s3-credentials
s3-credentials copied to clipboard
Provide a `--profile` option to allow AWS profile selection
Users with multiple AWS accounts can declare named profiles to manage the different sets of credentials/regions. It would be ideal if s3-credentials
accepted a --profile
argument, just like the aws
comand line tool.
It looks like this functionality is mostly there when setting AWS_PROFILE
. However, I still had to pass the --bucket-region
parameter even though I've declared the default region in ~/.aws/config
. It would be great to have the profile natively understood by the tool so that could be skipped.
$ cat ~/.aws/credentials
[personal]
aws_access_key_id = ABCD
aws_secret_access_key = EFg+H
$ cat ~/.aws/config
[profile personal]
region = eu-west-2
$ AWS_PROFILE=personal s3-credentials create s3-project --bucket-region eu-west-2 --statement '{
"Effect": "Allow",
"Action": "textract:*",
"Resource": "*"
}' --create-bucket > ocr.json
More fundamentally, the code should be using boto3 Sessions, rather than creating clients directly (which uses the default session). This makes it simple to add a --profile
option as well, since boto3.Session(profile_name=profile)
will resolve credentials as normal if profile
is None
. More details on sessions: https://ben11kehoe.medium.com/boto3-sessions-and-why-you-should-use-them-9b094eb5ca8e
Thanks, that's really useful - I think that's what I'd been missing here.