Press "Enter" to skip to content

CLI to Switch Amazon AWS Shell Environment Credentials

AwsCredsI work with many different AWS IAM Accounts and need to easily switch between these accounts. The good news is the AWS CLI tools now support a standard config file (~/.aws/config) that allows you to create profiles  for  multiple accounts in the one config file. You can select them when using the aws-cli with the --profile flag.

But many other tools don’t yet support the new format config file or multi-profiles. But they do support shell environment variables. So I wrote a simple ruby script that

  • Allows you to specify the profile name as an argument
  • Reads in the config file ~/.aws/config
  • Outputs the export statements for publishing the environment variables
    • You can eval the output to set the environment of your current shell session

So if you had a config file ~/.aws/config that looked like this:


[profile foo]

[profile bar]

If you don’t specify any argument to the command it will output the default profile:

 $ aws_switch
export AWS_ACCESS_KEY_ID=AKI***********2A
export AWS_SECRET_ACCESS_KEY=jt41************************************p
export AMAZON_ACCESS_KEY_ID=AKI***********2A
export AMAZON_SECRET_ACCESS_KEY=jt41************************************p
export AWS_ACCESS_KEY=AKI***********2A
export AWS_SECRET_KEY=jt41************************************p

If you specified a profile (in this case foo):

$ aws_switch foo
export AWS_ACCESS_KEY_ID=0K***************K82
export AWS_SECRET_ACCESS_KEY=2b+***********************************1g
export AMAZON_ACCESS_KEY_ID=0K***************K82
export AMAZON_SECRET_ACCESS_KEY=2b+***********************************1g
export AWS_ACCESS_KEY=0K***************K82
export AWS_SECRET_KEY=2b+***********************************1g

You would actually use it by eval’ing the output of aws_switch so it sets the variables in the environment of yhour current shell:

eval `aws_switch foo`

Here’s the code for aws_switch. Put it in someplace in your $PATH and make sure to chmod 0755 the file so its executable:

#!/usr/bin/env ruby
require 'inifile'

configs = IniFile.load(File.join(File.expand_path('~'), '.aws', 'config'))

profile_name_input = ARGV[0]
case profile_name_input
when 'default'
  profile_name = 'default'
when nil
  profile_name = 'default'
when ""
  profile_name = 'default'
  profile_name = "profile #{profile_name_input}"

id = configs[profile_name]['aws_access_key_id']
key = configs[profile_name]['aws_secret_access_key']

puts "export AWS_ACCESS_KEY_ID=#{id}"
puts "export AWS_SECRET_ACCESS_KEY=#{key}"
puts "export AMAZON_ACCESS_KEY_ID=#{id}"
puts "export AMAZON_SECRET_ACCESS_KEY=#{key}"
puts "export AWS_ACCESS_KEY=#{id}"
puts "export AWS_SECRET_KEY=#{key}"