Is there a way to export an AWS CLI Profile to Environment Variables?
When working with certain third-party tools like Terraform, it\'s not easily possible to specify an AWS CLI profile, and I like working with the environment variables better
-
For sts assume role case, based on Frederic's idea, I figured out a workable shell script as followings:
aws-env.sh:
#!/bin/bash export AWS_ACCESS_KEY_ID=$(aws configure get default.aws_access_key_id) export AWS_SECRET_ACCESS_KEY=$(aws configure get default.aws_secret_access_key) export AWS_SESSION_TOKEN=$(aws configure get default.aws_session_token) echo AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID echo AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY echo AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN bash -iHope this helps.
讨论(0) -
For Zsh:
function aws-env { emulate -LR zsh profile=${1:-default} if [[ ${profile} == clear ]]; then unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY unset AWS_SESSION_TOKEN unset AWS_SECRET_KEY else AWS_ACCESS_KEY_ID="$(aws configure get aws_access_key_id --profile ${profile})" || return 1 AWS_SECRET_ACCESS_KEY="$(aws configure get aws_secret_access_key --profile ${profile})" || return 1 AWS_SESSION_TOKEN="$(aws configure get aws_session_token --profile ${profile})" || return 1 AWS_SECRET_KEY=${AWS_SECRET_ACCESS_KEY} export AWS_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY export AWS_SESSION_TOKEN export AWS_SECRET_KEY env | grep AWS_ | sort fi }讨论(0) -
There was no way previously, but there is now.
I wrote a script to do exactly this, aws-env:
usage: aws-env [-h] [-n] profile Extract AWS credentials for a given profile as environment variables. positional arguments: profile The profile in ~/.aws/credentials to extract credentials for. optional arguments: -h, --help show this help message and exit -n, --no-export Do not use export on the variables.If you trust the output of this program, you can use it within your shell session to export the variables of a given profile:
$ aws-env profile-name export AWS_ACCESS_KEY_ID=... export AWS_SECRET_ACCESS_KEY=... $ aws-env -n profile-name AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=...To export the variables into the current environment variables, execute the output as a command (again, once you have reviewed the source code ;]):
$ echo $AWS_ACCESS_KEY_ID $ $(aws-env profile-name) $ echo $AWS_ACCESS_KEY_ID AKJHC...讨论(0) -
you could use the following command to set your environment variable
aws configure get default.aws_access_key_id aws configure get default.aws_secret_access_keyif you have another profile you can change, another way to write is
aws configure get aws_access_key_id --profile <new_profile> aws configure get aws_secret_access_key --profile <new_profile>so for example it would be
export TF_VAR_access_key=`aws configure get default.aws_access_key_id`讨论(0) -
I like Kay's ideas of a script that exports the desired profile so I wrote one too:
PROFILES=$(awk -F"\\\]|\\\[" '/^\[/{print $2}' ~/.aws/credentials) select PROFILE in $PROFILES; do export AWS_ACCESS_KEY_ID="$(aws configure get aws_access_key_id --profile $PROFILE)" export AWS_SECRET_ACCESS_KEY="$(aws configure get aws_secret_access_key --profile $PROFILE)" export AWS_DEFAULT_REGION="$(aws configure get region --profile $PROFILE)" break done echo AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID echo AWS_SECRET_ACCESS_KEY=$(echo $AWS_SECRET_ACCESS_KEY|tr '[:print:]' '*') echo AWS_DEFAULT_REGION=$AWS_DEFAULT_REGIONJust put it in a file and then source (.) it from your shell.
讨论(0) -
None of these allow for role assumption in profiles (which I use heavily). I made the following very short script in python3 that uses boto3 to do the heavy lifting of role assumption and the like. It may be helpful.
#!/usr/bin/env python3 # export the AWS environment for a given profile import boto3 import argparse parser = argparse.ArgumentParser(prog="exportaws", description="Extract AWS credentials for a profile as env variables.") parser.add_argument("profile", help="profile name in ~/.aws/config.") args = parser.parse_args() creds = boto3.session.Session(profile_name=args.profile).get_credentials() print(f'export AWS_ACCESS_KEY={creds.access_key}') print(f'export AWS_SECRET_ACCESS_KEY={creds.secret_key}') print(f'export AWS_SESSION_TOKEN={creds.token}')讨论(0)
加载中...
- 热议问题