oh-my-zsh plugin for aws-vault providing a couple of functions that integrate aws-vault seamlessly with the AWS_PROFILE
environment variable.
This is most useful when used alongside a profile-switching tool, such as awsp.
This plugin is intended to be used with oh-my-zsh. To install it with that framework:
- Clone the repo to the Oh My ZSH plugins directory:
$ git clone https://github.com/jonscheiding/zsh-plugin-aws-vault-profiles $ZSH_CUSTOM/plugins/aws-vault-profiles
- In your
.zshrc
, addaws-vault-profiles
to your plugins list:plugins=(git ruby ... aws-vault-profiles)
This plugin does not depend on any Oh My ZSH functionality, so you can also use it with plain ZSH:
- Clone the repo somewhere:
$ git clone https://github.com/jonscheiding/zsh-plugin-aws-vault-profiles ~/.zsh-plugin-aws-vault-profiles
- In your
.zshrc
, source the plugin file:source ~/.zsh-plugin-aws-vault-profiles/awsvault.plugin.zsh
This plugin provides the following features:
Executes a command with aws-vault
, using the profile set in the $AWS_PROFILE
environment variable (or
default, if none is set).
If no command is provided, executes into an aws-vault
shell.
So, the following are roughly equivalent:
$ awsv run-some-command
$ aws-vault exec ${AWS_PROFILE:-default} -- run-some-command
As are the following:
$ awsv
$ aws-vault exec ${AWS_PROFILE:-default}
The main difference is that if you are already in an aws-vault
shell (detected by the existence of an
$AWS_VAULT
environment variable), it will not nest you into another one; it will just execute the command
directly.
Generate temporary credentials using the profile set in the $AWS_PROFILE
environment variable (or default,
if none is set), and stores them under that profile in your $AWS_SHARED_CREDENTIALS_FILE
(by default,
~/.aws/credentials
).
This is useful for commands which have a hard-coded expectation that they will find credentials in that file, vs using the various resolution mechanisms exposed by the AWS SDK. The AWS Amplify CLI is an example of this.
If awsc
is provided with a command, it will execute that command directly after storing the temporary
credentials.
So, the following are roughly equivalent:
$ awsc run-some-command
$ aws-vault exec ${AWS_PROFILE:-default} -- bash -c 'echo $AWS_ACCESS_KEY_ID; echo $AWS_SECRET_ACCESS_KEY; echo $AWS_SESSION_TOKEN'
$ # Place the provided values in ~/.aws/credentials
$ run-some-command
This command requires the crudini tool.
This plugin defines a prompt segment called awsvault
which you can use with various Oh My ZSH themes such as
powerlevel10k. It will show the current value of the
$AWS_PROFILE
variable, along with an icon indicating whether you are inside an aws-vault
session.