Closed mheffner closed 6 years ago
Could keep the creds in a ~/.aws/credentials file and just have it export AWS_DEFAULT_PROFILE
instead.
@rsalmond So it will export a credentials file too, but I think there are still older utilities (ec2cli) that only accept the KEY/SECRET environs.
@mheffner I just mean that in terms of exporting sensitive ENV vars there's no danger in exporting env var for the name of the profile. It makes sense to add an extra step to export KEY/SECRET but as you say most newer utils would still provide the current AWSAM experience of just working if the profile variable is exported by default.
No longer export the AWS environment variables in the current shell session. To export the environment to aws commands run the new shell wrapper
aenv
before executing commands like the EC2 CLI, awscli, etc. The awsam commandsassh
andascp
don't require any changes, as they will correctly load the environment as needed.This is to protect against stuff like: https://iamakulov.com/notes/npm-malicious-packages/