Select AWS Region + aws_session_token

[javier-torres]

Hello, my name is Javier.

Will be very intersting allow select region from a list or have default region and you can change defautl region. And is not valid for me because my login is with SSO and AWS give me 3 values: aws_access_key_id aws_secret_access_key aws_session_token

Maybe if will be possible allow extract 3 values if exits if not only extract 2 typical values.

Thank you so muchs. It´s very nice aws-profile. If you are possible create this functions this tool is perfecto for AWS Administrators

[hpcsc]

Hi Javier,

Glad that you like and find the tool useful

Could I clarify a few things on your question?

• Are you expecting to have region set in profiles in ~/.aws/config file and when you choose that profile, the tool should copy the region value to the default profile? If that's the case, the tool already does this at the moment(for both set and export command). I can update the README to make it clearer

• For your second question, do you want to copy aws_session_token to the default profile in ~/.aws/credentials also? I'm not sure what tool are you using for SSO but aws_session_token is already a temporary credentials that allows you to use aws cli, and therefore you should not need this tool in that case

Thanks

[javier-torres]

Hi,

I understand that the tool takes the region from the ~/.aws/config and puts it in the default profile. But in my ~/.aws/config I define a default region (the most used), but sometimes I need to change the region within the same profile. That is, I would like to be able to export my default credentials and my region, but if I need to change region with the same profile, it would be interesting to have an aws-profile set region to be able to change region within the same profile, so that this aws-profile set region has a list with all the regions and you can change your default region defined in ~/.aws/config

On the other hand, regarding the session token. I have configured different profile names, in which are fixed profiles and others that I update daily with the keys that AWS offers me when I make singles sign on. That is to say: [profile-0] aws_access_key_id = XXXXXXXXX aws_secret_access_key = XXXXXXXXX [profile-1] aws_access_key_id = XXXXXXXXX aws_secret_access_key = XXXXXXXXX aws_session_token = XXXXXXXXXXXXXX profile-2] aws_access_key_id = XXXXXXXXX aws_secret_access_key = XXXXXXXXX aws_session_token = XXXXXXXXXXXXXX

It would be interesting that the tool, when you make an aws-profile set, goes through the ~/.aws/credentials file and takes all the existing data, that is to say, in the [profile-0] it loads the values that I have defined: aws_access_key_id = XXXXXXXXX aws_secret_access_key = XXXXXXXXX

and in the [profile-1] I load the values that I have defined, in this case including the aws_session_token, that is to say: aws_access_key_id = XXXXXXXXX aws_secret_access_key = XXXXXXXXX aws_session_token = XXXXXXXXXXXXXX

Thanks

[hpcsc]

thanks for the clarification. Both are good ideas.

For copying of aws_session_token, it's done in latest commit. If you want to try it out, can get latest build from Bintray, id e1430d6. Let me know whether that's the behavior you expected

For setting region key, I'm still thinking what's the best way to do that in the flow. For now, I'm thinking of creating a separate sub command, say aws-profile set-region, it can list all regions defined in config file for you to select. Once selected, it only change region key of the default profile and nothing else. Is that good enough?

[javier-torres]

Hi,

It´s very nice, I try and it´s work correctly!! Perfect!!! It´s a good idea and refactor for this tool!! Great!!

For the region, I think is OK separete command aws-profile set-region, but I think by default if you don´t specify region, tool use default region define in ~/.aws/config, but if you use the command aws-profile set-region, this command show a original list of all region in AWS how see in console. Why? It´s possible you can definine in ~/.aws/config 2 regions (eu-west-1 and eu-central-1) but you need deploy new resources in eu-west-2 and you haven´t define this region in ~/.aws/config. I think thats better you set command aws-profile set-region and this show a original list from region an you select the region that you need, may can be eu-west-2, other day can be eu-west-3......... that´s why I think is better show a list with all aws region.

Thank you

[hpcsc]

the latest build can be found in Bintray here: https://dl.bintray.com/hpcsc/aws-profile/ I'm not sure what OS you are using so can't give exact link, but you can just follow the link above, search for id e1430d6 for your OS binary

I was thinking of listing all available aws regions before, but was just concerned that it can be a long list to scroll through each time. But your concern is valid too. I'll list all aws regions and see how it goes

for the request of leaving default region when using aws-profile set, that is actually conflicting with another common use case: I usually only stay in one specific region for one profile (.e.g. for test environment, I have test profile and all my infrastructure is deployed in ap-southeast-2 region), so the desirable behavior is whenever I select a profile, the region of default profile is set with region from selected profile (and clear it if region is not set). For your use case, if you have a region that is used very often, I suggest to set that region for all your profiles, and use aws-profile set-region later to switch region if you need to work with some other region

cc: @dalzymendoza since she might be the one taking this implementation

[javier-torres]

Thank you!!

I have tried the latest commit and it´s work correctly implemente aws_session_token.

I can't wait for your new implementation. At the moment with the change of aws_session_token I am managing correctly. But I am waiting for you to make this small implementation to use the aws-profile set-region command. Thank you very much for your interest and your quick action to implement the changes and and release a new versione stable with these 2 changes. v.0.5.0

King Regards, Javier Torres

[dalzymendoza]

Hey @javier-torres, we've made some changes to add the subcommand set-region.

Could you test out the build with id c160cca in the Bintray link https://dl.bintray.com/hpcsc/aws-profile/?

[javier-torres]

Hey @dalzymendoza !!!

I am trying new subcommand and works correctly!! But I detect a min fix in the output message command. When you execute aws-profile set-region and select any region, the output message is:

jtorresd@L0003717:~$ aws-profile set-region === [region eu-west-2] -> [default.region] (~/.aws/credentials)

And must be === [region eu-west-2] -> [default.region] (~/.aws/config)

jtorresd@L0003717:~$ cat ~/.aws/config [default] output = json region = eu-west-2

On the other hand, I think it would be interesting when you work with multiples regions have a command aws-profile get-region where you can see what default region you have.

Thank you in advance for your great collaboration. With this new changes I think this tool is very good for AWS Architect and when finish this changes and create realease for this new features I will recommend the tool to my colleagues and friends to use it because I find it very practical

Thank you

[dalzymendoza]

Hey Javier,

Thanks for the quick feedback! I've now pushed a fix for that log under build id 40bce4d. If you are okay with it, then we will close this issue. Regarding the get-region subcommand, that is a good suggestion. We will implement it as part of a different issue.

By the way, if you are using one of the recent builds (which I'm sure you are), you can try a new command aws-profile upgrade --prerelease. It will check and download the latest version from bintray automatically. Let us know if you do get to try out this command.

And likewise, we greatly appreciate your help to this tool. :)

[javier-torres]

Thank you much. I am following the new issue

[hpcsc]

hi @javier-torres , I have tagged a new version for aws-profile (0.5.0).

• This version has both set-region and get-region. You can run aws-profile upgrade to upgrade your current binary to that version.
• It also supports yaml config file where you can define a custom list of regions (in case you don't want to see a long list of regions every time when using set-region). A sample config file is at https://github.com/hpcsc/aws-profile/blob/master/configs/sample-config.yaml . You can put the config file at ~/.aws-profile/config.yaml

With that, I'll close this issue and the get-region issue. Please let us know if you find any issue with the latest version Thanks again for your suggestions

[javier-torres]

Hi @hpcsc

I've been trying the tool and it seems to work fine. It's a good idea to use the config.yaml to do a region filtering. I think that with these changes the tool has become a very powerful tool and very comfortable to work with.

Thank you very much for your interest and collaboration between both to progress.

King Regards.