How to Set Up Multiple AWS Accounts and Configure Them with AWS CLI for Different Clients
How to Set Up Multiple AWS Accounts and Configure Them with AWS CLI for Different Clients
Managing multiple AWS accounts for various clients can be streamlined by configuring separate profiles in the AWS CLI. Each profile will have its own credentials and default region, allowing you to switch between different AWS environments effortlessly.
In this guide, we will configure three different client profiles with different regions:
Client 1: User1 (Europe, London) - eu-west-2
Client 2: User2 (Asia Pacific, Tokyo) - ap-northeast-1
Client 3: User3 (Canada, Central) - ca-central-1
Step 1: Install AWS CLI (if not already installed)
If you haven’t installed the AWS CLI, you can follow these instructions based on your operating system:
Linux / macOS:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Windows: Download the MSI installer from the AWS CLI website.
To verify the installation:
aws --version
Step 2: Obtain AWS Credentials for Each Client
Before setting up profiles, you need the Access Key ID and Secret Access Key for each client’s AWS account. These can be obtained from the IAM section in the AWS Console under the specific user's credentials.
Step 3: Configure AWS CLI for Multiple Accounts Using Profiles
The AWS CLI supports multiple profiles. Each profile is identified by a unique name, and you can switch between them easily.
Configuring Profiles for Each Client
Client 1 (User1, Europe London): Open your terminal and run:
aws configure --profile user1-eu
You will be prompted to enter the credentials and default region:
AWS Access Key ID: (Enter the Access Key for User1)
AWS Secret Access Key: (Enter the Secret Key for User1)
Default region name: eu-west-2
Default output format: (Press Enter for json)
Client 2 (User2, Asia Pacific Tokyo): Now configure the second client:
aws configure --profile user2-ap
You will be prompted to enter the credentials and default region:
AWS Access Key ID: (Enter the Access Key for User2)
AWS Secret Access Key: (Enter the Secret Key for User2)
Default region name: ap-northeast-1
Default output format: (Press Enter for json)
Client 3 (User3, Canada Central): Finally, configure the third client:
aws configure --profile user3-ca
You will be prompted to enter the credentials and default region:
AWS Access Key ID: (Enter the Access Key for User3)
AWS Secret Access Key: (Enter the Secret Key for User3)
Default region name: ca-central-1
Default output format: (Press Enter for json)
Step 4: Verifying the Configuration
Once the profiles are configured, you can verify them by listing all configured profiles:
aws configure list-profiles
You should see output similar to this:
user1-eu
user2-ap
user3-ca
Step 5: Using Profiles in AWS CLI Commands
Now that your profiles are configured, you can switch between clients by specifying the profile in your AWS CLI commands.
Examples:
To start an EC2 instance for User1 (Europe, London):
aws ec2 start-instances --instance-ids i-xxxxxxxxxxxxxxxxx --profile user1-euTo stop an EC2 instance for User2 (Asia Pacific, Tokyo):
aws ec2 stop-instances --instance-ids i-xxxxxxxxxxxxxxxxx --profile user2-apTo check the status of an EC2 instance for User3 (Canada, Central):
aws ec2 describe-instances --instance-ids i-xxxxxxxxxxxxxxxxx --profile user3-ca
Step 6: Setting a Default Profile (Optional)
If you frequently work with one of the clients and want to avoid specifying the --profile option every time, you can set a default profile.
To set User1 (Europe, London) as the default profile, run:
aws configure set profile.default.region eu-west-2
aws configure set profile.default.aws_access_key_id <user1-access-key>
aws configure set profile.default.aws_secret_access_key <user1-secret-key>
Now, all AWS CLI commands will use User1’s credentials and region unless you specify another profile.
Step 7: Switch Between Profiles Easily
If you prefer not to specify --profile with every command, you can export the AWS_PROFILE environment variable in your terminal to switch between profiles easily.
For Linux/macOS:
Switch to User1:
export AWS_PROFILE=user1-euSwitch to User2:
export AWS_PROFILE=user2-ap
For Windows (PowerShell):
Switch to User1:
$env:AWS_PROFILE="user1-eu"Switch to User2:
$env:AWS_PROFILE="user2-ap"
Step 8: Automating with Aliases (Optional)
If you often need to switch between profiles and run similar commands, you can create aliases to simplify the process.
For Linux/macOS:
Open your .rc or .zshrc file:
nano ~/.rc # for
nano ~/.zshrc # for Zsh
Add aliases for each client:
alias aws-user1='aws --profile user1-eu'
alias aws-user2='aws --profile user2-ap'
alias aws-user3='aws --profile user3-ca'
Save and reload your shell configuration:
source ~/.rc # for
source ~/.zshrc # for Zsh
Now you can run commands like this:
aws-user1 ec2 start-instances --instance-ids i-xxxxxxxxxxxxxxxxx
Conclusion
By configuring multiple profiles in the AWS CLI, you can seamlessly manage multiple AWS accounts for different clients. This setup allows you to switch between different AWS environments with ease, ensuring that you’re working in the correct AWS account for each client. Whether you manage two accounts or twenty, using AWS CLI profiles and aliases streamlines your workflow and reduces the risk of working in the wrong account or region.
This guide is your complete solution to setting up and managing multiple AWS accounts from a single CLI interface.
#AWSCLI
#AWSMultiAccount
#AWSProfiles
#CloudAutomation
#AWSForClients
#EC2Management
#AWSConfig
#DevOpsTips
#CloudOps
#AWSRegions
#CloudSolutions
How do I manage multiple AWS accounts with CLI?
Setting up multiple AWS profiles for different clients
Switch between AWS accounts using CLI profiles
AWS CLI multi-account configuration guide
How to configure AWS CLI for different regions
Automating EC2 start and stop with multiple AWS accounts
AWS CLI profiles for clients with different regions
Best practices for managing multiple AWS accounts
How to configure AWS CLI for multiple accounts
Using aliases for AWS CLI profile switching