We rely on Amazon Web Services at work. I spend a lot of time with the AWS command line tools but find myself juggling AWS accounts for various clients. This necessitates re-setting the EC2_CERT, EC2_PRIVATE_KEY, and AWS_CREDENTIAL_FILE environment variables each time I need to work on a different client. I put together a small shell script, aws-identity, to automate away that tedium.
To start, gather your certificates and credentials. Some AWS tools require an X.509 pair that can be created by Amazon via the “security credentials” web interface or created locally using the IAM tools. Other tools rely on a textual credential file specifying an access key and secret key, again available via “security credentials”.
Create a directory layout to store certificates, keys, and credential files. I use ~/aws-identities/ with a subdirectory for each client. In this example, client1 has both an X.509 pair and a credential file, and client2 has only an X.509 pair.
A child process can’t modify the parent shell’s environment directly, so the aws-identity script will generate the proper commands for your shell. Its output can be evaled to alter the environment. It supports Bourne-style shells such as sh, zsh, bash, and ksh, as well as CSH-style shells like csh and tcsh.
Omitting the shell type argument will produce human-readable descriptive text about the variables it will set or unset.
I combine the two modes in a function in my .zshrc:
The aws command now allows me to painlessly switch accounts! To client1: