Multi-Account Setups

Using LocalStack in multi-tenant setups

LocalStack Community only supports a single AWS Account ID, 000000000000 by default. By contrast, LocalStack Pro ships with multi-account support which adds namespacing based on AWS Account ID

Namespaced AWS resources can be accessed by using the AWS_ACCESS_KEY_ID variable when making requests. No additional server-side configuration is required.

$ export AWS_DEFAULT_REGION=eu-central-1

$ AWS_ACCESS_KEY_ID=000000000001 awslocal ec2 create-key-pair --key-name green-hospital

$ AWS_ACCESS_KEY_ID=000000000002 awslocal ec2 create-key-pair --key-name red-medicine

$ AWS_ACCESS_KEY_ID=000000000001 awslocal ec2 describe-key-pairs
{
    "KeyPairs": [
        {
            "KeyFingerprint": "6b:e3:a3:41:4b:60:f3:6d:7b:84:3e:17:e3:ad:d0:15",
            "KeyName": "green-hospital"
        }
    ]
}

$ AWS_ACCESS_KEY_ID=000000000002 awslocal ec2 describe-key-pairs
{
    "KeyPairs": [
        {
            "KeyFingerprint": "16:4c:64:13:36:41:7c:75:d0:51:f0:db:ed:d7:c8:95",
            "KeyName": "red-medicine"
        }
    ]
}

In absence of an explicit value for Account ID, LocalStack reverts to the default value of 000000000000. In the current example, not setting an explicit Account ID will return no resources.

$ awslocal ec2 describe-key-pairs
{
    "KeyPairs": []
}

Limitations

Multi-accounts is a preview feature and is not compatible with cloud pods and persistence.

In order to use multi-accounts, the region must be configured to something other than us-east-1. Note that us-east-1 is the default region and must be explicitly overridden. For the AWS CLI, this can be done using the AWS_DEFAULT_REGION or the --region argument. More information can be found on AWS CLI documentation.