Follow dba-ninja.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

dba-ninja.com Links

Dba_db2_button

Sqlserver_dba_button

Switch role access with aws-cli

12 March,2024 by Rambler

Question:  In the AWS GUI there is a facility to switch role between accounts - how can you achieve the same functionaility in aws-cli?

The basic setup would be to have a login account , and then use the AWS Access Key ID and the aws secret access key to execute commands in the other account 

Answer: It is possible to achive the same functionality through AWS CLI

 

Step 1 :    Login to the AWS login account via AWS CLI  & then check your AWS credentials file

The credentials file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\USERNAME\.aws\credentials on Windows.

Open the credentials   file with your favourite text editor , and you'll see something similar to : 

[default]
aws_access_key_id = JKNMKJHYIJIOKKIKM8
aws_secret_access_key = CvbbbbUjk80vfg890D
aws_session_token = weqiweuqwyeqouwyequwye
region = us-west-2

output = json

 

Step 2 : Add entries for the target accounts . Add as many as required

role_arn = the target account role_arn  , most organizations will use a pattern , so easily repeatable.

source_profile = pointing back to the default profile . i.e you only need to logon once and the switch between the groups referencing the details in default profile

[my_dev_account1]
role_arn = arn:aws:iam::83838383883:role/my_dev_DBA_role
source_profile = default

[my_dev_account2]

role_arn = arn:aws:iam::83838383883:role/my_dev_DBA_role
source_profile = default

 

Step 3: Confirm the profile is valid 

aws --profile  my_dev_account1  sts get-caller-identity

 

Step 4 : Make the target profile Default 

To avoid having to reference the --profile switch , make the profile default 

In Windows:

set $AWS_DEFAULT_PROFILE= my_dev_account1

 

For more AWS CLI commands -  AWS CLI Cheatsheet - RDS, AWS Backup , DMS, IAM, Security Token Service,KMS,EC2, DynamoDB,VPC,Aurora, Aurora Global,RESOURCEGROUPSTAGGINGAPI,DocumentDB


Author: Rambler (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on Switch role access with aws-cli


dba-ninja.com