Setting your default AWS profile for the AWS CLI and SDKs

If you're working with multiple AWS accounts, or at least multiple roles within the same account, you may be aware that you will have to have to specify the AWS profile you're working i.e. on the command line. This can be quite a pain if you're having to prefix each command you run with i.e. aws --profile spectat_prod_read_only.

Although the ~/.aws/config file allows you to specify a default region, you cannot specify a default profile.

However, as I found earlier today in the Stack Overflow post How do I set the name of the default profile in AWS CLI?, we can see that we are able to specify the environment variable AWS_PROFILE, which will then be automagically picked up by the AWS CLI as well as any of the SDKs you use.

Example

In this example, we'll use the iam list-account-aliases subcommand, purely to verify a connection to AWS using a profile set.

Forcing the deletion of AWS_PROFILE to show the default behaviour:

$ unset AWS_PROFILE && \
  aws iam list-account-aliases
Unable to locate credentials. You can configure credentials by running "aws configure".
$ unset AWS_PROFILE && \
  ruby -raws-sdk -e 'p Aws::IAM::Client.new.list_account_aliases.to_h'
... unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
# stacktrace

And now when we set the variable:

$ env AWS_PROFILE=spectat_prod_read_only && \
  aws iam list-account-aliases
{
  "AccountAliases": [
    "spectat_prod"
  ]
}
$ env AWS_PROFILE=spectat_prod_read_only && \
  ruby -raws-sdk -e 'p Aws::IAM::Client.new.list_account_aliases.to_h'
{:account_aliases=>["spectat_prod"], :is_truncated=>false}
*****

Written by Jamie Tanna on 14 November 2018, and last updated on 15 November 2018.

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under Apache License 2.0.

Tags

Categories