-
Notifications
You must be signed in to change notification settings - Fork 6
Sample Config Credentials
David Nguyen edited this page Nov 12, 2020
·
1 revision
aws-profile works on top of aws cli config and credentials files (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). However aws-profile expects those files to be setup in a certain way:
-
defaultprofile in both config/credentials files should be left empty.aws-profileusesdefaultprofile as target of its operation and can overwrite your settings if there is any there - each role that you want to assume has its own section in config file with
source_profileset to one of the sections available in credentials file.
An example setup is as below:
~/.aws/credentials
[default]
[some-profile]
aws_access_key_id = xxx
aws_secret_access_key = yyy
~/.aws/config
[default]
[profile role-with-mfa]
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/role-with-mfa-enabled
source_profile = some-profile
mfa_serial = arn:aws:iam::xxxxxxxxxxxx:mfa/my-mfa-device
[profile role-without-mfa]
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/role-without-mfa
source_profile = some-profile