# How to select a role in the AWS CLI

Once you have [CLI credentials](https://docs.wellcomecollection.org/aws-account-setup/how-to/how-to-get-credentials-for-working-locally), you need to configure the roles you want to use in `~/.aws/credentials`.

1. Append the contents of [`credentials.ini`](https://github.com/wellcomecollection/aws-account-infrastructure/blob/main/accounts/credentials.ini) to your `~/.aws/credentials` file.

   This contains a list of [named profiles](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html), e.g. a profile for the read-only role in the platform account:

   ```ini
   [platform-read_only]
   source_profile=default
   role_arn=arn:aws:iam::760097843905:role/platform-read_only
   region=eu-west-1
   ```

   The list is generated automatically by the `create_account_role_config.py` script.
2. To select a role, pass the `AWS_PROFILE` environment variable with the name of the profile.

   For example, these S3 commands will run in the platform, catalogue, and workflow accounts, respectively:

   ```console
   $ AWS_PROFILE=platform-read_only aws s3 ls

   $ AWS_PROFILE=catalogue-developer aws s3 ls

   $ AWS_PROFILE=workflow-admin aws s3 ls
   ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wellcomecollection.org/aws-account-setup/how-to/how-to-select-a-role-in-the-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.