This article was also published on razcodes.dev
You might get to a point where for some reason or another you find yourself needing to use more than one set of AWS CLI credentials. Usually that's the case when you have more than one AWS account or you want to test the same account but with different permissions. So instead of keep reconfiguring your credentials every time, like someone I know used to do, you can use named profiles.
This article assumes that you already have AWS CLI installed and configured. If you have not yet, I cover that in one of my older posts.
Creating the user
We are going to first create a new user and give that user read only permissions to S3.
- log into your AWS console
- Services -> IAM -> Users
- Add user
- User name (ex: s3read)
- Check Programatic access
- Next: Permissions
- Attach existing policies directly
- Check AmazonS3ReadOnlyAccess
- Next: Tags (optional)
- Next: Review
- Create User
Make sure that you either download the .csv file created, or copy the Access key ID and Secret access Key in a password manager, because once you click close you will not be able to see it again.
CLI Setup
In the terminal, where you already have the AWS CLI working type the following:
aws configure --profile s3read
The profile name can be whatever you want, you will need to use it later and it can be different than what you named the username above.
- put in your Access key ID
- put in your Secret access key
- default region (ex: us-east-1)
- default output (ex: json)
Invoking
You are now all set. To start using the newly created profile you have a few options available.
Command style
You can add --profile followed by the profile name after every command:
aws s3 ls --profile s3read
ENV style
You can make that profile become the active profile for the current shell session:
export AWS_PROFILE=s3read
After that you can just issue the commands without the --profile:
aws s3 ls
Oh My Zsh style
Oh My Zsh has an AWS plugin and with it installed, you can just use the command asp followed by the profile name to activate it:
asp s3read
From here on that profile will be active for the rest of the session:
aws s3 ls
Conclusion
I put off configuring this for myself for a long time, but having to switch between 4 profiles every day motivated me to look into it and make it simple. So should you.
Top comments (1)
I made a similar bash file and have fallen in love with it. I added your s3 ls to the end of it to verify the change in one command.