[How2Tips] AWS - Using multiple profiles

Published on

Jan 18, 2017

how2tips

Reading time : 1 min

If you deal with multiple AWS accounts on a daily basis, it might feel painful to update your environment variables or your credentials using aws configure again and again. Even more, doing such a thing repeatedly could lead to starting a CloudFormation stack with the wrong set of credentials, implying the wrong customer billed for tens or hundreds of dollars. So here’s a little tip:

AWS Profiles

If you ever looked at ~/.aws/credentials file, you might have seen your credentials defined under the [default] section. Luckily you can define multiple profiles in the same credentials file either by using aws configure --profile , or by editing it manually (so you can check there’s no “default” section).

For example :

; ~/.aws/credentials

[client_1]
aws_secret_key_id = ...
aws_secret_access_key = ...

[client_2]
aws_secret_key_id = ...
aws_secret_access_key = ...

[profile client_1]
region = eu-west-1
output = text

[profile client_2]
region = eu-central-1
output = text

You can now use one of this profiles that way: aws --profile client_1 ec2 describe-instances.

If you try to run any aws command without specifying the profile (i.e. aws ec2 describe-instances), you'll face an error message. This is because there’s a "default" profile.

As you can see, it's not really practical to specify a CLI option each time we use AWS. And it's totally useless when it comes to run some automation tools (like Ansible). Fortunately, we can define the profile using an env variable.

export AWS_DEFAULT_PROFILE=client_1 # used by aws cli
export AWS_PROFILE=client_1 # used by boto (lib used in ansible)
aws ec2 describe-instances

Automatically define the default profile

So far, so good... But still, we have to manually care about environment variables which is error-prone. If you don't want to define them manually over and over, you can use virtualenvwrapper.

For a virtualenv named client_1:

# ~/.virtualenvs/client_1/bin/postactivate
export AWS_DEFAULT_PROFILE=client_1
export AWS_PROFILE=client_1

# ~/.virtualenvs/client_1/bin/predeactivate
unset AWS_DEFAULT_PROFILE
unset AWS_PROFILE

Now each time you run workon client_1, AWS_DEFAULT_PROFILE and AWS_PROFILE will be defined. And each time you run deactivate, it will unset those environment variables :)

Any questions ? Ping us at @KNPLabs

Thanks to Albin for the article !

Written by

Albin Kerouanton
Albin Kerouanton

Comments

You may also like

tips

how2tips

An approach to handle third party SDK’s custom event systems in front end projects

Abstract (TL; DR;) When working on frontend projects, a common way to deal with the asynchronicity of third party SDKs methods is to rely on callbacks or promises. Nonetheless, it is quite frequent that some libraries use their own event system to notify their consumers whenever an action has been...

#rxjs#javascript
Joris Langlois
Published on Sep 22, 2021
tips

how2tips

[How2Tips] How to restrict allowed characters inside a text input in one line of code

Recently I encountered a problem which is very generic : I had to prevent some characters insertion inside a text input. It avoids letting user filling input with unwanted characters, then asking them to correct by displaying an error. For example, in case of a telephone number.

#beginner#javascript
Louis Lebrault
Published on Jul 21, 2021
tips

how2tips

[How2Tips] How to add a front-end framework to an existing Symfony monolith

This article is for all developers who want to add a front-end framework like React to an existing Symfony + Twig application. But first, a little bit more context : Symfony (released in 2005) has been the most used PHP framework of the previous decade. The core team is doing an amazing job and h...

#symfony#traefik#react
Thomas Triboult
Antoine Lelaisant
Published on Jun 22, 2021