AWS cli switching between accounts

Question

I had an AWS account configured to work with the CLI. The free tier expired so I setup another account. I created an IAM user ran aws configure and put in the credentials for that user. I have the default profile setup with that users credentials as well.

From the cli if I run the command aws s3 ls it will always show the buckets from the old account. If I specify the profile using aws s3 ls --profile GrantM then it lists the buckets from the correct account and IAM user.

The environment variables are set to the new user also. Can someone explain this and how to switch it to use my new account?

Answer 1

When you use aws configure without any additional arguments it should allow you to amend the default profile, which is the one that is being accessed when you specify no profile. By amending this you will not need to specify the --profile flag.

If you would also like to amend over named profiles you would simply use aws configure --profile $PROFILE_NAME, where you can just as above replace the credentials currently stored in the configuration.

Alternatively for Linux/MacOS you can access your credentials in ~/.aws/credentials or for Windows in %USERPROFILE%\.aws\credentials. You can modify these files to replace any values.

More information is available on the Named profiles documentation page.

Answer 2

I would not mix environment variables and credentials profiles, you'll just get confused.

Remove the environment variables, ensure that the default profile in your ~/.aws/credentials file (or %USERPROFILE%\.aws\credentials on Windows) is set to the new credentials, then run aws s3 ls. If it's not what you expected, then run aws s3 ls --debug to work out what you did wrong.

Answer 3

According to Credentials — Boto 3 Docs documentation, the Environment Variables will be used in preference to the configuration files.

Therefore, I suggest you remove the credentials from your Environment Variables, and just use the configuration files.

Depending upon your operating system, you could use unset, or remove them from where ever you put them in the Environment Variables.

Answer 4

create or edit this file:

% vim ~/.aws/credentials

list as many key pairs as you like:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

set a local variable to select the pair of keys you want to use:

% export AWS_PROFILE=user1

do what you like:

aws s3api list-buckets  # any aws cli command now using user1 pair of keys

more details: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

Answer 5

run on terminal where you be running the cli commands

export AWS_PROFILE='PROFILE_NAME'

move this the bashrc/zshrc file to make this permanent or just add a default section to the .aws/config and .aws/configure. Run following command and input the credentials you want.

aws configure

works on mac and windows.