How to temporarily switch profiles for AWS CLI?

Updated answer (7/10/2021): For AWS CLI v1, do this:

export AWS_DEFAULT_PROFILE=user2

For AWS CLI v2, the following will work:

export AWS_PROFILE=user2

The full question is below for context:

---

(1.) After successfully configuring a second profile for the AWS CLI, I unsuccessfully tried to set the profile to user2 in my bash session with the following command:

export AWS_PROFILE=user2

... per the advice here: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html

(2.) The following command works:

aws s3 ls --profile user2

So I know that the AWS CLI and the user2 profile are both working on my computer.

(3.) However, when I subsequently (that is, after entering "export AWS_PROFILE=user2") try something like:

aws s3 ls

... AWS's response assumes that I want to query it as the default user (NOT user2)

(4.) So the only way I can use the user2 profile from the command line is by continuing to append "--profile user2" to every single command, which is tedious.

(5.)

echo $AWS_PROFILE

yields:

>> user2

, as expected.

Any idea what's going on here? I'm sure I'm making some dumb mistake somewhere.

For AWS CLI v1, the cleanest solution is:

export AWS_DEFAULT_PROFILE=user2

Afterward, commands like:

aws s3 ls

... are handled from the appropriate account.

For AWS CLI v2, the following will work:

export AWS_PROFILE=user2

You can see how it works doing this

$ export AWS_PROFILE=myprofile
$ aws s3 ls --debug 2>&1 | grep profile
2018-04-08 19:19:17,990 - MainThread - botocore.session - DEBUG - Loading variable profile from environment with value 'myprofile'.

I doubt this works differently for you.

You can also verify that

$ AWS_PROFILE=myprofile aws s3 ls --debug 2>&1 | grep profile

and

$ aws s3 ls --profile myprofile --debug 2>&1 | grep profile

all give the same result.

The accepted answer assumes you are using a Linux or Mac terminal. I added commands for Windows, Linux and Mac OS.

Windows

CMD

set AWS_PROFILE=profile_name

Powershell

$env:AWS_PROFILE = 'profile_name'

Linux or Mac

export AWS_PROFILE=profile_name

These will set your aws profile that you will use every time you execute an aws command. But if you just want to switch profile temporarily for one aws command.

aws [command] [sub-command] --profile [profile-name]

AWS cli has 3 level of ways it will read variables

• environment variables of key_id / key_secret
• profile via cred/config (normally in ~/.aws/cre...)
• manual value provided inline

> see: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials

one way will be overwritten by another. based on OP, it might be that although DEFAULT_PROFILE is set as userX, the AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY environment variables is set to something else.

You can do an alias to a shell function that load credentials to the current environment thru the use of

"export AWS_ACCESS_KEY_ID=XXXXXXX;"... and more

or to be safer load via a secrets manager

"export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile XXXX)"... and more

Export all access key/secrets etc and then check that the right credentials are loaded in memory thru

aws configure list

finally.. do a reset of the the variable to "default" .. as a good habit to ensure you do what you need as the AWS role; especially when using multiple profiles. hope this helps.

user@machine:~/.aws$ aws --version
aws-cli/2.1.2 Python/3.7.3 Linux/5.4.0-53-generic exe/x86_64.linuxmint.20

I add aliases to my .bashrc if I have a lot of named profiles.

for example:

alias harry-tuttle='export AWS_PROFILE=harry-tuttle'

Then switching profiles becomes one command with less typing.

To see all your profiles:

aws configure list-profiles`

For windows use

set AWS_DEFAULT_PROFILE=user2

You can add the profile flag

aws s3 ls --profile marketingadmin

create or edit this file:

% vim ~/.aws/credentials

list as many key pairs as you like:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

include --profile user1 to select a profile & do what you like:

aws s3api list-buckets --profile user1
# any aws cli command now using user1 pair of keys

.... OR ....

set a local variable to select the pair of keys you want to use:

% export AWS_PROFILE=user1

then do what you like:

aws s3api list-buckets  # any aws cli command now using user1 pair of keys

more details: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html