

    Global options like --profile and --region must be placed after aws but before the service name. Their relative order does not matter.

  2. Step 2: Check options for correctness

    Only aws --profile prod --region us-west-2 s3 ls correctly places both flags before the service.

  3. Final Answer:

    aws --profile prod --region us-west-2 s3 ls -> Option A

  4. Quick Check:

    Global flags before service = C [OK]
Hint: Global flags (--profile, --region) after aws before service [OK]
Common Mistakes:
  • Omitting --profile or --region flags
  • Placing profile name without --profile flag
  • Using incorrect flag syntax