I want to setup multiple AWS profiles so that I can easily change settings and credentials when jumping between projects.
I've read the AWS documentation but it's quite vague about how to select what profile you want to use when logging in.
When I'm trying to login it's just giving me this error which seems to indicate that it's not picking up any credentials.
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
To switch between different AWS accounts, set the AWS_profile environment variable at the command line via export AWS_PROFILE=profile_name . Setting the env variable changes the default profile until the end of your shell session or until you set the variable to a different value.
The credentials file is located at ~/. aws/credentials on Linux or macOS, or at C:\Users\ USERNAME \. aws\credentials on Windows. This file can contain the credential details for the default profile and any named profiles.
To validate a user's credentials with the AWS CLI, run the sts get-caller-identity command. The command returns details about the user's credentials if they are valid, otherwise it throws an error.
To setup multiple profiles for AWS login you need to the following:
1: ~/.aws/credentials
[default]
aws_access_key_id =
aws_secret_access_key =
[cat]
aws_access_key_id = XXXX
aws_secret_access_key = XXXXXXXXXXXX
[dog]
aws_access_key_id = XXXX
aws_secret_access_key = XXXXXXXXXXXX
2: ~/.aws/config
[default]
region = eu-central-1
[profile cat]
region = us-west-2
[profile dog]
region = ap-northeast-1
3. Select profile
The selected profile is determined by the $AWS_PROFILE
environment variable. In bash this could be done in ~\.bash_profile
by adding a line export AWS_PROFILE="cat"
. To switch profiles in the current terminal, type AWS_PROFILE=dog
.
4. Remove global settings
You also need to make sure that the environment variables AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
are not set because the aws-cli will give priority to those variables over profiles.
Running
You can then login to the AWS service of your choice. To see what profile is currently in use echo $AWS_PROFILE
. Example command for ECR login would be $(aws ecr get-login)
Debugging
If you're still having problems you can add the --debug
flag to see what credentials it's using for the command.
For me although I setup everything is above, I have older aws cli version is causing this issue.
$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
$ unzip awscli-bundle.zip
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
By applying above commands it resolves my issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With