Easier AWS Profile Management with ZSH

Intro

When dealing with AWS Command Line Interface you’ll quickly find out you will have to deal with multiple AWS Named Profiles. After all, they make sense to use when you have multiple user credentials you have to frequently use, especially when separating permissions between different users. As outlined in the AWS documentation you would specify the profile you want to run the command as by adding --profile myprof option on a command. If you don’t set this flag the command looks for the environmental variable AWS_PROFILE=myprof. If neither of these is set, then the default profile is used.

However, neither of these options really leverage the benefits you gain from using the command line. These options require you to remember to add the --profile option to each command, or remember which environmental variable you set when executing commands.

Z Shell (ZSH)

A while ago I discussed why you should switch to ZSH, and in this article, I’m going to give some tangible use-cases to support that statement. Working at the shell can and should be a more streamlined experience than dealing with GUI’s or web consoles. Using AWS web console may be an easier experience to get up and running, but once you start having to complete redundant tasks it becomes obvious that having to browse the web interface can be slow when configuring services.

The CLI allows a much faster workflow and the ability to reuse code to cut down on redundant tasks. You also get access to certain configuration and troubleshooting options and not available in the Web Console

ZSH AWS plugin

There’s a much better way and it involves ZSH and the AWS plugin. You simply set your local $HOME/.aws/ profiles as you normally would. But instead of messing with environmental variables directly or adding the --profile option to each command, you use the functions added with the plugin.

Plugin Installation

The ZSH AWS plugin includes the AWS Switch Profile (asp) function that we will use later. If you use Oh My ZSH, you can add the following to your .zshrc or .zshrc.local:

plugins = ( ... aws ... )

Usage

This function asp ran as a command switch to the specified AWS profile (as it exists in your $HOME/.aws/config file. Depending on your ZSH theme, the active profile will either be displayed at all times in your prompt or as in my case, it will be displayed in the corner when you type aws on the command line.

This plugin provides two important features that will make your workflow at the command line much easier.

1. Quick and easy profile switching
2. Clear & concise visual feedback on the active profile

Customizations

My setup uses Powerlevel10k, the default Manjaro Linux ZSH theme. Out of the box, it only shows the active AWS profile when you finish typing aws on the command line. Of course, if you want to always display the active profile you can do so.

There’s a line of code in the p10k.zsh configuration file that you can comment out to always show the active profile, non-default profile.

Another popular ZSH theme is Agnoster where the default behavior is to always show the aws profile if it’s non-default.

Notes

The AWS CLI command-line completion gives you the ability to view CLI options when typing commands. Depending on your system and how you installed the AWS CLI, it may or may not be configured.

ZSH and this plugin should certainly work on OS X, though I have not looked into it much since I haven’t owned a Mac in years.

You can spice up your AWS CLI use with a command-line fuzz finder.