One of the best aspects of Amazon Web Services (AWS) is that a full featured
command-line utility exists for it. If you’ve ever spent a decent amount of time
in the AWS Console (their web interface) then you understand why this is a good
thing.
As you venture into better security practices, like completely splitting up your
environments (UAT, staging, production, et cetera) and managing them with a
billing account, you’ll find yourself needing to juggle different credentials
for each account that you’re interacting with.
Out of the box, when you set things up with aws configure whatever information
you give it will be associated with the default profile. Perfect if you only
have the one account, not so much when you have multiple accounts.
To configure different profiles for the aws-cli to use, all you need to do is
create different sections in your ~/.aws/credentials file. The file is INI
format, using the [section] syntax.
By default the file will look something like this:
[default]
aws_access_key_id = XXXXXX
aws_secret_access_key = XXXXXX
You can leave the [default] section as is, or remove it entirely if you want
to always ensure you’re picking which profile you’d like to use.
Adding additional sections, which are referred to as profiles, like this:
[default]
aws_access_key_id = XXXXXX
aws_secret_access_key = XXXXXX
[staging]
aws_access_key_id = XXXXXX
aws_secret_access_key = XXXXXX
[production]
aws_access_key_id = XXXXXX
aws_secret_access_key = XXXXXX
With the new sections added, all you will need to do is pass in the --profile
argument when you run any aws commands and you’ll be off to the races!
# Using the default profile
aws s3 list-buckets
# Using the staging profile
aws --profile staging s3 list-buckets
# Using the production profile
aws --profile production s3 list-buckets
