Configuring Default Profile
To communicate with your AWS Resources and different AWS APIs, AWS provides its CLI commands and you can do so much work using the commands. To use these commands you need to get the profiles set. So let’s do this!
To configure a default AWS profile for your CLI, AWS provides a very handy command.
You can set a default profile by running this command:
aws configure
Terminal prompts for AWS Access Key, Secret Key, Region, and Output Format. Configuring a default profile is useful if you are going to use that profile frequently.
After running this and providing appropriate values, your ~/.aws/config file will look like this:
[default]
region=ap-south-1
output=json
~/.aws/credentials file will look like below:
[default]
aws_access_key_id=YOUR_ACCESS_KEY
aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
Note: In Windows, the AWS directory will be located in C:/Users/<userid>/.aws
Configuring Named Profiles
AWS CLI can have multiple profiles so that you can switch between different profiles to work with different projects. You can add the profile name you want using the —-profile option.
For example, if you want to have a profile named dev_account, you can do that by running:
aws configure --profile dev_account
The same process would follow as configuring the default profile.
Great! You have configured a named profile for yourself🙌.
Now, your config file will look like this with multiple profiles configured:
[default]
region=ap-south-1
output=json
[profile dev_account]
region=us-east-1
output=json
and your credentials file will look like this:
[default]
aws_access_key_id=YOUR_ACCESS_KEY
aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
[dev_account]
aws_access_key_id=YOUR_ACCESS_KEY
aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
Get the list of profiles by running the following in the terminal:
aws configure list-profiles
It will display profiles with the name you added now. Cheers🚀.
Configuring an IAM Role using CLI
You can also be having different roles having different permissions. So it is useful to configure them into CLI and to access the roles using commands.
For example, if you want a profile for a role named dev_account_readonly, you can do that by running:
aws configure --profile dev_account_readonly
The terminal prompts for the same configurations, but you can skip entering Access Key and Secret Access Key while creating a role profile, these credentials will be taken from the source profile we set ahead.
To set the required properties for the role profile, use the below commands and provide appropriate values:
aws configure set source_profile dev_account --profile dev_account_readonly
aws configure set role_arn ROLE_ARN --profile dev_account_readonly
aws configure set mfa_serial MFA_SERIAL_ARN --profile dev_account_readonly
Here, we set the source profile as the profile that has the permission to assume the role and IAM Role ARN. If the account is using Multi-Factor Authentication, then you also need to set the ARN of that MFA device.
After configuring the role your config file will be looking like this:
[default]
region=ap-south-1
output=json
[profile dev_account]
region=us-east-1
output=json
[profile dev_account_readonly]
region=us-east-1
output=json
source_profile=dev_account
role_arn=ROLE_ARN
mfa_serial=MFA_SERIAL_ARN
To verify if the role has been configured or not, you can do so by running below command:
aws iam get-role --role-name dev_account_readonly --profile dev_account_readonly
Replace the role and profile name with the names you set. All the information regarding the IAM Role will be returned in the JSON format.
That’s all you require for setting the profiles in your CLI and use the Assumed Role🎉!
Top comments (0)