Open andrewmiskell opened 2 weeks ago
Can you explain what limitation Cyberduck has which requires this?
Basically, why are you using insecure hardcoded IAM credentials instead of the dynamic credentials provided via aws-sso config-profiles
? If you want it to go to some special file, why not just create an alias or shell script which redirects the output to the appropriate file?
Unless I'm missing something, Cyberduck doesn't support the method used in the aws-sso config-profiles in order to work (at least I've never been able to get it to work properly).
I've always had to use the aws sso login/aws sts get-caller-identity method described in the Cyberduck documentation in order to make it work.
https://docs.cyberduck.io/protocols/s3/#connecting-using-credentials-from-aws-command-line-interface
If people don't use the AWS SDK then things don't work. Nothing I can do there.
I'm still not sure why you can't just use a shell script or alias? Just redirect the output to a file. :)
I should ask, have you talked to Cyberduck to see if they can or will support credential_process
?
https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-sourcing-external.html
There's already a couple of issues created around ease of use with the SSO process, including the credential_process. Unfortunately, doesn't seem to be getting much traction.
So I still don't understand why you can't just create a shell script or alias to "specify a default file". there are so many configuration options today that I actually feel things are kinda out of hand and this seems to be something that can be handled outside of aws-sso.
I love the new credentials option, it does make my life a lot easier when using applications like Cyberduck!
However, I know the default is to output to stdin, but would it be possible to be able to specify a default file in the config.yaml so it doesn't have to be specified each time I need to generate credentials for those types of apps (ones that rely on the credentials file to support AWS SSO, like CyberDuck)?