rsalmond
commented
7 years ago Could keep the creds in a ~/.aws/credentials file and just have it export AWS_DEFAULT_PROFILE instead.
Closed mheffner closed 6 years ago
rsalmond
commented
7 years ago Could keep the creds in a ~/.aws/credentials file and just have it export AWS_DEFAULT_PROFILE instead.
mheffner
commented
7 years ago @rsalmond So it will export a credentials file too, but I think there are still older utilities (ec2cli) that only accept the KEY/SECRET environs.
rsalmond
commented
7 years ago @mheffner I just mean that in terms of exporting sensitive ENV vars there's no danger in exporting env var for the name of the profile. It makes sense to add an extra step to export KEY/SECRET but as you say most newer utils would still provide the current AWSAM experience of just working if the profile variable is exported by default.
No longer export the AWS environment variables in the current shell session. To export the environment to aws commands run the new shell wrapper
aenvbefore executing commands like the EC2 CLI, awscli, etc. The awsam commandsasshandascpdon't require any changes, as they will correctly load the environment as needed.This is to protect against stuff like: https://iamakulov.com/notes/npm-malicious-packages/