To manage multiple accounts with the AWS CLI, we have to:
aws configure --profile myProfilecommand to configure 2 different profiles
--profileparameter to denote the account when running a command, e.g. -
aws s3 ls --profile admin
The first step to configuring a profile for the AWS CLI is to decide whether it
will be a
default or a
default profile allows you to run commands without specifying the
To configure a default profile for one of
your accounts, run the
aws configure command:
# Default profile aws configure
You will be prompted for an Access Key Id, Secret Access Key, region and output type.
Security credentialstab click on
Create access keyand save both files.
To configure a named profile, run the
aws configure command, passing the
--profile parameter. Give your profile a name that makes sense, e.g.
corresponding to the role.
When you get prompted, enter the Access key and Secret access key values for the second account.
# Named a profile named admin aws configure --profile anotherAccount
aws configure command creates 2 files on your machine:
credentials- contains the Access key Ids and Secret Access Keys for all profiles
config- contains the region and output settings for all profiles
The path of the files depends on your operating system:
# on Linux and macOS ~/.aws/credentials ~/.aws/config # on Windows C:\Users\USERNAME\.aws\credentials C:\Users\USERNAME\.aws\config
To print a profile's configuration options, run the
configure list command:
aws configure list --profile tester
To run a command with your named profiles, make sure to include the
# profile named admin aws s3 ls --profile admin # default profile aws s3 ls
When an AWS CLI command is invoked, it looks for your credentials in:
Command line options - have the highest precedence and override any
environment variables or configuration
The command line options are:
Environment variables on the machine - have higher precedence than the
credentials files but get overridden by command line options.
The environment variables are:
credentials files on your machine - have the lowest
precedence - lower than environment variables and command line options.
The most commonly used environment variable is
AWS_PROFILE. It allows you to
named profile, should become your
default profile. This allows
you to call commands without setting the
For example, if you have 2 named profiles -
tester, you would
always have to specify
--profile admin or
--profile tester in your AWS CLI
To make one of the named profiles
default, set the
How you set the
AWS_PROFILE environment variable depends on your operating
# Linux and MacOS export AWS_PROFILE=admin # Windows Command Prompt setx AWS_PROFILE admin # PowerShell $Env:AWS_PROFILE="admin"
To make the environment variable persist on
MacOS, add the
export AWS_PROFILE=your_profile line to your shell's startup script, e.g.
In the screenshot below I've
set my default profile to be the named
admin. This means that if I run an AWS CLI command without passing the
--profile parameter, the AWS CLI will look for the credentials of the
--profileparameter in a command. Command line options have the highest precedence.
Setting environment variables can sometimes lead to confusion because they
override the contents of your
If you're unsure whether an environment variable is set on your machine, try to print it using the command that corresponds to your operating system:
# Linux and macOS echo $AWS_PROFILE # on Windows with CMD echo %AWS_PROFILE% # on Windows with PowerShell echo $Env:AWS_PROFILE