[rad_gruchalski]

I like your approach. So far I used profiles extensively. AWS_PROFILE is your friend. No idea why AWS doesn't heavily promote this everywhere they can.

[flyt]

AWS best practices is to use AWS SSO, which accomplishes this same effect but without any long-lived local credentials. It works really well.

[LilBytes]

Depending on your IdP there's a few tools in addition to AWS CLI v2 that works well in this space.

aws-vault is one of them, though out of support now, aws-okta [1] is another.

[1] https://github.com/segmentio/aws-okta

[nijave]

Used to use that a few years ago and it worked pretty well--you can also set it as a credential helper in your AWS config.

Just an FYI it's no longer supported and it looks like the fork has gone stagnant, too.

[arjvik]

> No idea why AWS doesn't heavily promote this everywhere they can.

Not Invented Here

[moduspol]

AWS SSO solves it better, and for any number of AWS accounts.

I still use aws-vault, though, when I'm not in a position to set up AWS SSO.