This requires the keys to be set in the environment and prevents the use of AWS SSO Profiles. The AWS SDKs themselves will attempt to get credentials from an SSO Profile, the existing env variables or several other processes.
Supporting SSO Profiles would make running this easier for users locally who either can't get static short (or long) lived tokens, or who don't wish to have to copy and paste them around the place.
Proposed Solution
Given the ordering that the SDKS already attempt to resolve credentials, I would propose to make the existing inputs optional (but keeping them as the first/default choice, overriding the SDK patterns), but making it able to accept no inputs and allowing the SDKs to resolve how they wish.
Alternatively, to addresses only the issue of SSO Profiles, accepting another input of ssoProfileName and using that when defined over the other credential options.
Motivation
Being able to use different profiles to run EventCatalog locally. Needing to set credentials in the env or in text in code isn't always ideal when services like AWS SSO (or AWS IAM Identity Center as it likes to be known) are able to more securely generate credentials and even auto refresh them if needed
Really you should allow the SDK to resolve credentials from the underlying environment, whether it be via static access keys, AWS profile, EC2 instance profile, etc...this is the way the SDK is intended to work.
Have you read the Contributing Guidelines on issues?
Description
The EB Plugin currently requires you to pass in some credentials as part of the options:
These get type checked here, https://github.com/boyney123/eventcatalog/blob/master/packages/eventcatalog-plugin-generator-amazon-eventbridge/src/types.ts#L11 and then passed into the AWS SDKs here, https://github.com/boyney123/eventcatalog/blob/master/packages/eventcatalog-plugin-generator-amazon-eventbridge/src/lib/aws.ts#L163-L167
This requires the keys to be set in the environment and prevents the use of AWS SSO Profiles. The AWS SDKs themselves will attempt to get credentials from an SSO Profile, the existing env variables or several other processes.
Supporting SSO Profiles would make running this easier for users locally who either can't get static short (or long) lived tokens, or who don't wish to have to copy and paste them around the place.
Proposed Solution
Given the ordering that the SDKS already attempt to resolve credentials, I would propose to make the existing inputs optional (but keeping them as the first/default choice, overriding the SDK patterns), but making it able to accept no inputs and allowing the SDKs to resolve how they wish.
Alternatively, to addresses only the issue of SSO Profiles, accepting another input of
ssoProfileName
and using that when defined over the other credential options.Motivation
Being able to use different profiles to run EventCatalog locally. Needing to set credentials in the env or in text in code isn't always ideal when services like AWS SSO (or AWS IAM Identity Center as it likes to be known) are able to more securely generate credentials and even auto refresh them if needed