bash 如何临时切换 AWS CLI 的配置文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49716583/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to temporarily switch profiles for AWS CLI?
提问by James Shapiro
Edit: Here's the solution that worked for me:
编辑:这是对我有用的解决方案:
export AWS_DEFAULT_PROFILE=user2
The full question is below for context:
完整的问题如下:
(1.) After successfully configuring a second profile for the AWS CLI, I unsuccessfully tried to set the profile to user2 in my bash session with the following command:
(1.) 在为 AWS CLI 成功配置第二个配置文件后,我尝试使用以下命令在我的 bash 会话中将配置文件设置为 user2 失败:
export AWS_PROFILE=user2
... per the advice here: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
...根据这里的建议:https: //docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
(2.) The following command works:
(2.) 以下命令有效:
aws s3 ls --profile user2
So I know that the AWS CLI and the user2 profile are both working on my computer.
所以我知道 AWS CLI 和 user2 配置文件都在我的计算机上运行。
(3.) However, when I subsequently (that is, after entering "export AWS_PROFILE=user2") try something like:
(3.) 但是,当我随后(即在输入“export AWS_PROFILE=user2”之后)尝试以下操作时:
aws s3 ls
... AWS's response assumes that I want to query it as the default user (NOT user2)
... AWS 的响应假设我想以默认用户(而不是 user2)的身份查询它
(4.) So the only way I can use the user2 profile from the command line is by continuing to append "--profile user2" to every single command, which is tedious.
(4.) 因此,我可以从命令行使用 user2 配置文件的唯一方法是继续将“--profile user2”附加到每个命令,这很乏味。
(5.)
(5.)
echo $AWS_PROFILE
yields:
产量:
>> user2
, as expected.
,正如预期的那样。
Any idea what's going on here? I'm sure I'm making some dumb mistake somewhere.
知道这里发生了什么吗?我确定我在某个地方犯了一些愚蠢的错误。
回答by James Shapiro
The cleanest solution is:
最干净的解决方案是:
export AWS_DEFAULT_PROFILE=user2
Afterward, commands like:
之后,命令如下:
aws s3 ls
... are handled from the appropriate account.
...从适当的帐户处理。
回答by Diego Torres Milano
You can see how it works doing this
你可以看到它是如何工作的
$ export AWS_PROFILE=myprofile
$ aws s3 ls --debug 2>&1 | grep profile
2018-04-08 19:19:17,990 - MainThread - botocore.session - DEBUG - Loading variable profile from environment with value 'myprofile'.
I doubt this works differently for you.
我怀疑这对您的工作方式有所不同。
You can also verify that
您还可以验证
$ AWS_PROFILE=myprofile aws s3 ls --debug 2>&1 | grep profile
and
和
$ aws s3 ls --profile myprofile --debug 2>&1 | grep profile
all give the same result.
都给出相同的结果。
回答by Jimmy MG Lim
AWS cli has 3 level of ways it will read variables
AWS cli 有 3 级读取变量的方式
- environment variables of key_id / key_secret
- profile via cred/config (normally in ~/.aws/cre...)
- manual value provided inline
- key_id / key_secret 的环境变量
- 通过 cred/config 配置文件(通常在 ~/.aws/cre...)
- 内联提供手动值
see: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials
请参阅:https: //docs.aws.amazon.com/cli/latest/topic/config-vars.html#credentials
one way will be overwritten by another. based on OP, it might be that although DEFAULT_PROFILE is set as userX, the AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY environment variables is set to something else.
一种方式将被另一种方式覆盖。基于 OP,虽然 DEFAULT_PROFILE 设置为 userX,但 AWS_ACCESS_KEY_ID 和/或 AWS_SECRET_ACCESS_KEY 环境变量设置为其他内容。
You can do an alias to a shell function that load credentials to the current environment thru the use of
您可以为 shell 函数做一个别名,通过使用将凭据加载到当前环境
"export AWS_ACCESS_KEY_ID=XXXXXXX;"... and more
or to be safer load via a secrets manager
或者通过秘密管理器更安全地加载
"export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id --profile XXXX)"... and more
Export all access key/secrets etc and then check that the right credentials are loaded in memory thru
导出所有访问密钥/机密等,然后检查是否通过内存加载了正确的凭据
aws configure list
finally.. do a reset of the the variable to "default" .. as a good habit to ensure you do what you need as the AWS role; especially when using multiple profiles. hope this helps.
最后.. 将变量重置为“默认”.. 作为一个好习惯,以确保您作为 AWS 角色执行您需要的操作;尤其是在使用多个配置文件时。希望这可以帮助。
