search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
924 stars 263 forks source link

Specifying profile via GIMME_AWS_CREDS_PROFILE #242

Open nchammas opened 4 years ago

nchammas commented 4 years ago

Expected Behavior

I'm looking for a feature that looks like this:

GIMME_AWS_CREDS_PROFILE=some-profile gimme-aws-creds

This would be equivalent to:

gimme-aws-creds --profile some-profile

Current Behavior

There is currently no way to select a non-default profile without using --profile. GIMME_AWS_CREDS_CRED_PROFILE is for selecting the AWS credentials profile to write to, not for selecting the gimme-aws-creds profile.

Possible Solution

This new config environment variable would roughly mirror how the existing GIMME_AWS_CREDS_* variables work. If --profile is not specified, the tool would check GIMME_AWS_CREDS_PROFILE. If that's not specified either, then it uses the default profile.

Context

We have different members of our team working in different AWS accounts. They want to be able to set a default profile for their terminal sessions so they can just call gimme-aws-creds without any parameters. Everything would be captured in the gimme-aws-creds config file and, as proposed here, in GIMME_AWS_CREDS_PROFILE.

Your Environment

jcreyf commented 1 year ago

Chiming in here... gimme-aws-creds is used to generate tokens for the AWS CLI. The AWS CLI has the option to use environment variable AWS_PROFILE to select the tokens from the credentials file that gimme-aws-creds manages. So why not use AWS_PROFILE for this purpose? If that env variable is set, then take that as the default profile for gimme-aws-creds. There's a PR open for this: https://github.com/Nike-Inc/gimme-aws-creds/issues/271 I have my own implementation in my fork and it seems to be working fine: https://github.com/jcreyf/gimme-aws-creds/tree/env_vars/gimme_aws_creds