How to use multiple AWS accounts from the command line?

How to set "manually" multiple AWS accounts ?

1) Get access - key

AWS Console > Identity and Access Management (IAM) > Your Security Credentials > Access Keys

2) Set access - file and content

~/.aws/credentials

[default]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}

[{{profile_name}}]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}

3) Set profile - file and content

~/.aws/config

[default]
region={{region}}
output={{output:"json||text"}}

[profile {{profile_name}}]
region={{region}}
output={{output:"json||text"}}

4) Run - file with params

Install command-line app - and use AWS Command Line it, for example for product AWS EC2

aws ec2 describe-instances -- default

aws ec2 describe-instances --profile {{profile_name}} -- [{{profile_name}}]

Ref

  • https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

You should be able to use the following command-options in lieu of the EC2_PRIVATE_KEY (and even EC2_CERT) environment variables:

  • -K <private key>
  • -C <certificate>

You can put these inside aliases, e.g.

alias ec2-describe-instances1 ec2-describe-instances -K /path/to/key.pem

You can work with two accounts by creating two profiles on the aws command line. It will prompt you for your AWS Access Key ID, AWS Secret Access Key and desired region, so have them ready.

Examples:

$ aws configure --profile account1
$ aws configure --profile account2

You can then switch between the accounts by passing the profile on the command.

$ aws dynamodb list-tables --profile account1
$ aws s3 ls --profile account2

Note:

If you name the profile to be default it will become default profile i.e. when no --profile param in the command.

More on default profile

If you spend more time using account1, you can make it the default by setting the AWS_DEFAULT_PROFILE environment variable. When the default environment variable is set, you do not need to specify the profile on each command.

Linux, OS X Example:

$ export AWS_DEFAULT_PROFILE=account1
$ aws dynamodb list-tables

Windows Example:

$ set AWS_DEFAULT_PROFILE=account1
$ aws s3 ls

Tags:

Amazon Web Services

Amazon Ec2

Aws Cli

Recent Posts