Saturday, December 24, 2016

Using Multiple Accounts with AWS Powershell Tools

At my company we chose to separate our AWS resources into two accounts, one for production data and one for redacted data. This makes sense from a security standpoint, but it also makes it a little trickier for users who want to use a package like the AWS Powershell tools. Constantly copying your secret keys is a big waste of time, and I found it a little confusing how to save different sets of access keys into powershell.

This had been frustrating me for a while, so I finally took an hour to read the documentation and examples more carefully to understand how to setup multiple AWS accounts in the Powershell tools. I found this a little confusing so I figured I would write up an example for others.

Start with grabbing an access key and secret key pair from the Amazon console (mine not shown here for obvious reasons).

Then install the AWS powershell tools and open a powershell window.

Start by saving your credentials using the "-storeas" flag in powershell.

Note if you look in the help doc for this commandlet, adding this flag prevents the commandlet from updating the current credentials in the powershell session

To do that, you have to call the same commandlet and set the "-profilename" flag to the value you just entered in "-storeas"

Then rinse and repeat for other accounts that you want saved. At this point you can flip between accounts much more easily.