Open SWolfeCAI opened 2 years ago
Hey @SWolfeCAI, pardon the delay in responding. I like the idea of this and I've been thinking about adding something like this for a while, but I don't have any solid details on when this could get added.
We've had some work planned on our backlog for a while to refactor the logic for how the CLI manages its settings and that will likely create an opportunity to reengineer this process and come up with a better solution that potentially allows for overrides of settings in subfolders with files similar to what you've described so it is on our radar.
In the meantime, although this isn't an implementation of your feature suggestion I believe I have a solution that might help you accomplish the same goal today. The AWS CLI (and many AWS-related tooling including terraform) can use a file called ~/.aws/credentials
where you can specify various profiles and credentials for those profiles, but the really neat thing is that you can establish a profile that uses a credential process such that whenever the profile is used, the AWS CLI will execute the specified command to generate credentials for that profile on-the-fly, and the ALKS CLI can be used today to perform this action. I believe it would look something like this:
# ~/.aws/credentials
[profile awsmyaccount]
credential_process = /usr/local/bin/alks sessions open -a 012345678910 -r Admin -o aws
and then in your terraform file you could specify this profile on the aws provider block like this:
provider "aws" {
region = ...
profile = "awsmyaccount"
}
With this configuration your terraform should be able to automatically detect that profile and execute that ALKS CLI command to generate credentials for your account at the moment they're needed without the need for any .alksrc
file. I would still like to eventually implement some kind of rc file for ALKS since there are potentially several other use cases for it so I will leave this feature request open for now but I hope this solution helps you in the meantime
Some of our terraform uses root-modules that are specific to single accounts; whenever we run those modules we use ALKS to get a session for the one relevant account.
A git repo might look a bit like:
As a minor enhancement, it would be nice if we could add a config file to those root modules to configure
alks-cli
to quickly get a session for the relevant account. Other CLI tools sometimes do this via "rc" files. Typically these files override the default configurations, and/or specify values that act as default parameters.A pseudo-example for alks-cli might look something like:
File:
./terraform/accounts/awsaccount1/.alksrc
With the above example, running commands like
alks sessions open
in thr./terraform/accounts/awsaccount1
directory would use the specified account and role as the defaults. Running the same command elsewhere would not use these directory-specific settings.