Setting your default AWS profile for the AWS CLI and SDKs

If you're working with multiple AWS accounts, or at least multiple roles within the same account, you may be aware that you will have to have to specify the AWS profile you're working i.e. on the command line. This can be quite a pain if you're having to prefix each command you run with i.e. aws --profile spectat_prod_read_only.

Although the ~/.aws/config file allows you to specify a default region, you cannot specify a default profile.

However, as I found earlier today in the Stack Overflow post How do I set the name of the default profile in AWS CLI?, we can see that we are able to specify the environment variable AWS_PROFILE, which will then be automagically picked up by the AWS CLI as well as any of the SDKs you use.


In this example, we'll use the iam list-account-aliases subcommand, purely to verify a connection to AWS using a profile set.

Forcing the deletion of AWS_PROFILE to show the default behaviour:

$ unset AWS_PROFILE && \
  aws iam list-account-aliases
Unable to locate credentials. You can configure credentials by running "aws configure".
$ unset AWS_PROFILE && \
  ruby -raws-sdk -e 'p'
... unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
# stacktrace

And now when we set the variable:

$ env AWS_PROFILE=spectat_prod_read_only && \
  aws iam list-account-aliases
  "AccountAliases": [
$ env AWS_PROFILE=spectat_prod_read_only && \
  ruby -raws-sdk -e 'p'
{:account_aliases=>["spectat_prod"], :is_truncated=>false}

Written by Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

Related Posts

Other posts you may be interested in:

Interactions with this post

Interactions with this post

This post has had 0 WebMention interactions, as of Mon, 17 Jun 2019 20:07:09 +0100.

Have you written a response to this post? Let me know the URL: