-
-
Save philpennock/5f7262dd57050e54648087ee3deb4f5e to your computer and use it in GitHub Desktop.
shim script for aws to use aws-vault as needed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -eu | |
aws=/usr/local/bin/aws | |
die() { printf >&2 '%s: %s\n' "$0" "$*"; exit 1; } | |
if ! [ -x "$aws" ]; then | |
case $0 in | |
/*) ;; | |
*) die "missing '${aws}' and not invoked with absolute path to skip self" ;; | |
esac | |
for candidate in $(which -a aws); do | |
[ "$candidate" != "$0" ] || continue | |
aws="$candidate" | |
break | |
done | |
[ -x "$aws" ] || die "missing an executable aws other than the shim" | |
fi | |
for last; do true; done | |
if [ "${1:-}" = "help" ] || [ "${last:-}" = "--help" ] || [ "${last:-}" = "help" ]; then | |
exec "$aws" "$@" | |
fi | |
# Already have an auth-token, avoid re-hitting aws-vault | |
if [ -n "${AWS_SESSION_TOKEN:-}" ]; then | |
exec "$aws" "$@" | |
fi | |
if [ -n "${AWS_ACCESS_KEY_ID:-}" ] && [ -n "${AWS_SECRET_ACCESS_KEY:-}" ]; then | |
exec "$aws" "$@" | |
fi | |
if [ -n "${AWS_PROFILE:-}" ]; then | |
exec aws-vault exec "$AWS_PROFILE" -- "$aws" "$@" | |
fi | |
die "missing credentials to choose dispatch to next-in-chain aws" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment