Add support for aws-vault profiles

[larsx2]

We use AWS Vault (https://github.com/99designs/aws-vault) with most organizations we work with usually in combination with MFA.

When I started cloudash the profile select box showed No data even tho I do have plenty. The issue was that the credentials were stored in my keychain (macOS) and not the normal way in .aws/config or .aws/credentials.

For cloudash to work I had to create an API Key and store the access and secret key in the .aws directory so it can be detected.

Few questions:

• Is support for keychain-stored profiles in the roadmap?
• Does cloudash support MFA?
• What is the minimal IAM policy I could use in case I create an specific user for the cloudash app to access my cloudwatch logs and figure out my resources in cloudformation?

Aside of that great work! Loving the UI/UX.

[mthenw]

@larsx2 thanks for reaching out!

Is support for keychain-stored profiles in the roadmap?

Not yet.

Does cloudash support MFA?

It does. MFA and SSO profiles.

What is the minimal IAM policy I could use in case I create an specific user for the cloudash app to access my cloudwatch logs and figure out my resources in cloudformation?

cloudwatch:GetMetricData
logs:FilterLogEvents
cloudformation:ListStacks
cloudformation:ListStackResources
cloudformation:DescribeStackEvents

[mlafeldt]

I'm also using aws-vault rather than hardcoded credentials in plaintext files.

I found this workaround while evaluating Cloudash.

Start the app like this:

aws-vault exec $YOUR_PROFILE --no-session -- open -a /Applications/Cloudash.app

Then select "Environment Variables" when adding a service.

It means that you need to restart the app to switch profiles, but it's better than nothing IMO.