Open felipe1982 opened 3 years ago
I use awsume
together with (direnv)[https://direnv.net/]
you can pack all these steps in one script inside .envrc
or have direnv
watch .aws/credentials
for change - it should change by saml2aws
.
Then you can just: cd <my_project>
, sign in, work. And when credetials expire direnv reload
.
Honestly, most tools I worked with did not honour AWS_PROFILE
- this is where I find direnv
best tool to organize it.
I did not use saml2aws
but it seems to have an option (script)[https://github.com/Versent/saml2aws#saml2aws-script] - but I assume it may not work for your use case because you have to authenticate against the parent account and then assume the role in the child account.
Sometimes it's useful to have AWS_ACCESS_KEY and other associated env vars, but other times it is better to just use AWSPROFILE, and unset all the other AWS* variables.
When I refresh my creds, I normally have to re-run awsume. If only AWS_PROFILE was set, I would not need to do that.
Workflow example