How to Set Up Multiple AWS Accounts and Configure Them with AWS CLI for Different Clients
cliawscicd

How to Set Up Multiple AWS Accounts and Configure Them with AWS CLI for Different Clients

Master the AWS CLI to efficiently manage multiple accounts for diverse clients with tailored configurations.

lalatendu.swain
lalatendu.swainMay 21, 2022 · 4 min read

Introduction

In today's cloud-centric world, managing multiple AWS accounts for different clients is a common scenario for system administrators and developers. Configuring separate profiles in the AWS Command Line Interface (CLI) allows you to streamline access to various AWS environments, making it easier to switch between accounts without the hassle of constantly re-entering credentials. This guide will walk you through the process of setting up multiple AWS accounts and configuring them with the AWS CLI, ensuring you can efficiently manage resources across different clients.

What Is AWS CLI?

The AWS Command Line Interface (CLI) is a unified tool that enables you to manage your AWS services from the command line. It allows you to control multiple AWS services and automate tasks through scripts. By using the AWS CLI, you can interact with AWS services without needing to navigate the web-based AWS Management Console, making it a powerful tool for developers and system administrators.

How It Works

The AWS CLI operates by sending requests to AWS services using the REST API. When you configure profiles in the AWS CLI, each profile stores its own set of credentials and configurations, such as the default region and output format. This setup allows you to easily switch between different client accounts by specifying the profile name in your commands. Think of it as having multiple keys to different doors, where each key opens a specific door to a client’s AWS environment.

Prerequisites

Before you begin, ensure you have the following:

  • AWS CLI installed on your machine.
  • AWS Access Key ID and Secret Access Key for each client’s AWS account.
  • Basic knowledge of using the command line.

Installation & Setup

To install the AWS CLI, follow the steps based on your operating system:

For Linux / macOS:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

For Windows:

Download the MSI installer from the AWS CLI website.

Verify Installation:

To ensure the AWS CLI is installed correctly, run:

aws --version

Step-by-Step Guide

  1. Obtain AWS Credentials: Collect the Access Key ID and Secret Access Key for each client from the IAM section of the AWS Management Console.

  2. Configure AWS CLI for Client 1: Set up the first client profile.

    aws configure --profile user1-eu
    • Enter the Access Key ID for User1.
    • Enter the Secret Access Key for User1.
    • Set the default region to eu-west-2.
    • Press Enter for the default output format (JSON).

  3. Configure AWS CLI for Client 2: Set up the second client profile.

    aws configure --profile user2-ap
    • Enter the Access Key ID for User2.
    • Enter the Secret Access Key for User2.
    • Set the default region to ap-northeast-1.
    • Press Enter for the default output format (JSON).

  4. Configure AWS CLI for Client 3: Set up the third client profile.

    aws configure --profile user3-ca
    • Enter the Access Key ID for User3.
    • Enter the Secret Access Key for User3.
    • Set the default region to ca-central-1.
    • Press Enter for the default output format (JSON).

Real-World Examples

Example 1: Listing S3 Buckets for Client 1

To list the S3 buckets for Client 1, use:

aws s3 ls --profile user1-eu

Example 2: Deploying an EC2 Instance for Client 2

To launch an EC2 instance in the Tokyo region for Client 2, use:

aws ec2 run-instances --image-id ami-12345678 --count 1 --instance-type t2.micro --key-name MyKeyPair --region ap-northeast-1 --profile user2-ap

Example 3: Checking CloudWatch Logs for Client 3

To view CloudWatch logs for Client 3, use:

aws logs describe-log-groups --profile user3-ca

Best Practices

  • Use IAM Roles: Instead of sharing Access Keys, consider using IAM roles for better security.
  • Rotate Credentials Regularly: Regularly update your Access Keys to minimize security risks.
  • Use Environment Variables: For temporary access, set AWS credentials as environment variables.
  • Limit Permissions: Grant only the necessary permissions to each client’s IAM user.
  • Organize Profiles: Use clear and descriptive names for profiles to avoid confusion.
  • Monitor Usage: Regularly check AWS CloudTrail logs to monitor API usage across accounts.
  • Backup Configuration: Keep a backup of your AWS CLI configuration files in a secure location.

Common Issues & Fixes

Issue Cause Fix
Access Denied Incorrect IAM permissions Verify and adjust IAM policies for the user.
Invalid Credentials Typo in Access Key or Secret Key Double-check the credentials entered.
Region Not Found Specified region is incorrect Ensure the region is valid for the selected service.
Profile Not Found Profile name is misspelled Check the profile name in the command.

Key Takeaways

  • The AWS CLI is a powerful tool for managing AWS resources across multiple accounts.
  • Configuring separate profiles for each client streamlines access management.
  • Always use secure practices when handling AWS credentials.
  • Regularly verify and update your AWS CLI installation.
  • Monitor and audit your AWS usage to maintain security and compliance.

By following this guide, you can effectively manage multiple AWS accounts for different clients, enhancing your productivity and operational efficiency.

Responses

Sign in to leave a response.

Loading…

— More from lalatendu.swain

The Code Auditor That Never Sleeps: What Anthropic's Glasswing Project Tells Us About the Next Decade of Cybersecurity

10 min read

Understanding Zero Trust: The Future of Cybersecurity Frameworks

9 min read

The Day I Stopped Fighting My Tools

4 min read

Ensuring Proper Tagging of AWS AMIs and Snapshots in Your Automation Scripts

3 min read