Managing Multiple Amazon Web Services Accounts from the Command Line

I work with a lot of different AWS accounts and am constantly switching between them. I recently hacked together a really simple Bash script to ease a bit of the pain of juggling multiple AWS_ACCESS_KEY and AWS_SECRET_KEY environment variables. This allows me to do something like:

[jjbegin@bane ~]$ aws rbn
RBN is active.

[jjbegin@bane ~]$ ec2-describe-vpcs --headers
Entity  VpcID   State   CIDR Block      DHCPOptionsID
VPC     vpc-f5958d9e    available       192.168.1.0/24  dopt-3b0e2750   default
VPC     vpc-270e274c    available       172.17.0.0/16   dopt-3b0e2750   default

The script

Since shell scripts can’t affect the environment variables of the parent process, we need to use the source command. But I want to minimize keystrokes, we wrap source around a simple alias.

https://gist.github.com/4556263

Caution! Be sure to properly set the permissions on the script since it contains sensitive security information: chmod 700 ~/bin/aws.sh. I’d also recommend that a new set of access keys be created using a new IAM account rather than using the account-wide credentials. This makes it less painful if the keys ever need to be revoked and allows them to configured for read-only access to AWS resources.

Bonus tip: multiple accounts in the browser

Use Chrome’s Incognito Mode (Windows: Ctrl+Shift+N, OSX: Ctrl+Cmd+N) if you need to login to the AWS Management Console using different accounts simultaneously. LastPass is a great extension for securely keeping track of access credentials. At RightBrain Networks, we use LastPass Enterprise and Yubikeys for two-factor authentication which solves the problem of needing to email each other passwords.

One Reply to “Managing Multiple Amazon Web Services Accounts from the Command Line”

Leave a Reply

Your email address will not be published. Required fields are marked *