Open jcmcken opened 8 years ago
Seems reasonable. We'd probably just expose this as AWS_CLI_CACHE_DIR
?
Sure, works for me.
Good Morning!
We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.
This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.
We’ve imported existing feature requests from GitHub - Search for this issue there!
And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs.
Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface
-The AWS SDKs & Tools Team
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred:
mkdirenv@gmail.com Domain salmanwaheed.info has exceeded the max emails per hour (174/150 (115%)) allowed. Message will be reattempted later
------- This is a copy of the message, including all the headers. ------
------ The body of the message is 6164 characters long; only the first
------ 5000 or so are included here.
Received: from github-smtp2-ext1.iad.github.net ([192.30.252.192]:33302 helo=github-smtp2a-ext-cp1-prd.iad.github.net)
by box1177.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89_1)
(envelope-from noreply@github.com)
id 1ej0Qs-001bl7-Px
for hello@salmanwaheed.info; Tue, 06 Feb 2018 03:24:59 -0700
Date: Tue, 06 Feb 2018 02:24:48 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
s=pf2014; t=1517912688;
bh=liaHnxCA73jZdcR1TrvqS0ZWLbU6uRNf/sVajK5vILM=;
h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
List-Archive:List-Post:List-Unsubscribe:From;
b=eqR4Q/ZAoILCAcb97zUohMI5mF+Qe6a+CyUFJ0BBJovseqTncpl6+JpJkC9wkmBrY
qkvIB7i9DsRboV1pnzNWKP7CVol0jOGkLYl8zvOoDR14aAgwAB6QiN0liIFhP6VX26
QEU4sULzKs7zjJBhSub1aw3BA96FHjau+onKqTi4=
From: Andre Sayre notifications@github.com
Reply-To: aws/aws-cli reply@reply.github.com
To: aws/aws-cli aws-cli@noreply.github.com
Cc: Subscribed subscribed@noreply.github.com
Message-ID: aws/aws-cli/issues/1804/363378408@github.com
In-Reply-To: aws/aws-cli/issues/1804@github.com
References: aws/aws-cli/issues/1804@github.com
Subject: Re: [aws/aws-cli] Allow customization of directory where cached
credential data is stored (#1804)
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_5a7982703db39_3732b159d01eec83899d";
charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ASayre
X-GitHub-Recipient: salmanwaheed
X-GitHub-Reason: subscribed
List-ID: aws/aws-cli
Content preview: Good Morning! We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI. [...]
Content analysis details: (-1.1 points, 5.0 required)
pts rule name description
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: uservoice.com] -0.5 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Spam-Flag: NO
----==_mimepart_5a7982703db39_3732b159d01eec83899d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Good Morning!
We're closing this issue here on GitHub, as part of our migration to Use= rVoice for feature requests involving the AWS CLI.
This will let us get the most important features to you, by making it eas= ier to search for and show support for the features you care the most abo= ut, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea is p= osted, people can vote on the ideas, and the product team will be respond= ing directly to the most popular suggestions.
We=E2=80=99ve imported existing feature requests from GitHub - Search for= this issue there!
And don't worry, this issue will still exist on GitHub for posterity's sa= ke. As it=E2=80=99s a text-only import of the original post into UserVoi= ce, we=E2=80=99ll still be keeping in mind the comments and discussion th= at already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs. =
Once again, this issue can now be found by searching for the title on: ht= tps://aws.uservoice.com/forums/598381-aws-command-line-interface =
-The AWS SDKs & Tools Team
-- =
You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/aws/aws-cli/issues/1804#issuecomment-363378408=
----==_mimepart_5a7982703db39_3732b159d01eec83899d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Good Morning!
We're closing this issue here on GitHub, as part of our migration to <= a href=3D"https://aws.uservoice.com/forums/598381-aws-command-line-interf= ace" rel=3D"nofollow">UserVoice for feature requests involving the AW= S CLI.
This will let us get the most important features to you, by making it = easier to search for and show support for the features you care the most = about, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea i= s posted, people can vote on the ideas, and the product team will be resp= onding directly to the most popular suggestions.
We=E2=80=99ve imported existing feature requests from GitHub - Search = for this issue there!
And don't worry, this issue will still exist on GitHub for posterity's= sake. As it=E2=80=99s a text-only import of the original post into User= Voice, we=E2=80=99ll still be keeping in mind the comments and discussion= that already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs.
Once again, this issue can now be found by searching for the title on:= https://aws.uservoice.com/forums/598381-aws-comma= nd-line-interface
-The AWS SDKs & Tools Team
<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;
You are receiving this because you are subscribed to this thre=
ad.
Reply to this email directly, <a href=3D"https://github.com/aws/=
aws-cli/issues/1804#issuecomment-363378408">view it on GitHub, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AO8bOHPFEhPR2mB=
jkUgY4-ep3nmkKIwcks5tSChwgaJpZM4HdhCP">mute the thread.<img alt=3D"" =
height=3D"1" src=3D"https://github.com/notifications/beacon/AO8bONmEbvTVK=
Dn58uQHSps6dRyT15gMks5tSChwgaJpZM4HdhCP.gif" width=3D"1" />
<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio= n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"= :"GitHub"},"entity":{"external_key":"github/aws/aws-cli","title":"aws/aws= -cli","subtitle":"GitHub repository","main_image_url":"https://cloud.gith= ubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c= 7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/= 143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name= ":"Open in GitHub","url":"https://github.com/aws/aws-cli"}},"updates":{"s= nippets":[{"icon":"PERSON","message":"@ASayre in #1804: Good Morning!\r\n= \r\nWe're closing this issue here on GitHub, as part of our migration to = UserVoice for feature requests involving the AWS CLI.\r\n\r\nThis will let u= s get the most important features to yo
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred:
mkdirenv@gmail.com Domain salmanwaheed.info has exceeded the max emails per hour (175/150 (116%)) allowed. Message will be reattempted later
------- This is a copy of the message, including all the headers. ------
Received: from o1.sgmail.github.com ([192.254.114.176]:36388)
by box1177.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.89_1)
(envelope-from bounces+848413-a7b0-hello=salmanwaheed.info@sgmail.github.com)
id 1ej0Qv-001bkz-1V
for hello@salmanwaheed.info; Tue, 06 Feb 2018 03:25:01 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;
h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe;
s=s20150108; bh=4dTuzlOQnx8hi11ps4yGjzoewro=; b=PUOjlWKp4mstQqpq
n3gDKfqgYfJu64XtQ1NpjKtvvAOLxs0d762Qh4ZNFoRzJpyw1yE89Tq7O1a1ojxh
dHlpOzPrH+aH3SvzLFiXktl+O4t2oxDXxVruEqxuXmHLVCgcAmyo5FDL8oS3R6vy
5Ae3x21fdfr7BsH4do/LtS90wRI=
Received: by filter0480p1las1.sendgrid.net with SMTP id filter0480p1las1-24443-5A79826F-21
2018-02-06 10:24:47.888719487 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17])
by ismtpd0003p1iad1.sendgrid.net (SG) with ESMTP id XEX4WRixSUC4fiWPD5RL7Q
for hello@salmanwaheed.info; Tue, 06 Feb 2018 10:24:47.763 +0000 (UTC)
Date: Tue, 06 Feb 2018 10:24:47 +0000 (UTC)
From: Andre Sayre notifications@github.com
Reply-To: aws/aws-cli reply@reply.github.com
To: aws/aws-cli aws-cli@noreply.github.com
Cc: Subscribed subscribed@noreply.github.com
Message-ID: aws/aws-cli/issue/1804/issue_event/1459792564@github.com
In-Reply-To: aws/aws-cli/issues/1804@github.com
References: aws/aws-cli/issues/1804@github.com
Subject: Re: [aws/aws-cli] Allow customization of directory where cached
credential data is stored (#1804)
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_5a79826fa5da0_274593ff519788f2c1192c";
charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ASayre
X-GitHub-Recipient: salmanwaheed
X-GitHub-Reason: subscribed
List-ID: aws/aws-cli
Content preview: Closed #1804. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/aws/aws-cli/issues/1804#event-1459792564 Closed #1804. [...]
Content analysis details: (-0.3 points, 5.0 required)
pts rule name description
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: github.com] -0.8 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [192.254.114.176 listed in wl.mailspike.net] -0.5 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 2.5 DCC_CHECK No description available. -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.8 RCVD_IN_MSPIKE_WL Mailspike good senders -1.4 AWL AWL: Adjusted score from AWL reputation of From: address X-Spam-Flag: NO
----==_mimepart_5a79826fa5da0_274593ff519788f2c1192c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit
Closed #1804.
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/aws/aws-cli/issues/1804#event-1459792564 ----==_mimepart_5a79826fa5da0_274593ff519788f2c1192c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
Closed #1804.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
----==_mimepart_5a79826fa5da0_274593ff519788f2c1192c--
Based on community feedback, we have decided to return feature requests to GitHub issues.
This is very desirable when considering the usage of the amazon/aws-cli image on containers running with non root users. Currently, the only solution I found (other then building a new image) is to add an 'env' entry on the pod spec defining the HOME env var to a path that allows anyone to write on it (like '/tmp'). This way the credentials are stored at /tmp/.aws/cli/cache.
Also something I'd like to see, it's not crucial but it's nice to be able to control where the data is stored and it seems like it'd be a relatively easy change.
There are two cache folders desired to be customized:
AWS_CLI_CACHE_DIR
control ~/.aws/cli/cache
AWS_SSO_CACHE_DIR
control ~/.aws/sso/cache
Adding another use case from issue #7376 here:
We use amazon-eks-pod-identity-webhook to assign IAM roles to pods in our Kubernetes cluster. We use Pod Security Policies to set the root filesystems of most of our containers to read-only. If a pod uses the AWS CLI and pod-identity-webhook together, it will fail to write to the CLI cache directory as it's read-only.
This would also be an extension of the existing AWS_SHARED_CREDENTIALS_FILE and AWS_CONFIG_FILE functionality that allow moving all of ~/.aws to more appropriate locations.
Currently, this directory is statically encoded as a subdirectory under
~/.aws
. However, it would be nice (for security reasons) to be able to store these credentials in another location. For example, when using MIT Kerberos on Linux, TGTs are stored in/tmp
, and you can set theKRB5CCNAME
env var to customize the filename of the active TGT cache (including changing the directory) (seekinit(1)
man page).Alternatively, as another example, it would be nice to store them in a directory in shared memory (e.g.
/dev/shm
) so that if the machine is powered off, the credentials would not persist.