Skip to content

Latest commit

 

History

History
93 lines (60 loc) · 2.83 KB

README.md

File metadata and controls

93 lines (60 loc) · 2.83 KB
Raw

ZSH AWS plugin

This plugin is based on the original aws plugin of Oh-My-ZSH!

It provides completion support for awscli and a few utilities to manage AWS profiles and display them in the prompt.

Installation

First you have to enable Bash completion before loading the plugin in ~/.zshrc

autoload -Uz compinit && compinit
autoload -Uz bashcompinit && bashcompinit

Now the plugin can be loaded

zplug

zplug "apachler/zsh-aws"

Plugin commands

  • alp: lists the available profiles in the $AWS_CONFIG_FILE (default: ~/.aws/config). Used to provide completion for the asp function.

  • agp: gets the current value of $AWS_PROFILE.

  • asp [<profile>]: sets $AWS_PROFILE and $AWS_DEFAULT_PROFILE (legacy) to <profile>. It also sets $AWS_EB_PROFILE to <profile> for the Elastic Beanstalk CLI. Run asp without arguments to clear the profile.

  • acp [<profile>]: in addition to asp functionality, it actually changes the profile by assuming the role specified in the <profile> configuration. It supports MFA and sets $AWS_ACCESS_KEY_ID, $AWS_SECRET_ACCESS_KEY and $AWS_SESSION_TOKEN, if obtained. It requires the roles to be configured as per the official guide. Run acp without arguments to clear the profile.

  • acak: changes the AWS access key of a profile.

Plugin options

  • Set SHOW_AWS_PROMPT=false in your zshrc file if you want to prevent the plugin from modifying your RPROMPT. Some themes might overwrite the value of RPROMPT instead of appending to it, so they'll need to be fixed to see the AWS profile prompt.

Theme

The plugin creates an aws_prompt_info function that you can use in your theme, which displays the current $AWS_PROFILE. It uses two variables to control how that is shown:

  • ZSH_THEME_AWS_PREFIX: sets the prefix of the AWS_PROFILE. Defaults to <aws:.

  • ZSH_THEME_AWS_SUFFIX: sets the suffix of the AWS_PROFILE. Defaults to >.

Configuration

Configuration and credential file settings by AWS

Scenario: IAM roles with a source profile and MFA authentication

Source profile credentials in ~/.aws/credentials:

[source-profile-name]
aws_access_key_id = ...
aws_secret_access_key = ...

Role configuration in ~/.aws/config:

[profile source-profile-name]
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
region = us-east-1
output = json

[profile profile-with-role]
role_arn = arn:aws:iam::9999999999999:role/myrole
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
source_profile = source-profile-name
region = us-east-1
output = json