15

I want to setup multiple AWS profiles so that I can easily change settings and credentials when jumping between projects.

I've read the AWS documentation but it's quite vague about how to select what profile you want to use when logging in.

When I'm trying to login it's just giving me this error which seems to indicate that it's not picking up any credentials.

An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.

4

3 回答 3

49

要为 AWS 登录设置多个配置文件,您需要执行以下操作:

  1. 使用您的访问密钥设置凭据文件
  2. 设置配置文件的默认设置(可选)
  3. 设置 AWS_PROFILE 环境变量
  4. 删除以前的 AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY

1:~/.aws/凭证

[default]
aws_access_key_id =
aws_secret_access_key =

[cat]
aws_access_key_id = XXXX
aws_secret_access_key = XXXXXXXXXXXX

[dog]
aws_access_key_id = XXXX
aws_secret_access_key = XXXXXXXXXXXX

2:~/.aws/配置

[default]
region = eu-central-1

[profile cat]
region = us-west-2

[profile dog]
region = ap-northeast-1

3. 选择个人资料

所选配置文件由$AWS_PROFILE环境变量确定。在 bash 中,这可以~\.bash_profile通过添加一行来完成export AWS_PROFILE="cat"。要在当前终端中切换配置文件,请键入AWS_PROFILE=dog

4.删除全局设置

您还需要确保未设置AWS_ACCESS_KEY_ID环境变量,因为 aws-cli 将优先考虑这些变量而不是配置文件。AWS_SECRET_ACCESS_KEY

跑步

然后,您可以登录到您选择的 AWS 服务。查看当前正在使用的配置文件echo $AWS_PROFILE。ECR 登录的示例命令是$(aws ecr get-login)

调试

如果您仍然遇到问题,您可以添加--debug标志以查看它用于命令的凭据。

于 2017-05-29T13:10:50.610 回答
1

对我来说,虽然我在上面设置了所有内容,但我有较旧的 aws cli 版本导致了这个问题。

$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
$ unzip awscli-bundle.zip
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

通过应用上述命令,它解决了我的问题。

于 2020-03-02T04:05:41.640 回答
0

几分钟后,我发现了规则:

如果要使用,请AWS_PROFILE确保其余 AWS 环境变量未设置(仅不为...必须为UNSET)。

profile=$AWS_PROFILE
unset $(printenv |grep AWS_ | cut -f1 -d"=");
export AWS_PROFILE=${profile};

然后 :

  # with aws cli >= 1.x
  $(aws ecr get-login --no-include-email --region ${aws_region})

  # with aws cli >= 2.x
  registry=${aws_account_id}.dkr.ecr.${aws_region}.amazonaws.com
  aws ecr get-login-password --region ${aws_region} | docker login --username AWS --password-stdin ${registry}
于 2020-07-04T19:17:54.420 回答