-1

For testing purpose, I am running on a docker container.

sudo docker run --entrypoint "/bin/bash" --rm -it amazon/aws-cli:latest

I configured default profile with my admin account.

Then, configured another profile with sts role linked.

bash-4.2# cat ~/.aws/config
[default]
region = us-west-2
[profile testsubaccount]
source_profile = default
role_arn = arn:aws:iam::<ACCOUNT_NUMBER>:role/OrganizationAccountAccessRole
region = us-west-2

Now, see the output of below command.

bash-4.2# aws sts get-caller-identity
{
    "UserId": "********",
    "Account": "*******",
    "Arn": "arn:aws:iam::********:user/*******"
}
bash-4.2# aws sts get-caller-identity --profile testawsaccount

The config profile (testawsaccount) could not be found
bash-4.2# aws sts get-caller-identity --profile testsubaccount
{
    "UserId": "*********************",
    "Account": "********",
    "Arn": "arn:aws:sts::********:assumed-role/OrganizationAccountAccessRole/botocore-session-1653571765"
}

If you observe, with --profile option it is showing the second profile and without any parameter, it is showing default account.

I want to run my aws cli commands and the terraform files also to use the second profile as default so that I don't need to change all my templates and commands.

When I checked it is mentioned that setting

export AWS_PROFILE=testsubaccount

export AWS_DEFAULT_PROFILE=testsubaccount

should switch the default profile.

But not working.

Tried with and without export keyword.

Reference links: How do I set the name of the default profile in AWS CLI? How to temporarily switch profiles for AWS CLI?

Jor-El
  • 187
  • 3
  • 11
  • 1
    What specifically is not working? What happens when you run `AWS_PROFILE=testsubaccount aws sts get-caller-identity` (all on the same line in your shell)? – jarmod May 26 '22 at 13:51

1 Answers1

1

I am assuming you are working on unix machine.

  1. Go to your aws configurations folder, which is available at ~/.aws/.
  2. Open the credentials file whose content will be something like this:
[default]
aws_access_key_id = *****
aws_secret_access_key = **************

[another-profile]
aws_access_key_id = *************
aws_secret_access_key = ***********
  1. In [default], just configure the keys that you want to set as your default config for aws-cli and you are good to go.

Note: You can copy the items from any other AWS profile into your [default]. If you want this config to be temporary, then make sure to backup your [default] setup backed up into another profile like [old-default] which will make it easier to switch back later.

Gaurav Sharma
  • 1,983
  • 18
  • 18