Right now config file generation is based on the SSO region, and all generated profiles will be in the same region.
But it is typical to deploy different workloads to different regions, and only need a single region per profile.
E.g. my SSO is in us-east-1, but all deployments in one account (profile) go to us-east-1, but in another account (profile) they always to go eu-west-1.
When I run assume with the second profile, it still always goes to us-east-1, so I have to always remember to do assume --region=eu-west-1.
This was not a problem when I managed profiles by hand, but now that it is auto-gened, my muscle memory is too strong to break the habit of just doing "assume" (I used to use aws-vault exec profile prior).
A workaround is to create hand-made profiles that source from the generated ones.
But I wish there was some other option, perhaps some kind of config mapping that can be created to auto-generate. Or generate profiles for all regions that have some resources, altho I understand this can be a time consuming check on large orgs.
Right now config file generation is based on the SSO region, and all generated profiles will be in the same region.
But it is typical to deploy different workloads to different regions, and only need a single region per profile.
E.g. my SSO is in
us-east-1, but all deployments in one account (profile) go tous-east-1, but in another account (profile) they always to goeu-west-1.When I run
assumewith the second profile, it still always goes tous-east-1, so I have to always remember to doassume --region=eu-west-1.This was not a problem when I managed profiles by hand, but now that it is auto-gened, my muscle memory is too strong to break the habit of just doing "assume" (I used to use
aws-vault exec profileprior).A workaround is to create hand-made profiles that source from the generated ones.
But I wish there was some other option, perhaps some kind of config mapping that can be created to auto-generate. Or generate profiles for all regions that have some resources, altho I understand this can be a time consuming check on large orgs.