search

common-fate / granted

The easiest way to access your cloud.
https://granted.dev
MIT License
955 stars 90 forks source link

Discrepancy in the behavior when '--save-to' and '--export' flags are used together #642

Open shwethaumashanker opened 2 months ago

shwethaumashanker commented 2 months ago

Issue reported in Slack by Phil Hadviger

I have a question I wanted to ask before potentially filing an issue. I run the following command and get the output at the bottom.

assume \
  --export \
  --sso \
  --sso-start-url https://start.home.awsapps.cn/directory/orgname \
  --sso-region cn-north-1 \
  --account-id 000000000000 \
  --role-name SAMPLE \
  --save-to china \
  orgname/china-prod/SAMPLE

[✔] Saved AWS profile as china. You can use this profile with the AWS CLI using the '--profile' flags when running AWS commands.
[✔] [SAMPLE](cn-north-1) session credentials will expire in 12 hours
[!] No credential suffix found. This can cause issues with using exported credentials if conflicting profiles exist. Run `granted settings export-suffix set` to set one.
[✔] Exported credentials to ~/.aws/credentials file as SAMPLE successfully

So the --save-to china works as expected, and creates a china block in the ~/.aws/config file. But the --export then exports the credentials to the SAMPLE profile in ~/.aws/config. Should export in this case not also use the china profile name? Using 0.23.1 of assume.