Tag Archives: My Favourite Cmdlet

My favourite Cmdlet of the moment: Get-IAMAccountAlias

In common with many AWS Users at large organisations, I work across a number of AWS Accounts. We silo our “sandbox” experimental environments from our gold production environment by putting them in different accounts. We silo different parts of the business into separate accounts. I also have my own personal account registered in Powershell using AWS Stored Credentials, and we just opened two new accounts for a new business unit we’re about to onboard and migrate.

So I have a lot of accounts to work with. So it can be useful to know which one you’re authenticating to at any given time. And that’s why my favourite Cmdlet this week is


All our accounts have easy to remember aliases, and I use them when I store credentials using Set-AWSCredentials. If I happen to forget which powershell session is running against what acccount, I just hit up Get-IAMAccountAlias, and doubt is dispelled (and, occasionally, I save myself from provisioning or deleting resources in the wrong account).

If you have multiple AWS accounts, you need to know about this one.

My current favourite cmdlet is…


Yes, it’s a humble wee cmdlet, but so powerful. So awesome.

When someone emails me a request to, say, check their IAM account’s group membership, I just run the following

Get-IAMGroupForUser -username <namehere> | Out-Clipboard

And then ctrl+vĀ into the email and WE’RE DONE HERE NOTHING MORE TO SEE



(Oh, I forgot to mention – this command is part of the Powershell Community Extensions. You do have those, right?)