Configuring AWS credentials and profiles in Windows
Are you looking to configure a workstation to work with your AWS environments? Do you have multiple accounts with and need to shift between the various AWS environments working with the AWS CLI or AWS PowerShell? This post will look at configuring AWS credentials and profiles in Windows and see the steps involved to create AWS profiles and work with those profiles to use different credentials. We will look at the tools you need to have installed in Windows to work with AWS credentials in Windows effectively.
Configuring AWS credentials in Windows
We will look at using AWS credentials in Windows step-by-step and see what you need to do to effectively add credentials in Windows and use them from the command line.
- Tools needed for configuring AWS credentials in Windows
- Configuring named profiles in Windows
- Setting environment variables
- Using named profiles with AWS CLI and AWS PowerShell
1. Tools needed for configuring AWS credentials in Windows
The first thing we need to look at is the tools you need to work with AWS credentials in Windows. What are those tools that you need?
- AWS CLI version 2
- PowerShell 7.x
- Git Bash
AWS CLI version 2
AWS CLI version 2 is the command line interface tool that allows you to work with your AWS accounts and profiles. You can learn more about the AWS CLI version 2, discover prerequisites, and download the installer here:
PowerShell 7.x
PowerShell 7.x is the latest .NET core-based PowerShell version. It is a great tool to have available and installed on your DevOps workstation. You can download PowerShell 7.x here: https://aka.ms/powershell-release?tag=stable
Git Bash
Git Bash is the Bash shell that you install when installing the Git SCM installer for Windows. You can download the installer for Git SCM here: Git – Downloading Package (git-scm.com)
2. Configuring named profiles in Windows
Now that we have the AWS CLI version 2 tool installed and ready to go, we can use it to start creating profiles for use with AWS. What are AWS CLI profiles? According to the AWS CLI official documentation, a named profile is:
“…a collection of settings and credentials that you can apply to a AWS CLI command. When you specify a profile to run a command, the settings and credentials are used to run that command. You can specify one profile that is the “default”, and is used when no profile is explicitly referenced. Other profiles have names that you can specify as a parameter on the command line for individual commands. Alternatively, you can specify a profile in an environment variableย (AWS_PROFILE)ย which essentially overrides the default profile for commands that run in that session.”
It is a simple task to create a new AWS CLI named profile by using the aws cli configure command. The first set of AWS credentials you configure using the aws configure command are assumed as the default credentials. The default credentials are assumed when you interact with your AWS account. However, if you want to create a named profile that will be used when running a command, you do that with the following:
aws configure --profile <profile name>
The prompts will ask you for the AWS Access Key ID and the secret key for your AWS account.
How do you show which profiles you have configured? You can do that with the following commands:
AWS CLI
The following lists the current credentials being used.
aws configure list
This command lists all configured profiles:
aws configure list-profiles
AWS PowerShell
You can use the following cmdlet in AWS PowerShell to show the details of configured AWS profiles:
Get-AWSCredential -ListProfileDetail
3. Setting Environment Variables
In Windows you can also use the environment variable AWS_PROFILE to define the AWS profile you want to use. You can use either the Windows set or setx command to define the profile. What are the differences?
- Usingย
set
ย to set an environment variable changes the value used until the end of the current command prompt session, or until you set the variable to a different value. - Usingย
setx
ย to set an environment variable changes the value in all command shells that you create after running the command. It doesย notย affect any command shell that is already running at the time you run the command. Close and restart the command shell to see the effects of the change.
An example of using this is below:
setx AWS_PROFILE <your profile name>
The AWS_PROFILE overrides the profiles configured with the aws configure command.
4. Using named profiles with AWS CLI and AWS PowerShell
So, now that we have the named profiles in place, how do you go about using different profiles with your AWS CLI and AWS PowerShell commands? It is quite simple actually. Both commands have a parameter that allows you to pass in the profile name you want to use with the specific command.
AWS CLI
aws ec2 describ-instances --profile <your profile name>
AWS PowerShell
get-ec2instance -profilename <your profile name>
Wrapping Up
As you can see Configuring AWS credentials and profiles in Windows is straightforward. Profiles make the process of interacting with different AWS accounts extremely easy as it allows switching between user contexts using a simple command. Both the AWS CLI and AWS PowerShell modules allow passing in a profile name parameter that makes this easy. The default profile is the first profile you establish with the aws configure command. This can be changed later as well. Additionally as shown with the environment variable, you can override the profiles configured.