AWS Profile switching

On the other day, I was sitting in front of my console, and tried to get the courage to run ‘terraform destroy’.

I started to think about what shall I do in the future to avoid situations like this, and then I realized the problem is with the ‘default’ section. When you run the ‘aws configure’ command, it will create you a section named ‘default’ in the .aws/credentials and .aws/config files, from that very moment you will use that section as your … well, as your default credentials, and when you add more and more keys, you can select them by using ‘–profile’ switch over and over again.

This isn’t safe enough, so I recommend to remove/rename the default section, so you have to use –profile from that moment.

[profile prof1]
output = json
region = us-east-1
[profile prof2]
output = json
region = eu-central-1
aws_secret_access_key = SECRET_KEY1 
aws_access_key_id = ACCESS_ID1
aws_secret_access_key = SECRET_KEY2 
aws_access_key_id = ACCESS_ID2

This is way better than what we had so far, but not perfect, because it gives you more to type any time you use awscli, so we should make it more convenient. If you create a function in your .profile then it will be easy to switch between profiles, because the AWS_PROFILE environment variable also selects the profile for you.

In my case, I added a prompt_tag call in my function, because with liquidprompt that is the way to add a prefix for your prompt.

function awsprof {
  if [[ $1n != "n" ]];
    export AWS_PROFILE=$1
    prompt_tag "(aws: $1)"
    unset AWS_PROFILE
    prompt_tag ""

Anytime I have to work with one of my AWS profiles, I run ‘awsprof <profilename>’ my environment variables are set, and from that terminal, all my awsci commands will hit the correct environment, and I also have the profile name in the beginning of my prompt to make it visible.