aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard

Published 20 hours ago verified publisher icon aws

Add environment variable to configure assume-role-with-web-identity credential cache directory

Open jeremydonahue opened this issue 3 years ago • 2 comments
trafficstars

Issue #, if available: A description of the problem was discussed in #4374, which was closed by the author because they had a workaround. This addresses the problem directly.

Description of changes: This makes the credential cache directory (default: ~/.aws/cli/cache) used to store temporary credentials obtained using AssumeRoleWithWebIdentity configurable using the environment variable AWS_CREDENTIAL_CACHE_DIR. The use case is environments where the home directory is mounted as read-only. The cache directory being configurable means it can be pointed at a writable volume.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jeremydonahue avatar Jul 26 '22 19:07 jeremydonahue

Hi @jeremydonahue,

I added a comment at https://github.com/aws/aws-cli/issues/4374#issuecomment-1251306126. The main concern is that the AWS CLI can write to other directories as well, for example, the AWS SSO cache at ~/.aws/sso/cache. So, read only mounts would still affect this functionality.

kdaily avatar Sep 19 '22 17:09 kdaily

Thanks, I responded there.

jeremydonahue avatar Sep 19 '22 19:09 jeremydonahue