如何为 AWS CLI 临时切换配置文件？

小开

You can see how it works doing this

$ export AWS_PROFILE=myprofile
$ aws s3 ls --debug 2>&1 | grep profile
2018-04-08 19:19:17,990 - MainThread - botocore.session - DEBUG - Loading variable profile from environment with value 'myprofile'.

I doubt this works differently for you.

You can also verify that

$ AWS_PROFILE=myprofile aws s3 ls --debug 2>&1 | grep profile

and

$ aws s3 ls --profile myprofile --debug 2>&1 | grep profile

all give the same result.

小开

最佳答案

For AWS CLI v1, the cleanest solution is:

export AWS_DEFAULT_PROFILE=user2

Afterward, commands like:

aws s3 ls

... are handled from the appropriate account.

For AWS CLI v2, the following will work:

export AWS_PROFILE=user2

小开

AWS cli has 3 level of ways it will read variables

environment variables of key_id / key_secret
profile via cred/config (normally in ~/.aws/cre...)
manual value provided inline

see: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials

one way will be overwritten by another. based on OP, it might be that although DEFAULT_PROFILE is set as userX, the AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY environment variables is set to something else.

You can do an alias to a shell function that load credentials to the current environment thru the use of

"export AWS_ACCESS_KEY_ID=XXXXXXX;"... and more

or to be safer load via a secrets manager

"export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile XXXX)"... and more

Export all access key/secrets etc and then check that the right credentials are loaded in memory thru

aws configure list

finally.. do a reset of the the variable to "default" .. as a good habit to ensure you do what you need as the AWS role; especially when using multiple profiles. hope this helps.

小开

user@machine:~/.aws$ aws --version
aws-cli/2.1.2 Python/3.7.3 Linux/5.4.0-53-generic exe/x86_64.linuxmint.20

I add aliases to my .bashrc if I have a lot of named profiles.

for example:

alias harry-tuttle='export AWS_PROFILE=harry-tuttle'

Then switching profiles becomes one command with less typing.

To see all your profiles:

aws configure list-profiles`

小开

You can add the profile flag

aws s3 ls --profile marketingadmin

小开

For windows use

set AWS_DEFAULT_PROFILE=user2

小开

The accepted answer assumes you are using a Linux or Mac terminal. I added commands for Windows, Linux and Mac OS.

Windows

CMD

set AWS_PROFILE=profile_name

Powershell

$env:AWS_PROFILE = 'profile_name'

Linux or Mac

export AWS_PROFILE=profile_name

These will set your aws profile that you will use every time you execute an aws command. But if you just want to switch profile temporarily for one aws command.

aws [command] [sub-command] --profile [profile-name]

小开

create or edit this file:

% vim ~/.aws/credentials

list as many key pairs as you like:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY


[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

include --profile user1 to select a profile & do what you like:

aws s3api list-buckets --profile user1
# any aws cli command now using user1 pair of keys

.... OR ....

set a local variable to select the pair of keys you want to use:

% export AWS_PROFILE=user1

then do what you like:

aws s3api list-buckets  # any aws cli command now using user1 pair of keys

more details: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html