non-[default] profile seems like it would work. I don't think aws-sdk/boto/etc will use non-default creds if you don't explicitly tell it to.