Question 107964 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – How to switch between accounts created using AWS Organizations from aws-cli

I am using AWS Organizations from my master account to create sub-accounts like prod, dev, playground etc.

Inside the AWS Console it is easy to switch between the accounts by clicking the "Switch Role" button.

How do I achieve the same from the aws-cli using profiles? Can somebody list the least amount of steps necessary to achieve that?

When I search the internet (and I have) I find very different solutions and many of them involving creating new roles from scratch. However, I figure that I should be able to use the AWSServiceRoleForOrganizations role already created by AWS Organizations.

Thank you

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    I figured it out. In the credentials file add:

    [master] aws_access_key_id = xxxxxxxxxxxxxxxxxxxxx aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxx

    [sub-account] role_arn = arn:aws:iam::XXXXXXXXXXXX:role/OrganizationAccountAccessRole source_profile = master

    Where XXXXXXXXXXXX is the account number of the sub-account.


  2. 0

    In your ~/.aws/config and ~/.aws/credentials file you need to add different profiles and credentials .

    Place your keys in your ~/.aws/credentials file.

    [default]
aws_access_key_id=XXXXXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXX/XXXXXX/XXXXXXXXX

[dev]
aws_access_key_id=XXXXXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXX/XXXXXX/XXXXXXXXX

[playground]
aws_access_key_id=XXXXXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXX/XXXXXX/XXXXXXXXX

[prod]
aws_access_key_id=XXXXXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXX/XXXXXX/XXXXXXXXX

    Modify your ~/.aws/config file. Remember to Add the prefix ‘profile’

    [default]
region=us-west-2

[profile dev]
region=us-east-1

[profile playground]
region=us-east-1

[profile prod]
region=us-east-1

    Now you can switch between profile by using the --profile flag

    aws s3 ls --profile dev # will use keys and config from dev profile

aws s3 ls # will use keys and config from default profile

aws s3 ls --profile production # will use and config keys from prod profile
    Login or Signup to reply.
  3. 0

    Simply set env var AWS_PROFILE to the respective profile to switch to another profile

    export AWS_PROFILE=profile1

    Note: Assuming you’ve configured different profiles in your system already

    If you didn’t configure profiles yet in your local system, you can run the below command:

    aws configure --profile
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search