Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links



Switch role access with aws-cli

12 March,2024 by Rambler

Question:  In the AWS GUI there is a facility to switch role between accounts - how can you achieve the same functionaility in aws-cli?

The basic setup would be to have a login account , and then use the AWS Access Key ID and the aws secret access key to execute commands in the other account 

Answer: It is possible to achive the same functionality through AWS CLI


Step 1 :    Login to the AWS login account via AWS CLI  & then check your AWS credentials file

The credentials file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\USERNAME\.aws\credentials on Windows.

Open the credentials   file with your favourite text editor , and you'll see something similar to : 

aws_access_key_id = JKNMKJHYIJIOKKIKM8
aws_secret_access_key = CvbbbbUjk80vfg890D
aws_session_token = weqiweuqwyeqouwyequwye
region = us-west-2

output = json


Step 2 : Add entries for the target accounts . Add as many as required

role_arn = the target account role_arn  , most organizations will use a pattern , so easily repeatable.

source_profile = pointing back to the default profile . i.e you only need to logon once and the switch between the groups referencing the details in default profile

role_arn = arn:aws:iam::83838383883:role/my_dev_DBA_role
source_profile = default


role_arn = arn:aws:iam::83838383883:role/my_dev_DBA_role
source_profile = default


Step 3: Confirm the profile is valid 

aws --profile  my_dev_account1  sts get-caller-identity


Step 4 : Make the target profile Default 

To avoid having to reference the --profile switch , make the profile default 

In Windows:

set $AWS_DEFAULT_PROFILE= my_dev_account1


For more AWS CLI commands -  AWS CLI Cheatsheet - RDS, AWS Backup , DMS, IAM, Security Token Service,KMS,EC2, DynamoDB,VPC,Aurora, Aurora Global,RESOURCEGROUPSTAGGINGAPI,DocumentDB

Author: Rambler (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on Switch role access with aws-cli