All posts
September 5, 20251 min read

AWS CLI-Style Profiles for Secure, Simple SSH Access

The first time I needed to give a contractor SSH access to production, I felt a knot in my stomach. One wrong command, one bad key, and the day could end in disaster. I wanted an easy way to grant and revoke access, log every session, and avoid juggling endless SSH configs. That’s when I started thinking: why isn’t SSH access as simple as switching AWS CLI profiles? AWS CLI-style profiles work because you can jump between environments with a single flag. You can run a command with --profile sta

Free White Paper

SSH Access Management + VNC Secure Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The first time I needed to give a contractor SSH access to production, I felt a knot in my stomach. One wrong command, one bad key, and the day could end in disaster. I wanted an easy way to grant and revoke access, log every session, and avoid juggling endless SSH configs. That’s when I started thinking: why isn’t SSH access as simple as switching AWS CLI profiles?

AWS CLI-style profiles work because you can jump between environments with a single flag. You can run a command with --profile staging or --profile prod and know you’re in the right context. Imagine applying that same idea to SSH, through a secure proxy, without reworking your infrastructure or spreading keys across machines.

An SSH access proxy using AWS CLI-style profiles means you keep one client-side setup. No more fighting with .ssh/config files, agent forwarding, or distributing private keys. Instead, you define profiles that match your environments: --profile prod-ssh connects through the proxy to production, --profile staging-ssh routes to staging. Sessions route safely, identities switch cleanly, and you know exactly who did what, when.

Continue reading? Get the full guide.

SSH Access Management + VNC Secure Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

The proxy becomes the single chokepoint. Access rules live centrally. Revoking permissions takes seconds. Every connection can be logged, tagged, and monitored. New team members get instant access to exactly what they need. Old accounts disappear from the right environments on time.

The setup follows a principle: separate identity from connection logic. AWS CLI-style profiles become the mental model. Instead of managing long-lived static keys per user on each server, you manage short-lived tokens or credentials in the proxy. Each profile encapsulates environment, identity, and route. You wrap it in role-based access controls, and suddenly SSH stops being a risk you manage nervously and starts being a process you trust.

With this pattern in place, your engineering team can work faster, onboard smoother, and secure sessions without trading agility for safety. It aligns security with developer ergonomics. That combination is rare.

You don’t have to build it yourself. You can see AWS CLI-style profile-based SSH access running right now without code changes, and you can have a live environment in minutes. Try it today at hoop.dev.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts