How to use multiple AWS Accounts from the command

2020-02-16 05:42发布

站内问答 / 后端开发
2015 7 6

I've got two different apps that I am hosting (well the second one is about to go up) on Amazon EC2.

How can I work with both accounts at the command line (Mac OS X) but keep the EC2 keys & certificates separate? Do I need to change my environment variables before each ec2-* command?

Would using an alias and having it to the setting of the environment in-line work? Something like:

alias ec2-describe-instances1 = export EC2_PRIVATE_KEY=/path ; ec2-describe-instances

7条回答
姐就是有狂的资本
2楼-- · 2020-02-16 06:13

The new aws tools now support multiple profiles.

If you configure access with the tools, it automatically creates a default in ~/.aws/config.

You can then add additional profiles - more details at:

http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles

查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
3楼-- · 2020-02-16 06:17

I created a simple tool, aaws, to switch between AWS accounts.

It works by setting the AWS_DEFAULT_PROFILE in your shell. Just make sure you have some entries in your ~/.aws/credentials file and it will easily switch between multiple accounts.

/tmp
$ aws s3 ls
Unable to locate credentials. You can configure credentials by running "aws configure".

/tmp
$ aaws luk3

[luk3]
查看更多
0人赞 添加讨论(0) 举报
beautiful°
4楼-- · 2020-02-16 06:19

You can work with two accounts by creating two profiles on the aws command line. It will prompt you for your AWS Access Key ID, AWS Secret Access Key and desired region, so have them ready.

Examples:

$ aws configure --profile account1
$ aws configure --profile account2

You can then switch between the accounts by passing the profile on the command.

$ aws dynamodb list-tables --profile account1
$ aws s3 ls --profile account2

Note:

If you name the profile to be default it will become default profile i.e. when no --profile param in the command.

More on default profile

If you spend more time using account1, you can make it the default by setting the AWS_DEFAULT_PROFILE environment variable. When the default environment variable is set, you do not need to specify the profile on each command.

Linux, OS X Example:

$ export AWS_DEFAULT_PROFILE=account1
$ aws dynamodb list-tables

Windows Example:

$ set AWS_DEFAULT_PROFILE=account1
$ aws s3 ls
查看更多
0人赞 添加讨论(0) 举报
仙女界的扛把子
5楼-- · 2020-02-16 06:19

Maybe it still help someone. You can set it manually.

1) Set in file

~/.aws/credentials

this

[default]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}

[{{profile_name}}]
aws_access_key_id={{aws_access_key_id}}
aws_secret_access_key={{aws_secret_access_key}}

2) Set in file

~/.aws/config

this

[default]
region={{region}}
output={{output:"json||text"}}

[profile {{profile_name}}]
region={{region}}
output={{output:"json||text"}}

3) Test it with AWS Command Line and command and output will be JSON

aws ec2 describe-instances --profile {{profile_name}}

Ref

http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles

查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
6楼-- · 2020-02-16 06:25

I recommend checking out docker container encapsulated CLI. you can run container for every account for better isolation.

查看更多
0人赞 添加讨论(0) 举报
成全新的幸福
7楼-- · 2020-02-16 06:26

You can write shell script to set corresponding values of environment variables for each account based on user input. Doing so, you don't need to create any aliases and, furthermore, tools like ELB tools, Auto Scaling Command Line Tools will work under multiple accounts as well.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)