Adding the option to export AWS credentials with a command #6808
Conversation
Command to allow exporting of credentials
| 'No credentials available. Try running "aws configure" first.') | ||
| try: | ||
| credentials_data = credentials.get_frozen_credentials() | ||
| dump = {'aws_access_key_id': credentials_data.access_key, |
There was a problem hiding this comment.
Since this is a new command, without backward compat concerns, may I suggest using the same shape as is emitted by aws sts assume-role? it'd be one less special case for those wishing to consume the output
{
"Credentials": {
"AccessKeyId": "ASIA...",
"SecretAccessKey": "sekrit...",
"SessionToken": "bAsE64=",
"Expiration": "2022-04-13T17:24:10.189000+00:00"
}
}where obviously SessionToken and Expiration would be elided just like they are in your current output
There was a problem hiding this comment.
Hi @mdaniel, I'll try to make the changes as suggested
|
Tests need to pass before it can be reviewed. |
|
I'd say the JSON format should be the well-defined credential process format: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html aws-export-credentials provides a comprehensive reference implementation that you may want to take a look at, especially the extraction of credential expiration. |
|
Thanks for the suggestions @benkehoe! I'll try to work on that |
1 similar comment
|
Thanks for the suggestions @benkehoe! I'll try to work on that |
This PR builds on the interface proposed in aws#6808 and implements the additional features proposed in aws#7388. From the original PRs, the additional features are: * Added support for an explicit `--format` args to control the output format. * Add support for env vars, powershell/windows vars, and a JSON format that's enables this command to be used as a `credential_process`. * Detect, and prevent infinite recursion when the credential process resolution results in the CLI calling itself with the same command. Closes aws#7388 Closes aws#5261
This PR builds on the interface proposed in aws#6808 and implements the additional features proposed in aws#7388. From the original PRs, the additional features are: * Added support for an explicit `--format` args to control the output format. * Add support for env vars, powershell/windows vars, and a JSON format that's enables this command to be used as a `credential_process`. * Detect, and prevent infinite recursion when the credential process resolution results in the CLI calling itself with the same command. Closes aws#7388 Closes aws#5261
|
Thanks for working on this PR Hugo. #7398 has now been merged, which mentioned building off of the interface proposed here. Now that this command is available I think the PR can be closed: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/export-credentials.html. |
Issue #, if available:
This PR aims to solve #5261, which is adding the capability to the AWS CLI to export the credentials of the current session.
Description of changes:
aws configure export-credentialsfor the purpose of the solutionBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.