How to Manage Multiple AWS Accounts Using AWS CLI Profiles

Introduction

Managing multiple AWS accounts can become messy very quickly.One wrong command in the wrong AWS account can accidentally impact production infrastructure.

Instead of constantly logging in and out, DevOps engineers use AWS CLI profiles to safely switch between accounts directly from the terminal.

In this guide, you’ll learn how to configure and use multiple AWS CLI profiles step by step.

1. What Are AWS CLI Profiles?

AWS CLI profiles allow you to configure and manage multiple sets of AWS credentials and settings. Each profile corresponds to a specific AWS account or role, enabling you to seamlessly switch between them while using the AWS CLI.

2. Configuring Multiple Profiles

To set up profiles, follow these steps:

Using aws configure command

1. Run the Configuration command:

aws configure --profile profile_name

Replace it profile_name with a name like dev "or."prodaccount2

• Enter the Required Information:
  • AWS Access Key ID
  • AWS Secret Access Key
  • Default Region Name (e.g., us-west-2)
  • Default Output Format (e.g., json)
• Repeat for each AWS account, using different profile names.

Manually Editing Configuration Files

For finer control, you can manually edit the configuration files.

• Credentials File

vim ~/.aws/credentials %USERPROFILE%\.aws\credentials

Using AWS CLI with Multiple Profiles

To run AWS CLI commands using a specific profile, use the --profile option:

aws s3 ls --profile profile1

Setting Environment Variables (Optional)

For convenience, you can set the AWS_PROFILE environment variable to use a specific profile for the duration of your terminal session:

export AWS_PROFILE=profile1

Verifying Your Configuration

To ensure your profiles are set up correctly, you can check your account identity:

aws sts get-caller-identity --profile profile1

FAQs

What are AWS CLI profiles and why are they important?

AWS CLI profiles help DevOps engineers manage multiple AWS accounts securely from the terminal. They allow you to switch between development, staging, and production environments without logging in repeatedly.

How do I manage multiple AWS accounts using AWS CLI profiles?

You can create separate AWS CLI profiles for each account and use the --profile option while running AWS commands.

aws s3 ls --profile production

This makes multi-account AWS management safer and easier.

Where are AWS CLI profiles stored in Linux or macOS?

AWS CLI profiles are stored inside:

~/.aws/credentials~/.aws/config

These files contain AWS access keys, regions, and profile configurations.

How do I check which AWS account is currently active?

You can verify the active AWS account using:

aws sts get-caller-identity --profile dev

This helps prevent accidental deployments or infrastructure changes in the wrong AWS account.

Why should DevOps engineers use AWS CLI profiles instead of root credentials?

AWS CLI profiles improve security by separating access between environments and reducing direct usage of root credentials. They are considered a best practice for DevOps workflows and AWS automation.

Conclusion

Managing multiple AWS accounts manually can lead to mistakes, security risks, and deployment issues. AWS CLI profiles provide a secure and efficient way to switch between AWS accounts, organize credentials, and simplify DevOps workflows. By using AWS CLI profiles correctly, you can improve productivity, reduce operational errors, and manage AWS infrastructure more safely.

Read More

• AWS IMDSv2 Can Break EC2 Startup Scripts — Here’s the Fix
• EC2 Memory Not Showing? Fix It with CloudWatch Agent
• Stop Overpaying for GP2: GP3 Cost & Performance Explained
• How to Monitor Available IPs in a Subnet Using AWS Lambda
• AWS CLI Profiles Official Documentation