allow --profile=no-profile and --assume-role-arn=no-role

unbounce / iidy

iidy (Is it done yet?) -- CloudFormation with Confidence

MIT License

52 stars 7 forks source link

allow --profile=no-profile and --assume-role-arn=no-role #119

Closed tavisrudd closed 6 years ago

tavisrudd commented 6 years ago

Both options override any value set in stack-args.yaml and allow use of AWS_* env vars or instance profiles.

This allows us to support MFA authentication on roles that require it. The user would use a tool such as https://github.com/remind101/assume-role or call aws sts assume-role manually prior to invoking iidy.

tavisrudd commented 6 years ago

It's worth noting for posterity that --profile and --assume-role-arn are not strictly mutually exclusive as the cli docs say. In practice, they should be but the code does allow a profile to be assumed prior to then assuming the role from --assume-role-arn.