The fix wasn’t magic. It was understanding AWS CLI-style profiles—their structure, purpose, and exactly how to set them up without tripping over config conflicts or env vars. Too many engineers wrestle with the wrong defaults, storing keys in unsafe ways, or jumbling profiles until roles and accounts blur together. The AWS CLI supports a clean, powerful way to manage credentials for multiple accounts. But only if you set your profiles up right, and only if you know a few tricks that aren’t in the first page of the docs.
What AWS CLI-Style Profiles Are
AWS CLI-style profiles live in two files:
~/.aws/credentials for your keys.~/.aws/config for settings like default region and output format.
A profile is a named block in one or both files. By default, the default profile is used if you don’t explicitly select one. You can store as many named profiles as you need: dev, staging, prod, or per-client setups.
How to Create a Profile
You can create one in seconds:
aws configure --profile my-profile-name
Then follow the prompts: access key, secret key, and region. This creates or updates entries in your AWS config files.
You can also edit the files directly:
~/.aws/config
[profile my-profile-name]
region = us-east-1
output = json
~/.aws/credentials
[my-profile-name]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
Switching Between Profiles
Once created, you can call them by name:
aws s3 ls --profile my-profile-name
Or set it through an environment variable:
export AWS_PROFILE=my-profile-name
This way, every CLI command in that shell session uses the chosen profile.
Using Profiles for Cross-Account Access
Profiles really shine when defining assumed roles. You can have a base profile with raw credentials, then another that uses the source_profile and role_arn config to jump between accounts without storing new keys.
Example:
[profile dev-admin]
region = us-west-2
output = json
[profile prod-admin]
source_profile = dev-admin
role_arn = arn:aws:iam::123456789012:role/AdminAccess
mfa_serial = arn:aws:iam::111111111111:mfa/your.mfa.device
To switch:
aws sts get-caller-identity --profile prod-admin
Best Practices for AWS CLI-Style Profiles
- Never hardcode credentials in code.
- Use named profiles for each role or account.
- Limit privileges per profile.
- Use MFA for sensitive roles.
- Keep your config files in secure locations with proper file permissions.
A disciplined profile setup wins you speed and clarity. You avoid guessing which account you’re in. You keep staging separate from production. Your session switches are exact.
Master AWS CLI-Style Profiles and See Them Live
If you want to see clean profile setups in action—and connect them with secure, instant environment switching—spin it up at hoop.dev. You’ll go from zero to live in minutes, with AWS CLI-style profiles integrated and working exactly the way you expect.