How to manage different AWS profiles

If you are using AWS tools, you probably know about IAM(Identity and Access Management). Generally, it makes it possible to separate uses/roles to manage different services.

The best practice: do not use the root account for daily tasks. Create different IAM roles with limited access instead.

For instance, you have three projects. Therefore, the best way would be to create three users: user1, user2, user3.

• user1 can only manage S3
• user2 can manage EC2 instances and Load Balancer
• user3 can manage RDS

And you want to execute API calls to perform some actions.
Here is my favorite approach for that:

1. create ~/.aws/credentials file
2. add sections for each user/profile

[user1]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[user2]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[user3]
aws_access_key_id = xxx
aws_secret_access_key = xxx

1. run command with --profile param

aws rds create-db-instance --profile user1 ...

Run these commands to see the configurations:

aws configure list
aws configure list --profile user1
cat ~/.aws/credentials

You can also check these super helpful official articles.

• Configuring the AWS CLI
• AWS Named profiles
• AWS Configuration and credential file settings