Using multiple IAM Accounts through AWS CLI tool

AWS CLI tool allows you to switch between multiple IAM accounts. This becomes very handy while you are writing a script that involves multiple IAM user accounts.

Prerequisites :

AWS CLI tool

Configuring Multiple Accounts:

When you configure your AWS CLI tool, a configuration file gets created at ~/.aws/config in Linux/Unix or at C:\Users\USERNAME\.aws\config , which looks like:

[code]
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_security_token=texample123324
[/code]

This has a default profile , that gets created when you run “ aws configure “

Now to create multiple profiles , append the following to your aws configuration file ( ~/.aws/config ) :

[code]
[profile test-user]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
region=us-west-2
[/code]

Note that you need to append the string “profile“ before the profile name .

Now , whenever you want to use this user , you have to invoke the AWS command with the --profile command line parameter or else you can set the environment variable AWS_DEFAULT_PROFILE . If this variable does not specify a profile, the AWS CLI uses the profile named default.

Example:

[code]aws s3 ls –profile test-user
aws s3 ls –profile default[/code]

Miscellaneous Tips

Auto Completion :
To enable auto completion for you AWS CLI , add the below line in your /etc/bashrc file :

[shell]complete -C aws_completer aws[/shell]

Configuring the command output :
By default the output of the AWS CLI is json, but it also supports other formats like table and text. To change the default output you can either

• Configure the default format in config file :

[shell][default]
output = text[/shell]

• Use the –output option with the AWS CLI command

[shell]aws ec2 describe-instances –output table[/shell]