Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Automatically populate [Default] with assumed profile #624

Open
discotimetraveler opened this issue Mar 20, 2024 · 7 comments
Open

Feature Request: Automatically populate [Default] with assumed profile #624

discotimetraveler opened this issue Mar 20, 2024 · 7 comments

Comments

@discotimetraveler
Copy link

I asked in the Slack channel how people deal with this and I've searched here, I feel like I have to be missing something since I can't figure out how everyone is using this tool without this functionality.

There needs to be a way to automatically populate [Default] profile in .aws/credentials so that I do not have to run aws cli commands with --profile.

Today if I have to do any extensive aws cli work I manually edit .aws/credentials to populate [Default] with my current profile credentials. If there is already a way to do this please let me know.

Thanks
@the-real-cphillips
Copy link

According to the docs it looks like the ExportCredsToAWS config setting SHOULD do this, but I don't see it working as I'd expect.

Currently for me, if I set the setting to true, it's writing to the config file but not as [default] it's writing it as the profile name.

So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.

@discotimetraveler
Copy link
Author

According to the docs it looks like the ExportCredsToAWS config setting SHOULD do this, but I don't see it working as I'd expect.

Currently for me, if I set the setting to true, it's writing to the config file but not as [default] it's writing it as the profile name.

So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.

Thanks for verifying I'm not crazy 😄 The way I read the documentation for export, though, is it will simply populate with the profile name. Which, maybe some people want that or that's just how it's always been so I personally wouldn't change that behavior. I was going to suggest a -d flag so I could do an assume -d but that's already used. So I think just a settings flag that either 1) populates the assumed profile to [Default] instead of [<profile_name>] or 2) populates both [Default] and [<profile_name>] at the same time. But... ehh... I can see how keeping them separate would likely align with the overall system better so that I could run [Default] aws cli commands and --profile commands at the same time.

So yes... absolutely a feature request to let me populate any profile as [Default] if/when desired.

@the-real-cphillips
Copy link

@discotimetraveler you're definitely not crazy.

ExportCredToAWS is definitely writing to the credentials file, but it's definitely doing ProfileName/PermName. I was going to suggest an actual code change, but I didn't want to remove code that others may have needed, although admittedly I'm not sure WHY someone would want the credentials to be written for each specific Profile...

Hopefully, there's some clarity that comes out of this issue.

@IskanderNovena
Copy link

I've never had to provide the --profile switch after assuming a role with assume?
Also, changing the [Default] in the ~/.aws/credentials file can lead to issues when using multiple sessions with different assumed roles.

@the-real-cphillips
Copy link

the-real-cphillips commented Apr 26, 2024
edited
Loading

@IskanderNovena

I've never had to provide the --profile switch after assuming a role with assume?

My issue stems from my workflow really. I run tmux, when I run assume and then create a new pane in tmux I have to re-run assume for each window/window pane. Having it write to [default] ensured a system wide approach for valid credentials.

Also, changing the [Default] in the ~/.aws/credentials file can lead to issues when using multiple sessions with different assumed roles.

Can you clarify what the negative effect is here? I'd like to be more educated on the "why"

Although I think I found a work around for this using Zsh/Oh-My-Zsh coupled with the aws plugin.

@IskanderNovena
Copy link

Can you clarify what the negative effect is here? I'd like to be more educated on the "why"

I mostly run multiple terminal sessions, using different assumed roles in each. I do this for testing the effects of changes to infrastructure-code that's used in multiple accounts, as well as administration of those accounts. I work for a cloud consultant company.

I'm running ZSH with Oh-My-Zsh and StarShip on macOS, with iTerm2 as terminal application, for what it's worth.

Having the option to define default behaviour to (not) write the profile settings to [Default] wouldn't break my workflow, and aid you in yours.

@the-real-cphillips
Copy link

@IskanderNovena I'm always amazed at the different workflows.
I see what your saying from your workflow, you're potentially using credentials for multiple clients could be troublesome for you.

I work for a team that just manages multiple AWS Accounts within a single organization.

Thank you for the clarity though, that makes sense from a "how is this tool being used perspective"

I'm going to DEFINITELY checkout Starship though, thank you for that :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@the-real-cphillips @IskanderNovena @discotimetraveler