This is a really small tool with 1 dependency, so while it hasn't been updated for 2 years, it's still very much "maintained".
This is intended as a drop in replacementish (you'll need aws-vault too) for aws-profile.
aws-profile is a tool that allows you to run arbitrary commands within specific aws profiles. It stores credentials in plaintext.
aws-vault is a tool that does roughly the same thing. One key difference is that it encrypts your credentials in an appropriate backend. This feels like a good idea.
Some teams have scripts that depend on aws-profile, in order to invoke commands across a variety of AWS accounts and/or roles.
This enables all team members to use aws-vault, but still use the legacy scripts that use aws-profile.
Both tools use profiles that can be configured via ~/.aws/config.
- If you are using
~/.aws/credentialsfor profile mapping, port these to~/.aws/config - Delete
~/.aws/credentials - Install aws-vault, and add your credentials from
~/.aws/credentials. - Ensure aws-profile is removed
- Add your credentials to aws-vault as appropriate
- Download this tool from github releases and symlink it as
aws-profileon your $PATH. - Use it like
aws-profile
- Clone the repository
- Ensure you have a Rust compiler installed
cargo build --release
The entire project is defined in src/main.rs, including the tests.
Run cargo test
MFA tokens must be entered every time?
If you use include_profile option instead of source_profile, you will find this issue goes away.
1hr max sessions?
If your abitrary command needs to run for longer than 1hr, then the token will expire.
In order to support this use case, we'd need some kind of environment variable to set aws-vault's --no-session flag.
