Feature Request: Automatically populate [Default] with assumed profile about granted HOT 7 OPEN

According to the docs it looks like the ExportCredsToAWS config setting SHOULD do this, but I don't see it working as I'd expect.

Currently for me, if I set the setting to true, it's writing to the config file but not as [default] it's writing it as the profile name.

So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.

from granted.

According to the docs it looks like the ExportCredsToAWS config setting SHOULD do this, but I don't see it working as I'd expect.

Currently for me, if I set the setting to true, it's writing to the config file but not as [default] it's writing it as the profile name.

So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.

Thanks for verifying I'm not crazy 😄 The way I read the documentation for export, though, is it will simply populate with the profile name. Which, maybe some people want that or that's just how it's always been so I personally wouldn't change that behavior. I was going to suggest a -d flag so I could do an assume -d but that's already used. So I think just a settings flag that either 1) populates the assumed profile to [Default] instead of [<profile_name>] or 2) populates both [Default] and [<profile_name>] at the same time. But... ehh... I can see how keeping them separate would likely align with the overall system better so that I could run [Default] aws cli commands and --profile commands at the same time.

So yes... absolutely a feature request to let me populate any profile as [Default] if/when desired.

from granted.

@discotimetraveler you're definitely not crazy.

ExportCredToAWS is definitely writing to the credentials file, but it's definitely doing ProfileName/PermName. I was going to suggest an actual code change, but I didn't want to remove code that others may have needed, although admittedly I'm not sure WHY someone would want the credentials to be written for each specific Profile...

Hopefully, there's some clarity that comes out of this issue.

from granted.

I've never had to provide the --profile switch after assuming a role with assume?
Also, changing the [Default] in the ~/.aws/credentials file can lead to issues when using multiple sessions with different assumed roles.

from granted.

@IskanderNovena

I've never had to provide the --profile switch after assuming a role with assume?

My issue stems from my workflow really. I run tmux, when I run assume and then create a new pane in tmux I have to re-run assume for each window/window pane. Having it write to [default] ensured a system wide approach for valid credentials.

Also, changing the [Default] in the ~/.aws/credentials file can lead to issues when using multiple sessions with different assumed roles.

Can you clarify what the negative effect is here? I'd like to be more educated on the "why"

Although I think I found a work around for this using Zsh/Oh-My-Zsh coupled with the aws plugin.

from granted.

Can you clarify what the negative effect is here? I'd like to be more educated on the "why"

I mostly run multiple terminal sessions, using different assumed roles in each. I do this for testing the effects of changes to infrastructure-code that's used in multiple accounts, as well as administration of those accounts. I work for a cloud consultant company.

I'm running ZSH with Oh-My-Zsh and StarShip on macOS, with iTerm2 as terminal application, for what it's worth.

Having the option to define default behaviour to (not) write the profile settings to [Default] wouldn't break my workflow, and aid you in yours.

from granted.

@IskanderNovena I'm always amazed at the different workflows.
I see what your saying from your workflow, you're potentially using credentials for multiple clients could be troublesome for you.

I work for a team that just manages multiple AWS Accounts within a single organization.

Thank you for the clarity though, that makes sense from a "how is this tool being used perspective"

I'm going to DEFINITELY checkout Starship though, thank you for that :)

from granted.