Skip to content

Instantly share code, notes, and snippets.

@benkehoe
Last active September 20, 2024 17:38
Show Gist options
  • Save benkehoe/0d2985e56059437e489314d021be3fbe to your computer and use it in GitHub Desktop.
Save benkehoe/0d2985e56059437e489314d021be3fbe to your computer and use it in GitHub Desktop.
AWS_PROFILE env var management
# MIT No Attribution
#
# Copyright 2022 Ben Kehoe
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# There are lots of well-built tools that completely manage your
# AWS profiles and login and credentials, like aws-vault and AWSume.
# This isn't that.
# I tend to prefer to go as lightweight as possible around AWS-produced tools.
# So all this does is set and unset your AWS_PROFILE environment variable.
# This code requires the AWS CLI v2 to function correctly, because it uses the
# aws configure list-profiles command for validation and auto-completion,
# and this command does not exist in the AWS CLI v1.
# AWS CLI v2 install instructions:
# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
# You might also be interested in aws-whoami
# which improves upon `aws sts get-caller-identity`
# https://github.com/benkehoe/aws-whoami
aws-profile () {
if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
echo "USAGE:"
echo "aws-profile <- print out current value"
echo "aws-profile PROFILE_NAME <- set PROFILE_NAME active"
echo "aws-profile --unset <- unset the env vars"
elif [ -z "$1" ]; then
if [ -z "$AWS_PROFILE$AWS_DEFAULT_PROFILE" ]; then
echo "No profile is set"
return 1
else
echo "$AWS_PROFILE$AWS_DEFAULT_PROFILE"
fi
elif [ "$1" = "--unset" ]; then
AWS_PROFILE=
AWS_DEFAULT_PROFILE=
# removing the vars is needed because of https://github.com/aws/aws-cli/issues/5016
export -n AWS_PROFILE AWS_DEFAULT_PROFILE
else
# this check needed because of https://github.com/aws/aws-cli/issues/5546
# requires AWS CLI v2
if ! aws configure list-profiles | grep --color=never -Fxq -- "$1"; then
echo "$1 is not a valid profile"
return 2
else
AWS_DEFAULT_PROFILE=
export AWS_PROFILE=$1
export -n AWS_DEFAULT_PROFILE
fi;
fi;
}
# completion is kinda slow, operating on the files directly would be faster but more work
# aws configure list-profiles is only available with the AWS CLI v2.
_aws-profile-completer () {
COMPREPLY=(`aws configure list-profiles | grep --color=never ^${COMP_WORDS[COMP_CWORD]}`)
}
complete -F _aws-profile-completer aws-profile
@trevoro
Copy link

trevoro commented Jun 30, 2020

I like it! I've been doing something similar to make it super easy to switch between projects / profiles by never having a default one set and using named profiles only. That seems to have avoided a few footgun instances.

@benkehoe
Copy link
Author

benkehoe commented Jun 30, 2020

Not having a default profile in ~/.aws/config is a good idea.

@lmancilla
Copy link

Additionally, you can use direnv to set your environment vars for a specific directory.

@hoegertn
Copy link

hoegertn commented Jul 1, 2020

I use

cat ~/.aws/config | grep "\[profile" | sed 's/\[profile \([a-zA-Z0-9_-]*\)\]/\1/'

to get the profiles for auto-completion. Might be faster than the CLI command.

@benkehoe
Copy link
Author

benkehoe commented Jul 1, 2020

I like it, but aws configure list-profiles handles profiles that are set only in ~/.aws/credentials (I know people who have this), plus when either file is missing, plus if AWS_CONFIG_FILE or AWS_SHARED_CREDENTIALS_FILE point to different locations.

@hoegertn
Copy link

hoegertn commented Jul 1, 2020

Sure it is the more general approach. I think you should use your version if you want to be compatible to different users. If you have full control of your own setup my approach might be faster but has some assumptions.

@revmischa
Copy link

have you considered: https://awsu.me/

@benkehoe
Copy link
Author

benkehoe commented Jul 6, 2020

Lots of people like AWSume and other tools like it, but I tend to prefer to go as lightweight as possible around AWS-produced tools, because I want to know how those tools can be improved. For all the good AWSume does, it also means people don't ask AWS to make the underlying product better. I don't want AWSume to be necessary!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment