Launch a shell with access to AWS credentials

aws-shell

#!/usr/bin/env bash
#
# aws-shell - Launch a shell with access to AWS credentials.
#
# Credentials are read from lastpass using `lastpass-cli`. The key id for your
# account (which can be found via `lpass ls` is expected to be in the file
# `.lastpass-key-id`.
#
# Released as CC0 1.0.
# Full license available: https://creativecommons.org/publicdomain/zero/1.0/

set -euo pipefail

declare -A SHELLS

SHELLS[bash]="
if [[ -e ~etc/bashrc ]]; then
    source /etc/bashrc
fi

if [[ -e ~/.bashrc ]]; then
    source ~/.bashrc
fi

export PS1=\"(AWS)\${PS1}\"
"

SHELLS[fish]="
functions -c fish_prompt __aws_shell_old_fish_prompt
function fish_prompt
    printf '%s(%s%s%s) ' (set_color normal) (set_color red) AWS (set_color normal)
    __aws_shell_old_fish_prompt
end
"

SHELL_KEY="$(basename "${SHELL}")"
if [[ -z "${SHELLS["${SHELL_KEY}"]+}" ]]; then
    echo 2>&1 "Unsupported shell: ${SHELL_KEY}"
    exit 1
fi

# Default to regular pinentry if we don't have this defined.
LPASS_PINENTRY="${LPASS_PINENTRY:-$(which pinentry)}"

read LASTPASS_KEY_ID < .lastpass-key-id

read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCCES_KEY < <(
    lpass show --all "${LASTPASS_KEY_ID}" | awk '
        /Username|Password/ { printf "%s", %2 }
        END { printf "\n" }
    ')

export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY

case "${SHELL_KEY}" in
    fish)
        exec "${SHELL}" -C "${SHELLS["fish"]}"
        ;;

    bash)
        exec "${SHELL}" --rcfile <(echo "${SHELLS["bash"]}")
        ;;
esac