Managing multiple AWS accounts with AWS CLI can be a challenge. Here is how I set up my macOS terminal. This configuration will set up a terminal shell that will show your AWS account and git information in the prompt. The example provided includes access key and SSO with MFA logins.
- Install iTerm2
- Install Oh My Zsh
- Install Powerline Fonts
- Install AWS CLI v2
- Configure Command Completion for AWS CLI
- Install git
- Install fig
Configure Oh My Zsh - ~/.zshrc
ZSH_THEME="agnoster"
plugins=(git aws)
Configure agnoster - ~/.oh-my-zsh/themes/agnoster.zsh-theme
This will remove the context from the prompt to shrink it down a little and add a right prompt with the current date/time. These are optional and can be customized to your preference.
# prompt_context
RPROMPT="[%D{%y/%m/%f}|%@]"
Configure iTerm Profile
Preferences -> Profile -> Text -> Font: Any of the Powerline Fonts
Preferences -> Profile -> Colors -> Color Presets: Solarized Dark
Configure AWS Config - ~/.aws/config
This is a sample config file that shows how to use an account with and without SSO.
[profile account1]
region=us-east-1
output=json
[profile account2]
region = us-east-1
output = json
sso_start_url = https://xxxxxxxxxxxxx.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = ROLE
Configure AWS Credentials - ~/.aws/credentials
Because the SSO account will acquire credentials during the login process, it is not needed here.
[account1]
aws_access_key_id=XXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXXXXXXXXXXXXX
Using aws plugin
The Oh My Zsh aws plugin will allow you to easily switch between accounts.
- Switch to account without SSO:
asp account1
- Switch to account with SSO and MFA:
asp account2 login
- Clear account:
asp
Empty profile
It can be useful to have an empty profile that is used with exported AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, and AWS_SESSION_TOKEN
information. To create a profile using AWS CLI:
aws configure set profile.PROFILE_NAME.region us-east-1
aws configure set profile.PROFILE_NAME.output json
aws configure set profile.PROFILE_NAME.aws_access_key_id ''
aws configure set profile.PROFILE_NAME.aws_secret_access_key ''
aws configure set profile.PROFILE_NAME.aws_session_token ''