If you work with AWS daily (devops, cloud engineer, etc), especially if you manage more than one account, you’re likely familiar with the hassle of switching profiles in the AWS CLI. I’ve been there myself. I once had a critical moment on a project where I almost provisioned infrastructure to the wrong environment. The cause was simple: I forgot to switch the active AWS credential.

That incident got me thinking, “There has to be a more efficient way to switch profiles.” After conducting some research, I finally found the solution, which turned out to be in a tool I already use every day: Oh My Zsh.

Image 1. Oh My Zsh (source: Oh My Zsh — a delightful & open source framework for Zsh)

This feature completely changed my workflow, making the process of switching accounts incredibly fast and safe. Today, I want to share this practical guide with you.

What You’ll Need

Before we dive into the configuration, make sure you have these two tools installed on your computer:

Oh My Zsh: A framework for Zsh (Z shell) that makes your terminal more powerful and easier to customise. If you’re still using the standard bash shell, I highly recommend giving it a try.
AWS CLI: The official command-line interface from AWS for interacting with its various services. You can follow the official installation guide here.

All set? Let’s get started!

Step 1: Enable the aws Plugin in Your Zsh Configuration

To make the magic happen, we need to tell Oh My Zsh to enable its AWS plugin. Often, this plugin is not enabled by default.

It’s very easy to set up:

Open the .zshrc file located in your home directory. You can use any text editor you like (nano, vim, or VS Code).
Find the line that contains plugins=(...).
Add aws to the list of plugins. If you already have other plugins (like git), add it alongside them.

# Example .zshrc content
plugins=(git aws)

4. Save the file, then reload your terminal configuration by running:

source ~/.zshrc

Step 2: Set Up Your Profiles in the AWS Config Directory

Now for the most important part. The AWS CLI stores all your account configurations in a folder named ~/.aws. Inside, there are two key files we need to set up: credentials and config.

1. The credentials File

Think of this file as a secure wallet for your secret access keys. It stores the aws_access_key_id and aws_secret_access_key for each account.

IMPORTANT: Because this file contains sensitive data, never share its contents with anyone!

Open the ~/.aws/credentials file and set it up like the example below. Each account is separated by a [profile-name].

[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[project-a]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

[project-b-sandbox]
aws_access_key_id = AKIA3IT55L4A4EXAMPLE
aws_secret_access_key = 5i/raJx4ottp8kZTu16j6TGN2iLoEXAMPLEKEY

2. The config File

This file is used to store non-sensitive settings, such as the default region or output format for each profile. The format is similar to the credentials file, but the profile name is prefixed with the word profile.

Open the ~/.aws/config file and align it with the profiles you created earlier.

[default]
region = ap-southeast-1
output = json

[profile project-a]
region = us-east-1
output = json

[profile project-b-sandbox]
region = ap-southeast-3
output = text

region: Sets the default AWS region when you run commands for that profile.
output: Configures the output format from CLI commands (commonly json, text, or table).

How to Use It: Meet the Magic Commands

Once everything is configured, the Oh My Zsh aws plugin provides several helpful aliases (command shortcuts). These commands work by setting the AWS_PROFILE environment variable for your terminal session.

asp (AWS Set Profile)

This is your main command for switching profiles.

To List Profiles: Type asp followed by a space, then press the Tab key. Oh My Zsh will show you all available profiles.

$ asp <press Tab>
default             project-a

To Activate a Profile: Specify the name of the profile you want to use.

$ asp project-a
AWS profile set to 'project-a'

agp (AWS Get Profile)

This command is useful for checking which profile is currently active.

Usage:

$ agp
project-

unset-aws-profile

If you want to return to the default profile or simply deactivate the current one, use this command.

Usage:

$ unset-aws-profile
AWS profile unset

With these three simple commands, switching between AWS accounts becomes incredibly fast and safe. Say goodbye to the risk of deploying to the wrong environment!

Happy coding, and I hope this tip makes your workflow more efficient!