0
0
AWScloud~10 mins

Using profiles for multiple accounts in AWS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Using profiles for multiple accounts
Create profile1 with account1 creds
Create profile2 with account2 creds
Use AWS CLI with --profile profile1
Commands run on account1
Use AWS CLI with --profile profile2
Commands run on account2
Switch profiles anytime to access different accounts
Set up separate profiles for each AWS account, then specify the profile when running commands to work with that account.
Execution Sample
AWS
[default]
aws_access_key_id=AKIA...
aws_secret_access_key=...

[profile1]
aws_access_key_id=AKIA1...
aws_secret_access_key=...

[profile2]
aws_access_key_id=AKIA2...
aws_secret_access_key=...
This config file defines credentials for default, profile1, and profile2 to access multiple AWS accounts.
Process Table
StepCommandProfile UsedAccount AccessedResult
1aws s3 ls --profile profile1profile1Account1Lists S3 buckets in Account1
2aws ec2 describe-instances --profile profile1profile1Account1Shows EC2 instances in Account1
3aws s3 ls --profile profile2profile2Account2Lists S3 buckets in Account2
4aws ec2 describe-instances --profile profile2profile2Account2Shows EC2 instances in Account2
5aws s3 lsdefaultDefault AccountLists S3 buckets in default account
6aws s3 ls --profile unknownunknownNoneError: Profile not found
💡 Execution stops when an invalid or unknown profile is used, causing an error.
Status Tracker
VariableStartAfter Step 1After Step 3After Step 5Final
profile_usednoneprofile1profile2defaultunknown
account_accessednoneAccount1Account2Default AccountNone (error)
Key Moments - 3 Insights
Why do commands fail when using a profile name not defined in the config?
Because the AWS CLI looks for credentials under the given profile name and cannot find them, causing an error as shown in step 6 of the execution table.
How does specifying --profile change which AWS account the command talks to?
The --profile option tells AWS CLI which set of credentials to use, so commands run under that profile access the corresponding AWS account, as seen in steps 1 and 3.
What happens if you run AWS CLI commands without specifying a profile?
The CLI uses the default profile credentials, accessing the default account, as shown in step 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, which profile is used to list S3 buckets in Account2?
Adefault
Bprofile1
Cprofile2
Dunknown
💡 Hint
Check step 3 in the execution table where 'aws s3 ls --profile profile2' lists buckets in Account2.
At which step does the AWS CLI return an error due to an unknown profile?
AStep 4
BStep 6
CStep 5
DStep 2
💡 Hint
Look at the last row in the execution table where the profile 'unknown' causes an error.
If you remove the default profile from the config, what happens when you run 'aws s3 ls' without --profile?
AReturns an error for missing default profile
BLists buckets in profile2 account
CLists buckets in profile1 account
DLists buckets in the last used profile
💡 Hint
Refer to variable_tracker and key moment about default profile usage when no --profile is specified.
Concept Snapshot
AWS CLI profiles let you store credentials for multiple accounts.
Use the config file to define profiles with keys.
Run commands with --profile to choose account.
Without --profile, default profile is used.
Invalid profile names cause errors.
Full Transcript
Using AWS CLI profiles allows you to manage multiple AWS accounts by storing their credentials under different profile names in the config file. When you run AWS CLI commands, you specify which profile to use with the --profile option. This tells the CLI which account to access. If you omit --profile, the CLI uses the default profile. If you use a profile name not defined, the CLI returns an error. This way, you can switch between accounts easily by changing the profile used in your commands.