How to use multiple AWS accounts from the command line?

amazon-web-services aws-cli amazon-ec2

I've got two different apps that I am hosting (well the second one is about to go up) on Amazon EC2.

How can I work with both accounts at the command line (Mac OS X) but keep the EC2 keys & certificates separate? Do I need to change my environment variables before each ec2-* command?

Would using an alias and having it to the setting of the environment in-line work? Something like:

alias ec2-describe-instances1 = export EC2_PRIVATE_KEY=/path; ec2-describe-instances

You can work with two accounts by creating two profiles on the aws command line. It will prompt you for your AWS Access Key ID, AWS Secret Access Key and desired region, so have them ready.

Examples:

$ aws configure --profile account1
$ aws configure --profile account2

You can then switch between the accounts by passing the profile on the command.

$ aws dynamodb list-tables --profile account1
$ aws s3 ls --profile account2

Note:

If you name the profile to be default it will become default profile i.e. when no --profile param in the command.

More on default profile

If you spend more time using account1, you can make it the default by setting the AWS_DEFAULT_PROFILE environment variable. When the default environment variable is set, you do not need to specify the profile on each command.

Linux, OS X Example:

$ export AWS_DEFAULT_PROFILE=account1
$ aws dynamodb list-tables

Windows Example:

$ set AWS_DEFAULT_PROFILE=account1
$ aws s3 ls

Maybe it still help someone. You can set it manually.

1) Set in file

~/.aws/credentials

this

[default]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}

[{{profile_name}}]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}
  • {{aws_access_key_id}} you can get in section AWS Console > Identity and Access Management > Security Credentials > Access Keys

2) Set in file

~/.aws/config

this

[default]
region={{region}}
output={{output:"json||text"}}

[profile {{profile_name}}]
region={{region}}
output={{output:"json||text"}}

3) Test it with AWS Command Line and command and output will be JSON

aws ec2 describe-instances --profile {{profile_name}}

Ref

http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles


You should be able to use the following command-options in lieu of the EC2_PRIVATE_KEY (and even EC2_CERT) environment variables:

  • -K <private key>
  • -C <certificate>

You can put these inside aliases, e.g.

alias ec2-describe-instances1 ec2-describe-instances -K /path/to/key.pem

Related

How do I get the full url of the page I am on in C#
Node.JS: Getting error : [nodemon] Internal watch failed: watch ENOSPC
The first day of the current month in php using date_modify as DateTime object
Secret copy to clipboard JavaScript function in Chrome and Firefox?
Tutorials and libraries for OpenGL-ES games on Android [closed]
Generating CSV file for Excel, how to have a newline inside a value
How to avoid "too many parameters" problem in API design?
What's the (hidden) cost of Scala's lazy val?
NoClassDefFoundError: android.support.v7.internal.view.menu.MenuBuilder
Why should I use var instead of a type? [duplicate]
What are libtool's .la file for?
java get file size efficiently