How to temporarily switch profiles for AWS CLI?
Solution 1
For AWS CLI v1, the cleanest solution is:
export AWS_DEFAULT_PROFILE=user2
Afterward, commands like:
aws s3 ls
... are handled from the appropriate account.
For AWS CLI v2, the following will work:
export AWS_PROFILE=user2
Solution 2
You can see how it works doing this
$ export AWS_PROFILE=myprofile
$ aws s3 ls --debug 2>&1 | grep profile
2018-04-08 19:19:17,990 - MainThread - botocore.session - DEBUG - Loading variable profile from environment with value 'myprofile'.
I doubt this works differently for you.
You can also verify that
$ AWS_PROFILE=myprofile aws s3 ls --debug 2>&1 | grep profile
and
$ aws s3 ls --profile myprofile --debug 2>&1 | grep profile
all give the same result.
Solution 3
The accepted answer assumes you are using a Linux or Mac terminal. I added command for both OS.
Windows
set AWS_PROFILE=profile_name
Linux or Mac
export AWS_PROFILE=profile_name
These will set your aws profile that you will use every time you execute an aws command. But if you just want to switch profile temporarily for one aws command.
aws [command] [sub-command] --profile [profile-name]
Solution 4
user@machine:~/.aws$ aws --version
aws-cli/2.1.2 Python/3.7.3 Linux/5.4.0-53-generic exe/x86_64.linuxmint.20
I add aliases to my .bashrc if I have a lot of named profiles.
for example:
alias harry-tuttle='export AWS_PROFILE=harry-tuttle'
Then switching profiles becomes one command with less typing.
To see all your profiles:
aws configure list-profiles`
Solution 5
AWS cli has 3 level of ways it will read variables
- environment variables of key_id / key_secret
- profile via cred/config (normally in ~/.aws/cre...)
- manual value provided inline
see: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials
one way will be overwritten by another. based on OP, it might be that although DEFAULT_PROFILE is set as userX, the AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY environment variables is set to something else.
You can do an alias to a shell function that load credentials to the current environment thru the use of
"export AWS_ACCESS_KEY_ID=XXXXXXX;"... and more
or to be safer load via a secrets manager
"export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile XXXX)"... and more
Export all access key/secrets etc and then check that the right credentials are loaded in memory thru
aws configure list
finally.. do a reset of the the variable to "default" .. as a good habit to ensure you do what you need as the AWS role; especially when using multiple profiles. hope this helps.
James Shapiro
I am a software developer, cloud architect, and consultant, focused on AWS. I am interested in cloud security, scaling, automation, and serverless development. I run Athens Technologies, a technology consulting firm that specializes in cloud native applications. Email me at my firstname.lastname at gmail.com or, for business inquiries, my firstname at athenstechnologies.com.
Updated on July 05, 2022Comments
-
James Shapiro almost 2 years
Updated answer (7/10/2021): For AWS CLI v1, do this:
export AWS_DEFAULT_PROFILE=user2For AWS CLI v2, the following will work:
export AWS_PROFILE=user2The full question is below for context:
(1.) After successfully configuring a second profile for the AWS CLI, I unsuccessfully tried to set the profile to user2 in my bash session with the following command:
export AWS_PROFILE=user2... per the advice here: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
(2.) The following command works:
aws s3 ls --profile user2So I know that the AWS CLI and the user2 profile are both working on my computer.
(3.) However, when I subsequently (that is, after entering "export AWS_PROFILE=user2") try something like:
aws s3 ls... AWS's response assumes that I want to query it as the default user (NOT user2)
(4.) So the only way I can use the user2 profile from the command line is by continuing to append "--profile user2" to every single command, which is tedious.
(5.)
echo $AWS_PROFILEyields:
>> user2, as expected.
Any idea what's going on here? I'm sure I'm making some dumb mistake somewhere.