Open kaihendry opened 7 years ago
hmm I haven't seen that but I'll dig through the aws-cli docs. I've just been using .profile
in up.json and ~/.aws/credentials
.
Actually if one opens a new account, using the default role OrganizationAccountAccessRole, you simply add something like ~/.aws/config
:
[profile scratchbox]
role_arn = arn:aws:iam::123456789:role/OrganizationAccountAccessRole
source_profile = parentaccount
parentaccount would have your AWS access keys setup in ~/.aws/credentials
btw.
And once your done messing about, you can close / suspend account # 123456789.. I prefer working in different accounts as opposed to {development,staging,production} stages.
This would be really nice to support via the AWS SDK v2 I think. https://play.golang.org/p/GgusMp0mLuW Or using v1 SDK with SharedConfigEnable maayyy be.
Hmm, I just tried an AWS_PROFILE like scratchbox above on 0.4.11-pro and I hit
Error: Cannot find credentials, visit https://up.docs.apex.sh/#aws_credentials for help.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
$ aws --profile scratchbox iam create-user --user-name $USER
$ aws --profile scratchbox iam create-access-key --user-name $USER
But it would be way way nicer to directly support source_profile without Access key hoop jumping as I know the v2 SDK is capable of.
At work we started using this paradigm in
~/.aws/config
that looks like:I know the aws-cli supports this credential syntax.
Anyway, I thought it I should mention it since it makes trying out apex in a sandboxed account a little easier.