Comments (7)
According to the docs it looks like the ExportCredsToAWS
config setting SHOULD do this, but I don't see it working as I'd expect.
Currently for me, if I set the setting to true, it's writing to the config file but not as [default
] it's writing it as the profile name.
So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.
from granted.
According to the docs it looks like the
ExportCredsToAWS
config setting SHOULD do this, but I don't see it working as I'd expect.Currently for me, if I set the setting to true, it's writing to the config file but not as
[default
] it's writing it as the profile name.So I Think something is a miss in the code. Hoping eyes can get on this or maybe I can take a stab at it.
Thanks for verifying I'm not crazy 😄 The way I read the documentation for export, though, is it will simply populate with the profile name. Which, maybe some people want that or that's just how it's always been so I personally wouldn't change that behavior. I was going to suggest a -d
flag so I could do an assume -d
but that's already used. So I think just a settings flag that either 1) populates the assumed profile to [Default] instead of [<profile_name>] or 2) populates both [Default] and [<profile_name>] at the same time. But... ehh... I can see how keeping them separate would likely align with the overall system better so that I could run [Default] aws cli commands and --profile commands at the same time.
So yes... absolutely a feature request to let me populate any profile as [Default] if/when desired.
from granted.
@discotimetraveler you're definitely not crazy.
ExportCredToAWS
is definitely writing to the credentials file, but it's definitely doing ProfileName/PermName
. I was going to suggest an actual code change, but I didn't want to remove code that others may have needed, although admittedly I'm not sure WHY someone would want the credentials to be written for each specific Profile...
Hopefully, there's some clarity that comes out of this issue.
from granted.
I've never had to provide the --profile
switch after assuming a role with assume?
Also, changing the [Default]
in the ~/.aws/credentials
file can lead to issues when using multiple sessions with different assumed roles.
from granted.
I've never had to provide the
--profile
switch after assuming a role with assume?
My issue stems from my workflow really. I run tmux
, when I run assume
and then create a new pane in tmux
I have to re-run assume
for each window/window pane. Having it write to [default]
ensured a system wide approach for valid credentials.
Also, changing the
[Default]
in the~/.aws/credentials
file can lead to issues when using multiple sessions with different assumed roles.
Can you clarify what the negative effect is here? I'd like to be more educated on the "why"
Although I think I found a work around for this using Zsh/Oh-My-Zsh coupled with the aws
plugin.
from granted.
Can you clarify what the negative effect is here? I'd like to be more educated on the "why"
I mostly run multiple terminal sessions, using different assumed roles in each. I do this for testing the effects of changes to infrastructure-code that's used in multiple accounts, as well as administration of those accounts. I work for a cloud consultant company.
I'm running ZSH with Oh-My-Zsh and StarShip on macOS, with iTerm2 as terminal application, for what it's worth.
Having the option to define default behaviour to (not) write the profile settings to [Default]
wouldn't break my workflow, and aid you in yours.
from granted.
@IskanderNovena I'm always amazed at the different workflows.
I see what your saying from your workflow, you're potentially using credentials for multiple clients could be troublesome for you.
I work for a team that just manages multiple AWS Accounts within a single organization.
Thank you for the clarity though, that makes sense from a "how is this tool being used perspective"
I'm going to DEFINITELY checkout Starship though, thank you for that :)
from granted.
Related Issues (20)
- IAM Federated logins (console) should have easily attributable username in Cloudtrail list view.
- BaseProfile variable defined in config.yml for Profile Registries does not work
- Add option to clear the whole Granted cache
- [Feature request] Use a specific browser profile for authentication HOT 5
- File keychain backend should bail in credential process rather than hanging HOT 1
- Prefix-Duplicate-Profiles flag not respected
- Discrepancy in the behavior when '--save-to' and '--export' flags are used together
- No documentation on how to uninstall
- Keychain backend not working on Macs (v0.24.0) HOT 10
- For granted sso generate/populate commands add support to persist preferences in .granted/config HOT 1
- Only enable auto-refresh when all necessary fields exist in .aws/config HOT 1
- SSO populate does not work if the user has no accounts granted: max must be greater than 0
- `granted console` fails with code 400 HOT 5
- Improve docs on building from source
- It should be possible to use Granted with Firefox without installing the extension
- --profile flag does not initiate Common Fate JIT
- granted sso generate is not returning all accounts HOT 3
- Add support for sso-session to populate/generate command
- Compatibility problem with VSCode AWS extensions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from granted.