carlnordenfelt/AWS_Credentials.md

## aliases.sh
#!/bin/bash

function _awsListAll {
    credentialFileLocation=${AWS_SHARED_CREDENTIALS_FILE}
    if [ -z $credentialFileLocation ]; then
        credentialFileLocation=~/.aws/credentials
    fi

    while read line; do
        if [[ $line == "["* ]]; then
            echo "$line"
        fi
    done < $credentialFileLocation
};

function _awsSwitchProfile {
    if [ -z $1 ]; then
        echo "Usage: awsp profilename"
        return
    fi

    export AWS_DEFAULT_PROFILE=$1
    export AWS_PROFILE=$1
    export AWS_REGION=$(aws configure get region --profile $1)
    export AWS_SDK_LOAD_CONFIG="true" # This export will allow you to use assumed roles with the sdks (tested for nodejs)

    echo "Switched to AWS Profile: $1"
    aws configure list
};

function _awsSsoSignin {
  aws sso login --profile ${1}
  _awsSwitchProfile ${1}
}

## AWS_Credentials.md

      
    Raw
  

              AWS_Credentials.md
            
          
    Adding these scripts will give you the following aliases on your command line.
Note: the scripts are only tested on OSX

awsall - Lists all available AWS profiles. Note that the list is based on the .aws/credentials file.
awswho - Lets you know what profile you are currently using
awsp profilename - Quickly swap to the provided profile name
awssso profilename - Similar to awsp but specifically for IAM Identity Center users (AWS SSO)

Setup


Create ~/.aws/alises.sh and copy the contents of the snippet.
Update ~/.bash_profile with the contents of that snippet
Ensure that you configure the AWS CLI using ~/.aws/config & ~/.aws/credentials. See examples.


## bash_profile
. ~/.aws/aliases.sh
alias awsall="_awsListAll"
alias awsp="_awsSwitchProfile"
alias awswho="aws configure list"
alias awssso="_awsSsoSignin"

# Example alias for code artifact login using a pre-configured profile (npm)
alias awsca="awsp example-role && aws codeartifact login --tool npm --domain my-domain --repository my-repo --namespace my-namespace"

## config
#### IAM User without mfa (access key/secret key)
[profile example-user]
output = json
region = eu-west-1
signature_version = s3v4


# IAM Role with MFA (assume role)
[profile example-role]
source_profile=example-user
role_arn=arn:aws:iam::1234546789012:role/RoleName
mfa_serial=arn:aws:iam::1234546789012:mfa/username


#### AWS IAM Identity Center Example (SSO)
[profile example-sso]
sso_start_url = https://myapp.awsapps.com/start#
sso_region = eu-west-1
sso_registration_scopes = sso:account:access
sso_account_id = 1234546789012
sso_role_name = MyIamIdentityCenterRole
region = eu-west-1

## credentials
[example-user]
aws_access_key_id = AKIAXXXXXXXXXXXXXXX
aws_secret_access_key = {SECRET_KEY}


# Listed as a placeholders to ensure that they appear in the list when running 'awsall'
[example-role]
[example-sso]
	#!/bin/bash

	function _awsListAll {
	credentialFileLocation=${AWS_SHARED_CREDENTIALS_FILE}
	if [ -z $credentialFileLocation ]; then
	credentialFileLocation=~/.aws/credentials
	fi

	while read line; do
	if [[ $line == "["* ]]; then
	echo "$line"
	fi
	done < $credentialFileLocation
	};

	function _awsSwitchProfile {
	if [ -z $1 ]; then
	echo "Usage: awsp profilename"
	return
	fi

	export AWS_DEFAULT_PROFILE=$1
	export AWS_PROFILE=$1
	export AWS_REGION=$(aws configure get region --profile $1)
	export AWS_SDK_LOAD_CONFIG="true" # This export will allow you to use assumed roles with the sdks (tested for nodejs)

	echo "Switched to AWS Profile: $1"
	aws configure list
	};

	function _awsSsoSignin {
	aws sso login --profile ${1}
	_awsSwitchProfile ${1}
	}
	. ~/.aws/aliases.sh
	alias awsall="_awsListAll"
	alias awsp="_awsSwitchProfile"
	alias awswho="aws configure list"
	alias awssso="_awsSsoSignin"

	# Example alias for code artifact login using a pre-configured profile (npm)
	alias awsca="awsp example-role && aws codeartifact login --tool npm --domain my-domain --repository my-repo --namespace my-namespace"
	#### IAM User without mfa (access key/secret key)
	[profile example-user]
	output = json
	region = eu-west-1
	signature_version = s3v4


	# IAM Role with MFA (assume role)
	[profile example-role]
	source_profile=example-user
	role_arn=arn:aws:iam::1234546789012:role/RoleName
	mfa_serial=arn:aws:iam::1234546789012:mfa/username


	#### AWS IAM Identity Center Example (SSO)
	[profile example-sso]
	sso_start_url = https://myapp.awsapps.com/start#
	sso_region = eu-west-1
	sso_registration_scopes = sso:account:access
	sso_account_id = 1234546789012
	sso_role_name = MyIamIdentityCenterRole
	region = eu-west-1
	[example-user]
	aws_access_key_id = AKIAXXXXXXXXXXXXXXX
	aws_secret_access_key = {SECRET_KEY}


	# Listed as a placeholders to ensure that they appear in the list when running 'awsall'
	[example-role]
	[example-sso]