s3-credentials icon indicating copy to clipboard operation
s3-credentials copied to clipboard

Published 20 hours ago verified publisher icon simonw

Provide a `--profile` option to allow AWS profile selection

Open nk9 opened this issue 1 year ago • 3 comments

Users with multiple AWS accounts can declare named profiles to manage the different sets of credentials/regions. It would be ideal if s3-credentials accepted a --profile argument, just like the aws comand line tool.

nk9 avatar Jul 02 '22 16:07 nk9

It looks like this functionality is mostly there when setting AWS_PROFILE. However, I still had to pass the --bucket-region parameter even though I've declared the default region in ~/.aws/config. It would be great to have the profile natively understood by the tool so that could be skipped.

$ cat ~/.aws/credentials
[personal]
aws_access_key_id = ABCD
aws_secret_access_key = EFg+H
$ cat ~/.aws/config
[profile personal]
region = eu-west-2
$ AWS_PROFILE=personal s3-credentials create s3-project --bucket-region eu-west-2 --statement '{
  "Effect": "Allow",
  "Action": "textract:*",
  "Resource": "*"
}' --create-bucket > ocr.json

nk9 avatar Jul 02 '22 18:07 nk9

More fundamentally, the code should be using boto3 Sessions, rather than creating clients directly (which uses the default session). This makes it simple to add a --profile option as well, since boto3.Session(profile_name=profile) will resolve credentials as normal if profile is None. More details on sessions: https://ben11kehoe.medium.com/boto3-sessions-and-why-you-should-use-them-9b094eb5ca8e

benkehoe avatar Nov 15 '22 16:11 benkehoe

Thanks, that's really useful - I think that's what I'd been missing here.

simonw avatar Nov 16 '22 06:11 simonw