How to configure multiple profiles for AWS CLI

AWS CLI tools will create and use a default profile if not specified. What it means is that, a profile named default will be created if you don't specify a profile when configuring your AWS CLI tools and the default profile will be used if you don't specify any profile when executing your AWS CLI tools.

You can create and use multiple profiles for your AWS CLI tools by using --profile option when running the aws commands.

Create multiple profiles on AWS CLI

AWS calls this named profiles and you can create a named profile via these steps:

  1. Run aws configure with --profile option.
    $ aws configure --profile second_user
  2. Enter AWS Access Key ID for the new profile.
    AWS Access Key ID [None]: AKIAJF4JT25ZZYGCTTVA
  3. Enter AWS Secret Access Key for the new profile.
    AWS Secret Access Key [None]: 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
  4. Enter Default region name for the new profile.
    Default region name [None]:
  5. Enter Default output format for the new profile.
    Default output format [None]:

  6. Check configuration file if file is properly created.
    $ cat .aws/credentials
    [default]
    aws_access_key_id = AKIAIPXU35JJQNVVMDOQ
    aws_secret_access_key = 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
    [second_user]
    aws_access_key_id = AKIAJF4JT25ZZYGCTTVA
    aws_secret_access_key = N2ylUSpbR5cenv+0/YcuqdvOPtaOVsZrf0UY1TMA

Use multiple profiles on AWS CLI

Once configured, you can use the same --profile option in any of your aws commands to use your other profiles. Here's an example of using the profile configured in the above steps:

$ aws s3 ls --profile second_user

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

The IAM user configured for the profile does not have S3 access, so the error is intentional.