AWS CLI-Style Profiles Meet Identity-Aware Proxy for Secure, Streamlined Cloud Access
I typed one command and my local dev environment lit up with secure, gated production data.
That’s the moment AWS CLI-style profiles met Identity-Aware Proxy. No clunky browser redirects. No fragile environment variables. Just clean, repeatable profiles—each with scoped access—ready to run from the terminal.
AWS CLI profiles have been the backbone of multi-account workflows for years. But for modern cloud setups, Identity-Aware Proxy (IAP) adds the missing layer: authentication mapped to actual human or service identities, enforced at the edge. You get per-profile credentials tied to who you are and what you have permission to do—without slowing down your workflow.
The idea is simple. Define a profile for each environment. Use CLI commands exactly like you always have. Behind the scenes, IAP brokers short-lived tokens and ensures every call is tied to verified identity. No leaking long-lived secrets. No guessing which account you're on.
This approach works for complex stacks. You can manage staging, production, sandbox, and per-branch preview environments. Each profile points to its gateway through IAP. Rotation is automatic. Audit logs stay clean. You can hand off a profile configuration and be confident that it will expire on its own.
Setup is fast. You map profiles in your AWS CLI config. Instead of static keys, you point to an external credential process that talks to IAP. Every request is authenticated live. This makes credential management effortless for both humans and automation.
Large teams can keep blast radius small. Solo developers can switch contexts in seconds. Security teams see every interaction tied to an identity, without losing speed.
Most importantly, this workflow puts the CLI back at the center of cloud operations—no detours, no half-baked wrappers.
You can see this in action at hoop.dev. Spin it up, use AWS CLI-style profiles with Identity-Aware Proxy, and watch yourself go from zero to secure in minutes.