All posts
September 13, 20251 min read

AWS CLI-Style Profiles in Terraform for Easy Multi-Account Management

You switch AWS accounts fifty times in a day, and each time Terraform feels like it forgot who you are. That ends here. AWS CLI-style profiles in Terraform let you work across multiple accounts without juggling credentials in a mess of environment variables. Instead of hardcoding secrets, you define named profiles—just like you would in your AWS config—and Terraform knows exactly which account to talk to. This pattern makes multi-account infrastructure sane, fast, and safe. Why AWS CLI-Style

Free White Paper

Just-in-Time Access + AWS IAM Policies: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

You switch AWS accounts fifty times in a day, and each time Terraform feels like it forgot who you are.

That ends here.

AWS CLI-style profiles in Terraform let you work across multiple accounts without juggling credentials in a mess of environment variables. Instead of hardcoding secrets, you define named profiles—just like you would in your AWS config—and Terraform knows exactly which account to talk to. This pattern makes multi-account infrastructure sane, fast, and safe.

Continue reading? Get the full guide.

Just-in-Time Access + AWS IAM Policies: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Why AWS CLI-Style Profiles Matter in Terraform

The AWS CLI supports profiles that point to different accounts with their own access keys and regions. It’s concise. It’s repeatable. Terraform can use the same setup. By matching your provider configurations to those profiles, you keep your code clean and your workflows predictable. No more session confusion. No more accidental deployments to production when you meant staging.

How to Configure AWS CLI-Style Profiles in Terraform

  1. Create or update your AWS config file at ~/.aws/config:
[profile staging]
region = us-east-1

[profile production]
region = us-east-2
  1. Add credentials to ~/.aws/credentials or use AWS SSO for short-lived and secure access:
[staging]
aws_access_key_id = YOUR_KEY
aws_secret_access_key = YOUR_SECRET

[production]
aws_access_key_id = YOUR_KEY
aws_secret_access_key = YOUR_SECRET
  1. In your Terraform code, link the AWS provider to a profile:
provider "aws"{
 profile = "staging"
 region = "us-east-1"
}
  1. For multiple profiles in the same project, use provider aliases:
provider "aws"{
 alias = "staging"
 profile = "staging"
 region = "us-east-1"
}

provider "aws"{
 alias = "production"
 profile = "production"
 region = "us-east-2"
}
  1. When running Terraform, point your resources at the right provider:
resource "aws_s3_bucket""example"{
 provider = aws.staging
 bucket = "staging-bucket"
}

The Payoff

Using AWS CLI-style profiles in Terraform is faster than swapping keys manually. It reduces the risk of human error and aligns your workflow with AWS best practices. It also means you can scale your infrastructure code to many accounts by following a single, consistent pattern.

Going Further

Once profiles are in place, they open doors to better automation. You can run commands against staging and production in parallel. You can plug profiles into CI/CD without hardcoding secrets. You can run secure, multi-account deployments without friction.

If you want to see how this works in a living, breathing setup instead of a static guide, spin it up on hoop.dev and watch it live in minutes.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts