Open In App

How To Manage Multiple AWS Profiles For Boto3

Last Updated : 11 Mar, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

Amazon Web Services (AWS) is a leading cloud provider, it provides us with a variety of cloud services that are scalable globally, including compute, database, storage, analytics, developer tools, and enterprise applications. You can launch cloud resources, start building applications, and deploy them globally with ease. AWS will take care of most of the things. It works based on the pay-as-You-Go pricing model, which means you need not pay anything before utilizing the resources, you’ll pay on the go.

Prerequisites

To try the stuff mentioned in this article, you should be ready with the following:

  • An AWS account
  • Python is installed in your system
  • AWS CLI Installed
  • boto3 installed

Installations

If you haven’t set up your system for Boto3 yet, follow the below steps

Install AWS CLI

Run the below command to install AWS CLI in your Linux system.

sudo apt-get install awscli -y
Install AWS CLI

Install AWS CLI

Install boto3

pip install boto3
Install Python SDK Boto3

Install Python SDK Boto3

What is AWS Profile?

AWS profiles are just named configurations that you can use to organize your credentials across multiple AWS accounts, accounts can be from same account or from multiple accounts, each profile has it’s own Access Key, Secret key and other basic user preferences.

Why do we even need Multiple profiles?

When managing multiple projects, each with distinct AWS configurations or handling personal and work-related accounts, organizing and dynamically utilizing credentials becomes crucial. AWS offers a solution by allowing you to configure profiles for each user, ensuring seamless and organized access to different accounts based on specific project requirements. This approach streamlines the process of switching between user accounts, facilitating efficient and secure development across various scenarios.

Simply Multiple profiles allow developers to work on different projects, each with its unique AWS configuration, ensuring separation and security.

AWS Profile Terms

ACCESS_KEY: The AWS Access Key is a unique identifier associated with an AWS account or IAM user.It serves as a credential to access AWS services programmatically through APIs or command-line tools.Access keys are used in conjunction with the AWS Access Key ID for authentication.You can think of it as an username for AWS cli.

SECRET_ACCESS_KEY: The Secret Access Key is the corresponding secret key paired with the AWS Access Key ID.It is a sensitive piece of information that must be kept confidential. The combination of Access Key ID and Secret Access Key is used to authenticate and authorize requests to AWS services, ensuring secure access to resources.

Region: Basically AWS deployed it’s datacenters across the world, you can choose geographical area i.e region near to you or your client based on the applciation requirement, to achieve the low latency, high throughput applications.

While configuring AWS profile you can set the default region (this is optional and you can override it anytime)

Output Format: This is the default output format for the cli, this is an optional config, default is json. Available options are json, yaml, text, table.

Configure AWS Profile

To configure AWS profile, run the below command

aws configure
Configure AWS Credentials with default profile

Configure AWS Credentials with default profile

This command has an optional argument profile, if you don’t pass this argument it will configure for profile name `default`, and this will be your defaut aws profile.

Configure AWS profile with name

aws configure --profile <profile-name>

It prompts for Access key, secret key, default region, and output format.

Configure Additional Profiles

In the same way as above we can configure multiple profiles by providing the appropriate profile names.

aws configure --profile myprofile2

aws configure --profile myprofile3
Configure AWS Credentials with custom profile-(1)

Configure AWS Credentials with custom profile

Accessing resources with specific profile

Note: We’re just using an sample IAM boto3 api call for demonstrating the scenario

We can access the aws resources without specifying the profile like below:

Accessing without profile (here aws sdk will look for default profile, if default profile doesn’t exist it will raise an error):

import boto3
client = boto3.client("iam")
response = client.get_user(
    UserName='myname'
)

We can access aws resources by using specific profile like below:

import boto3
session = boto3.Session(profile_name='myprofile2')
client = session.client("iam")
response = client.get_user(
    UserName='myname'
)

Here in the above case, we’re configuring the aws profile before initializing the client, so that every client initialized using the configured session will use your profile credentials (`myprofile2` in this case).

Set default profile in boto3

Unlike specifying the profile in the session, we can set default profile for the boto3 like below:

import boto3
boto3.setup_default_session(profile_name='myprofile')
client = boto3.client("iam")
response = client.get_user(
    UserName='myname'
)

Here in this case, once you’ve configured default profile for boto3, so until the end of the code, you need not mention profile again specifically, it will pick the confiogured profile by default.

Conclusion

In this article we leanrnt how to create multiple profiles in aws cli, and access resources using specific profile with differnt methods.Multiple profiles allow us to work on different projects, each with its unique AWS configuration, ensuring separation and security.

Manage Multiple AWS Profiles for Boto3 – FAQ’s

How many profiles can i configure?

As of now there is no limit up on that, you can create any number of profiles.

Where do these profiles configurations saved?

Usually aws credentials will be saved in ~/.aws/credentials directory

Can i rename the profile?

Through cli not possible, but you can modify this by manually editing the credentials file, it’s usually located at ~/.aws/credentials

Is this profile switching works in CLI as well?

Yes, you can pass profile using –profile argument for any aws command.

Can i update the credentials for Profile?

Yes, you can update credentials at any time, just run the command again, i.e aws configure –profile <profilename>, it will prompt for updated credentials, enter the credentials, these will be replaced with old ones.

Can I switch between AWS profiles dynamically in my code?

Yes, leverage Boto3’s capabilities to dynamically switch between profiles based on project requirements, enhancing flexibility in development.



Like Article
Suggest improvement
Next
How to Use Profile Manager on Firefox?
Share your thoughts in the comments

Similar Reads

What Is The Difference Between The AWS Boto And Boto3 ?
How to Choose an AWS Profile When using Boto3 to Connect to CloudFront
How To List S3 Buckets With Boto3 ?
How to Read File Content from S3 Bucket with Boto3 ?
How to Use AWS ECS to Deploy and Manage Containerized Applications?
Difference between AWS Cloudwatch and AWS Cloudtrail
AWS Educate and AWS Emerging Talent Community
AWS DynamoDB - Insert Data Using AWS Lambda
How To Use AWS EC2, EBS, and S3 Services Using AWS CLI?
How To Create Spot Instance In Aws-Ec2 In Aws Latest Wizards?

D
dillip_chowdary
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox