Show only roles that fits to an AWS::Partition

[ghost]

Hi 😊

I am using both, AWS and AWS-CN to login to the Cloud. Also, I have a lot of roles that i can switch to.

Therefore it would be really nice if only the roles show up that i really can use in the correct partition.

Cheers ✌️

[tilfin]

I am not familiar with AWS-CN, but do you have the same AWS account ID for AWS and AWS-CN?

[ghost]

No, AWS China is basically an own cloud - with separate AccountId. I think, it would be just nice to have a property within the config where i can set the baseUrl as regexp or text like

[profile global]
role_arn = arn:aws:iam::accountid_global:role/my_role
region=eu-central-1
url=amazonaws.com

[profile china]
role_arn = arn:aws:iam::accountid_china:role/my_role
region=cn-northwest-1
url=amazonaws.cn

[tilfin]

In that case, you can use complex configuration to group the switch targets by the AWS account ID you are logged in.

[TomasChmelik]

I have this configuration, I'm logged in account 000011112222 as an IAM user and the profile "Account2" isn't shown in the plugin at all

[base]
aws_account_id = 000011112222

[Account2]
aws_account_id = 333344445555
role_name = RoleName
source_profile = base

Do I somehow have to specify my IAM user from the base account for it to show up?

[tilfin]

@TomasChmelik Do you check the Show only matching roles setting? If you check it, please uncheck it.

[TomasChmelik]

Ah, great. Works perfectly ❤️

[ghost]

So this actually works for me! But i also needed to disable the Show only matching roles

[global]
aws_account_id = <root-account-id-global>

[china]
aws_account_id = <root-account-id-china>

[profile developer]
role_arn = arn:aws:iam::<account-id-develop>:role/<my-role>
source_profile = global
region=us-east-1

[profile cn-developer]
role_arn = arn:aws-cn:iam::<account-id-cn-develop>:role/<my-role>
source_profile = china
region=cn-northwest-1