Easily swap between AWS Profiles without having to manage keys

aliases.sh

#!/bin/bash

function _awsListAll {
    credentialFileLocation=${AWS_SHARED_CREDENTIALS_FILE}
    if [ -z $credentialFileLocation ]; then
        credentialFileLocation=~/.aws/credentials
    fi

    while read line; do
        if [[ $line == "["* ]]; then 
            echo "$line"
        fi
    done < $credentialFileLocation
};

function _awsSwitchProfile {
    if [ -z $1 ]; then
        echo "Usage: awsp profilename"
        return
    fi
   
    export AWS_DEFAULT_PROFILE=$1
    export AWS_PROFILE=$1
    export AWS_REGION=$(aws configure get region --profile $1)
    export AWS_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text)
    export AWS_SDK_LOAD_CONFIG="true" # This export will allow you to use assumed roles with the sdks (tested for nodejs)
    
    echo "Switched to AWS Profile: $1"
    aws configure list
};

function _awsSsoSignin {
  aws sso login --profile ${1}
  _awsSwitchProfile ${1}
}

AWS_Credentials.md

Adding these scripts will give you the following aliases on your command line.

Note: the scripts are only tested on OSX

• awsall - Lists all available AWS profiles. Note that the list is based on the .aws/credentials file.
• awswho - Lets you know what profile you are currently using
• awssso profilename - Quickly signin using AWS IAM Identity Center (Recommended)
• awsp profilename - Similar to awssso but for use with IAM User & Assume Role

Setup

1. Create ~/.aws/alises.sh and copy the contents of the snippet.
2. Update ~/.bash_profile with the contents of that snippet
3. Ensure that you configure the AWS CLI using ~/.aws/config & ~/.aws/credentials. See examples.

Note: awssso & awsp add a non-standard environment variable named AWS_ACCOUNT which contains the AWS Account Id.

bash_profile

. ~/.aws/aliases.sh
alias awsall="_awsListAll"
alias awssso="_awsSsoSignin"
#alias awsso=_awsSsoSignin" #uncomment this line if you, like me, tend to miss typing that third 's' in awssso
alias awsp="_awsSwitchProfile"
alias awswho="aws configure list"

# If you are using Code Artifact, the below are examples of how you can create quick-connect aliases for your repositories.

# Example alias for code artifact login using a pre-configured sso-profile
alias awsca="awssso example-sso-profile && aws codeartifact login --tool npm --domain my-domain --repository my-repo --namespace my-namespace"

# This also works with regular role profiles, just swap the first command:
alias awsca="awsp example-profile && aws codeartifact login --tool npm --domain my-domain --repository my-repo --namespace my-namespace"

config

#### AWS IAM Identity Center Example (recommended)
[profile example-sso-profile]
sso_start_url = https://myapp.awsapps.com/start#
sso_region = eu-west-1
sso_registration_scopes = sso:account:access
sso_account_id = 1234546789012
sso_role_name = MyIamIdentityCenterRole
region = eu-west-1

#### IAM User without mfa (access key/secret key).
[profile example-user-profile]
output = json
region = eu-west-1
signature_version = s3v4

# IAM Role with mfa (assume role)
[profile example-role-profile]
source_profile=example-user-profile
role_arn=arn:aws:iam::1234546789012:role/RoleName
mfa_serial=arn:aws:iam::1234546789012:mfa/username

credentials

[example-user-profile]
aws_access_key_id = AKIAXXXXXXXXXXXXXXX
aws_secret_access_key = {SECRET_KEY}


# These are only listed as placeholders to ensure that they appear in the list when you run `awsall` to list all available profiles.
[example-role-profile] 
[example-sso-profile]