-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Construct the credentials from environment variables #407
Comments
@UnleashedMind Our company is facing the same issue. Could you please provide any timeline for this feature? |
Same. I tried to make a workaround per https://docs.aws.amazon.com/cli/latest/topic/config-vars.html, using So instead I wrote a script to modify the keys in the `.aws/credentials' file, adding it to my existing script for setting up my environment.
Note, you must manually add your profile into
|
I have managed to a solution working with aws-vault which uses MFA and is federated from a parent account that only deals with useraccess. It works as follows. my ./aws/config looks like
You can then run: When you are asked for Please choose the profile you want to use you can then choose
Everything after that can be ran as:
|
Can you please stop being the worst AWS project ever. |
Any clues as to why my comment was deleted? |
It would be nice if CLI had a way to do this. When asking for credentials options being able to say "please just use my AWS_*" environment variables. Especially since the CLI is so "bad" at prompting for MFA creds. Half the time I forget and just stare at a spinning wheel (macos), then remember.. "Oh, it is prompting me for a new MFA entry that is nicely hidden behind the spinning wheel". |
Just upgraded to 4.50.0 and now it seems there is no way to fetch credentials from the environment. Not sure if that was ripped out earlier, but either way seems like a step in the wrong direction. Must be one of the only aws cli tools that doesn't support that functionality? |
Yeah, 4.50.0 doesn't allow you to use environment variables for access keys. If it worked before, it definitely doesn't work now. |
@DarkSector from my testing |
Can confirm 4.46.0 allows you to use environment variables by selecting AWS Profile as the option. |
I confirm recent versions (4.52.0) allow deploy (init + push) via environment variables:
Unfortunately those credentials must be OBTAINED FROM A USER, and not a more secure option like temporary credentials by assuming a IAM Role via STS because Amplify does not provide a way to pass the:
Please add support by passing all 3 items required by AWS authorization. |
+1 Having amplify not supporting STS and short leave tokens is problematic from a compliance stand point. |
Hey @cyrfer and @olivierpichon STS support has since been added to the Amplify CLI, and the CLI will read from the Closing issue |
Hi @josefaidt, could you please explain how I get amplify CLI to read this |
@nerdyness amplify CLI can't read credentials as environment variables as of You can use the
|
related #10484 |
Amplify accepting env variables would help for devcontainers also. Been looking how to get amplify to load a profile from codespace secrets and ran across this issue. Fixing to look into abusing credential_process with a node script but would be nice if it was supported upstream |
Is your feature request related to a problem? Please describe.
We don't have any IAM users in the AWS accounts in which we run our solutions. We always interact with the AWS accounts with federated users. We are not allowed to store access key ids and secrets outside a vault (we are using macos keychain). For command-line scripts we use aws-vault (see additional context for an example).
Describe the solution you'd like
I would like that
amplify cli
constructs the credentials from environment variables just like the regularaws cli
. This is a generic solution not specific to any tool. A tool like aws-vault generates the necessary environment variables.Describe alternatives you've considered
There is no workaround that is compliant with our company policies.
Additional context
amplify --version
>0.1.32
Running the init command now fails:
Note we want to leave the accessKeyId and secretAccessKey empty, because they are provided in environment variables.
The text was updated successfully, but these errors were encountered: