如何临时切换 AWS CLI 的配置文件?
[英]How to temporarily switch profiles for AWS CLI?
问题描述
Updated answer (7/10/2021): For AWS CLI v1, do this:
更新的答案 (7/10/2021):对于 AWS CLI v1,请执行以下操作:
export AWS_DEFAULT_PROFILE=user2
For AWS CLI v2, the following will work:对于 AWS CLI v2,以下内容将起作用:
export AWS_PROFILE=user2
The full question is below for context:完整的问题如下:
(1.) After successfully configuring a second profile for the AWS CLI, I unsuccessfully tried to set the profile to user2 in my bash session with the following command: (1.) 在为 AWS CLI 成功配置第二个配置文件后,我尝试使用以下命令在我的 bash 会话中将配置文件设置为 user2 失败:
export AWS_PROFILE=user2
... per the advice here: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html ...根据这里的建议: https : //docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
(2.) The following command works: (2.) 以下命令有效:
aws s3 ls --profile user2
So I know that the AWS CLI and the user2 profile are both working on my computer.所以我知道 AWS CLI 和 user2 配置文件都在我的计算机上运行。
(3.) However, when I subsequently (that is, after entering "export AWS_PROFILE=user2") try something like: (3.) 但是,当我随后(即在输入“export AWS_PROFILE=user2”之后)尝试以下操作时:
aws s3 ls
... AWS's response assumes that I want to query it as the default user (NOT user2) ... AWS 的响应假设我想以默认用户(而不是 user2)的身份查询它
(4.) So the only way I can use the user2 profile from the command line is by continuing to append "--profile user2" to every single command, which is tedious. (4.) 因此,我可以从命令行使用 user2 配置文件的唯一方法是继续将“--profile user2”附加到每个命令,这很乏味。
(5.) (5.)
echo $AWS_PROFILE
yields:产量:
>> user2
, as expected. ,正如预期的那样。
Any idea what's going on here?知道这里发生了什么吗? I'm sure I'm making some dumb mistake somewhere.我确定我在某个地方犯了一些愚蠢的错误。
8 个解决方案
解决方案1
57 已采纳 2018-04-10 07:54:52
For AWS CLI v1, the cleanest solution is:对于 AWS CLI v1,最干净的解决方案是:
export AWS_DEFAULT_PROFILE=user2
Afterward, commands like:之后,命令如下:
aws s3 ls
... are handled from the appropriate account. ...从适当的帐户处理。
For AWS CLI v2, the following will work:对于 AWS CLI v2,以下内容将起作用:
export AWS_PROFILE=user2
解决方案2
5 2018-04-08 23:23:16
You can see how it works doing this你可以看到它是如何工作的
$ export AWS_PROFILE=myprofile
$ aws s3 ls --debug 2>&1 | grep profile
2018-04-08 19:19:17,990 - MainThread - botocore.session - DEBUG - Loading variable profile from environment with value 'myprofile'.
I doubt this works differently for you.我怀疑这对你的工作方式不同。
You can also verify that您还可以验证
$ AWS_PROFILE=myprofile aws s3 ls --debug 2>&1 | grep profile
and和
$ aws s3 ls --profile myprofile --debug 2>&1 | grep profile
all give the same result.都给出相同的结果。
解决方案3
2 2021-08-11 07:24:58
The accepted answer assumes you are using a Linux or Mac terminal.接受的答案假定您使用的是 Linux 或 Mac 终端。 I added command for both OS.我为两个操作系统添加了命令。
Windows视窗
set AWS_PROFILE=profile_name
Linux or Mac Linux 或 Mac
export AWS_PROFILE=profile_name
These will set your aws profile that you will use every time you execute an aws command.这些将设置您每次执行 aws 命令时将使用的 aws 配置文件。 But if you just want to switch profile temporarily for one aws command.但是,如果您只想为一个 aws 命令临时切换配置文件。
aws [command] [sub-command] --profile [profile-name]
解决方案4
1 2019-03-11 14:43:47
AWS cli has 3 level of ways it will read variables AWS cli 有 3 级读取变量的方式
- environment variables of key_id / key_secret key_id / key_secret 的环境变量
- profile via cred/config (normally in ~/.aws/cre...)通过 cred/config 配置文件(通常在 ~/.aws/cre...)
- manual value provided inline内联提供手动值
see: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials
one way will be overwritten by another.一种方式将被另一种方式覆盖。 based on OP, it might be that although DEFAULT_PROFILE is set as userX, the AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY environment variables is set to something else.基于 OP,虽然 DEFAULT_PROFILE 设置为 userX,但 AWS_ACCESS_KEY_ID 和/或 AWS_SECRET_ACCESS_KEY 环境变量设置为其他内容。
You can do an alias to a shell function that load credentials to the current environment thru the use of您可以为 shell 函数做一个别名,通过使用将凭据加载到当前环境
"export AWS_ACCESS_KEY_ID=XXXXXXX;"... and more
or to be safer load via a secrets manager或者通过秘密管理器更安全地加载
"export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile XXXX)"... and more
Export all access key/secrets etc and then check that the right credentials are loaded in memory thru导出所有访问密钥/机密等,然后检查是否通过内存加载了正确的凭据
aws configure list
finally.. do a reset of the the variable to "default" .. as a good habit to ensure you do what you need as the AWS role;最后.. 将变量重置为“默认”.. 作为一个好习惯,以确保您作为 AWS 角色执行您需要的操作; especially when using multiple profiles.尤其是在使用多个配置文件时。 hope this helps.希望这可以帮助。
解决方案5
1 2020-12-01 15:38:21
user@machine:~/.aws$ aws --version
aws-cli/2.1.2 Python/3.7.3 Linux/5.4.0-53-generic exe/x86_64.linuxmint.20
I add aliases to my .bashrc if I have a lot of named profiles.如果我有很多命名配置文件,我会向我的.bashrc添加别名。
for example:例如:
alias harry-tuttle='export AWS_PROFILE=harry-tuttle'
Then switching profiles becomes one command with less typing.然后切换配置文件成为一个命令,输入更少。
To see all your profiles:要查看您的所有个人资料:
aws configure list-profiles`
解决方案6
0 2021-01-13 17:40:57
aws s3 ls --profile marketingadmin
解决方案7
0 2021-01-26 12:53:28
对于窗户使用
set AWS_DEFAULT_PROFILE=user2
解决方案8
0 2021-12-11 20:26:06
create or edit this file:创建或编辑此文件:
% vim ~/.aws/credentials
list as many key pairs as you like:列出任意数量的密钥对:
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
include --profile user1 to select a profile & do what you like:包括--profile user1来选择一个配置文件并做你喜欢做的事情:
aws s3api list-buckets --profile user1
# any aws cli command now using user1 pair of keys
more details: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html更多详情: https : //docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.