How to use AWS named profiles

This article was also published on razcodes.dev

You might get to a point where for some reason or another you find yourself needing to use more than one set of AWS CLI credentials. Usually that's the case when you have more than one AWS account or you want to test the same account but with different permissions. So instead of keep reconfiguring your credentials every time, like someone I know used to do, you can use named profiles.

This article assumes that you already have AWS CLI installed and configured. If you have not yet, I cover that in one of my older posts.

Creating the user

We are going to first create a new user and give that user read only permissions to S3.

• log into your AWS console
• Services -> IAM -> Users
• Add user
• User name (ex: s3read)
• Check Programatic access
• Next: Permissions
• Attach existing policies directly
• Check AmazonS3ReadOnlyAccess
• Next: Tags (optional)
• Next: Review
• Create User

Make sure that you either download the .csv file created, or copy the Access key ID and Secret access Key in a password manager, because once you click close you will not be able to see it again.

CLI Setup

In the terminal, where you already have the AWS CLI working type the following:

aws configure --profile s3read

The profile name can be whatever you want, you will need to use it later and it can be different than what you named the username above.

• put in your Access key ID
• put in your Secret access key
• default region (ex: us-east-1)
• default output (ex: json)

Invoking

You are now all set. To start using the newly created profile you have a few options available.

Command style

You can add --profile followed by the profile name after every command:

aws s3 ls --profile s3read

ENV style

You can make that profile become the active profile for the current shell session:

export AWS_PROFILE=s3read

After that you can just issue the commands without the --profile:

aws s3 ls

Oh My Zsh style

Oh My Zsh has an AWS plugin and with it installed, you can just use the command asp followed by the profile name to activate it:

asp s3read

From here on that profile will be active for the rest of the session:

aws s3 ls

Conclusion

I put off configuring this for myself for a long time, but having to switch between 4 profiles every day motivated me to look into it and make it simple. So should you.