Open martintreurnicht opened 10 years ago
you could use aws configure --profile not-existing-profile list
and check for the aws return code.
One-liner for @akleiber's suggestion:
[[ $(aws configure --profile not-existing-profile list) && $? -eq 0 ]] && echo "Exists" || echo "Does not exist"
Obviously you could replace the echo statements with variable assignments or whatever.
Good Morning!
We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.
This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.
We’ve imported existing feature requests from GitHub - Search for this issue there!
And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs.
Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface
-The AWS SDKs & Tools Team
Based on community feedback, we have decided to return feature requests to GitHub issues.
The command aws configure --profile not-existing-profile list
is not a solution to the original issue as this will ask for MFA for profiles that need it.
I used the following, based on the suggestion here:
##
# Confirms the user has set up the named AWS profile.
# Parameters:
# 1: The AWS profile name.
# Exits on failure.
# Example: "confirm_aws_profile foo"
##
confirm_aws_profile() {
[[ $(aws configure --profile ${1} list | grep "could not be found") ]] && {
echo "The profile ${1} has not been established. You need to set this up prior to running this script.";
exit 1;
}
}
This obviously does not provide the nicety of prompting the user, but it halts the script and informs the user of the problem, which was the important part for my needs. Hopefully it's helpful?
I use it this way:
function aws_profile_status {
profile_status=$( (aws configure --profile ${1} list ) 2>&1 )
if [[ $profile_status = *'could not be found'* ]]; then echo "not found"; fi
}
(that echo "not found" , is just an example for use-case of-corse) maybe will be useful for someone :)
Note these will not work if AWS_PROFILE
has been set due to this bug: https://github.com/aws/aws-cli/issues/5016
Here's what I've done:
if [[ $(aws configure --profile $set_profile_name list >> /dev/null 2>&1) -eq 0 ]]
then
echo "Exists"
else
echo "Does not exists"
fi
For Powershell:
# This function waits until timeout if a AWS profile becomes available
function Check-Aws-Profile {
param( [string]$Profile, [int]$Timeout )
$Count = 0
while (!(aws configure --profile $Profile list) 2>&1 | out-null) {
echo "* $Profile profile is not available yet"
Start-Sleep -Seconds 1
$Count++;
if ($Count -gt $Timeout) {
echo "* $Profile did not become available within $Timeout seconds"
Exit 1
}
}
echo "$Profile profile is now available!"
}
Check-Aws-Profile -profile ss -timeout 10
This doesn't work for SSO, since it also returns an exit code of 255 and identical response if you are not signed in. It would be good to have a way to find out if the profile exists in the ~/.aws/configure
file, could grep that file I guess
A note for users of AWS SSO:
The use case described in the original comment is
We use several different profiles for uploading our static website to different environments, each environment has it's own profile.
This is a common enough situation: you've written a script for people to use, and you know the entire set of configurations that may be used by users of the script. If you're using AWS SSO, you can embed the SSO configuration for those environments (SSO start url+region, account id, role name) into your code, while still relying on the user to have their own credentials authenticated through aws sso login
. This eliminates the dependency on ~/.aws/config
having any particular content. In most languages, the AWS SDK natively supports defining that configuration using the SSO credential configuration. In Python, you'll need to use aws-sso-lib
.
This doesn't work for SSO, since it also returns an exit code of 255 and identical response if you are not signed in. It would be good to have a way to find out if the profile exists in the
~/.aws/configure
file, could grep that file I guess
if aws configure list-profiles | grep -Fxq "$profile_name"; then
echo "Exists"
else
echo "Not exists"
fi
If the profiles have known contents, you can have your tools write a config file containing them and use the AWS_CONFIG_FILE
variable to point at it, eliminating the need for their ~/.aws/config
to have the profile in it.
An example in a shell script, with IAM Identity Center (formerly AWS SSO) configuration, but it will work with any config
# make sure no profile is set first
export -n AWS_PROFILE= AWS_DEFAULT_PROFILE=
# create a temporary config file
# use a suffix so they're easier to identify
export AWS_CONFIG_FILE=$(mktemp --suffix .aws-config)
# write the config into the file
cat > $AWS_CONFIG_FILE <<EOF
# if you're only using one profile, may as well make it the default
# and not need to pass the name in everywhere
# but you can name it and/or have multiple named profiles in the file
[profile default]
sso_start_url = https://example.awsapps.com/start
sso_region = us-east-2
sso_account_id = 123456789012
sso_role_name = Developer
region = us-west-2
EOF
# now call whatever program you're intending to run
# anything using an AWS SDK will use the config file
# because of the environment variable
aws sts get-caller-identity
aws s3 cp s3://some-bucket/some-key ./my-file
rm -f $AWS_CONFIG_FILE
export -n AWS_CONFIG_FILE=
We use several different profiles for uploading our static website to different environments, each environment has it's own profile. It would be nice to have a way to check if a profile is configured and if not prompt the user to configure the profile, it could even be an extra parameter for the configure command, ex.
aws configure --skip-exists
We have a deployment bash script that configures your environment, including installing awscli via pip, this would be a nice addition to that script