Setting up a shell for multiple AWS accounts
Managing multiple AWS accounts with AWS CLI can be a challenge. Here is how I set up my macOS terminal. This configuration will set up a terminal shell that will show your AWS account and git information in the prompt. The example provided includes access key and SSO with MFA logins.
Managing multiple AWS accounts with AWS CLI can be a challenge. Here is how I set up my macOS terminal. This configuration will set up a terminal shell that will show your AWS account and git information in the prompt. The example provided includes access key and SSO with MFA logins.
- Install iTerm2
- Install Oh My Zsh
- Install Powerline Fonts
- Install AWS CLI v2
- Configure Command Completion for AWS CLI
- Install git
- Install fig
Configure Oh My Zsh - ~/.zshrc
ZSH_THEME="agnoster"
plugins=(git aws)Configure agnoster - ~/.oh-my-zsh/themes/agnoster.zsh-theme
This will remove the context from the prompt to shrink it down a little and add a right prompt with the current date/time. These are optional and can be customized to your preference.
# prompt_context
RPROMPT="[%D{%y/%m/%f}|%@]"Configure iTerm Profile
Preferences -> Profile -> Text -> Font: Any of the Powerline Fonts
Preferences -> Profile -> Colors -> Color Presets: Solarized DarkConfigure AWS Config - ~/.aws/config
This is a sample config file that shows how to use an account with and without SSO.
[profile account1]
region=us-east-1
output=json
[profile account2]
region = us-east-1
output = json
sso_start_url = https://xxxxxxxxxxxxx.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = ROLEConfigure AWS Credentials - ~/.aws/credentials
Because the SSO account will acquire credentials during the login process, it is not needed here.
[account1]
aws_access_key_id=XXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXXXXXXXXXXXXXUsing aws plugin
The Oh My Zsh aws plugin will allow you to easily switch between accounts.
- Switch to account without SSO:
asp account1 - Switch to account with SSO and MFA:
asp account2 login - Clear account:
asp
Empty profile
It can be useful to have an empty profile that is used with exported AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN information. To create a profile using AWS CLI:
aws configure set profile.PROFILE_NAME.region us-east-1
aws configure set profile.PROFILE_NAME.output json
aws configure set profile.PROFILE_NAME.aws_access_key_id ''
aws configure set profile.PROFILE_NAME.aws_secret_access_key ''
aws configure set profile.PROFILE_NAME.aws_session_token ''Configured Result
