Skip to main content

Switching between multiple AWS accounts & renewing API access keys

Project description


This package provides scripts for:

  • switching between multiple AWS accounts
  • renewing AWS API access keys


The easiest way to install aws-tools is to use pip:

in your home directory:

pip install --user aws-tools

inside a virtualenv:

pip install aws-tools

or system-wide:

sudo pip install aws-tools

This will install aws-tools package as well as all dependencies

Getting started

AWS configuration

Before using aws-tools you have to configure your AWS environments and credentials:

$ cat .aws/env.test.conf
aws_access_key_id = <your_access_key>
aws_secret_access_key = <your_secret_access_key_id>

The same goes for the other environments, for example: stage and production.

Encrypt all of the files with gpg:

gpg --encrypt --armor --output env.test.conf.asc -r <your-gpg-user-id-name> env.test.conf
gpg --encrypt --armor --output env.stage.conf.asc -r <your-gpg-user-id-name> env.stage.conf
gpg --encrypt --armor --output env.production.conf.asc -r <your-gpg-user-id-name> env.production.conf

and remove temporary files (env*conf).

SMTP configuration (-s and -i) (optional)

In the .aws directory:

smtp.cfg (temporary file):

smtplogin = <full_smtp_login>
smtppass = <password>
smtphost = <smtp_host>
smtpport = <smtp_port>

Ecrypt it:

gpg --encrypt --armor --output smtp.cfg.asc -r <your-gpg-user-id-name> smtp.cfg

And remove temporary file (smtp.cfg)

Shell configuration (optional)

Add to .bashrc.

  • Command Completion

The aws-tools comes with a very useful bash command completion feature. This feature isn’t automatically installed, so you need to enable it yourself. Simply add to your .bashrc:

if you have installed aws-tools in home directory:

source $HOME/.local/bin/aws_tools_completion.bash

if you have installed aws-tools system-wide:

source /usr/local/bin/aws_tools_completion.bash
  • Functions

It is also handy to add some bash functions:

function awsenv() {
    __aws_env_update -x -a -e $1

function awsroll() {
    __aws_roll_keys -a -s <> -i <> -e "${1:-all}"
  • Displaying current account in your shell

add to $PS1 variable:




Switch to test account and write credentials to .aws/credentials file:

$ -a -e test

Switch to test account using shell variables:

$ eval $( -a -e test -x)

The same, but after sourcing aws_tools_completion.bash:

$ awsenv test

Rotating AWS API keys for stage account:

$ -a -e stage

Rotating AWS API keys for production account and sending the new keys to you:

$ -a -e production -s <>

Rotating AWS API keys for all of environments and sending confirmation to the group:

$ -a -e all -i <>

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
aws_tools-1.0.27-py2.py3-none-any.whl (10.3 kB) Copy SHA256 hash SHA256 Wheel py2.py3 Jun 15, 2018
aws-tools-1.0.27.tar.gz (10.8 kB) Copy SHA256 hash SHA256 Source None Jun 15, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page