feat(aws)!: improve aws_change_access_key (#11378)

BREAKING CHANGE: This commit removes compatibility for `aws` cli v1. Now only v2 is supported.
This commit is contained in:
Mark Keisler 2023-04-18 03:36:07 -05:00 committed by GitHub
parent d889eca726
commit 673b9fc331
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 11 deletions

View file

@ -1,7 +1,8 @@
# aws # aws
This plugin provides completion support for [awscli](https://docs.aws.amazon.com/cli/latest/reference/index.html) This plugin provides completion support for [awscli v2](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html)
and a few utilities to manage AWS profiles/regions and display them in the prompt. and a few utilities to manage AWS profiles/regions and display them in the prompt.
[awscli v1](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html) is no longer supported.
To use it, add `aws` to the plugins array in your zshrc file. To use it, add `aws` to the plugins array in your zshrc file.
@ -12,9 +13,9 @@ plugins=(... aws)
## Plugin commands ## Plugin commands
* `asp [<profile>]`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to `<profile>`. * `asp [<profile>]`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to `<profile>`.
It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`. It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`.
Run `asp` without arguments to clear the profile. Run `asp` without arguments to clear the profile.
* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. * `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection.
* `asr [<region>]`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to `<region>`. * `asr [<region>]`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to `<region>`.
Run `asr` without arguments to clear the profile. Run `asr` without arguments to clear the profile.
@ -65,7 +66,7 @@ the current `$AWS_PROFILE` and `$AWS_REGION`. It uses four variables to control
Source profile credentials in `~/.aws/credentials`: Source profile credentials in `~/.aws/credentials`:
``` ```ini
[source-profile-name] [source-profile-name]
aws_access_key_id = ... aws_access_key_id = ...
aws_secret_access_key = ... aws_secret_access_key = ...
@ -73,7 +74,7 @@ aws_secret_access_key = ...
Role configuration in `~/.aws/config`: Role configuration in `~/.aws/config`:
``` ```ini
[profile source-profile-name] [profile source-profile-name]
mfa_serial = arn:aws:iam::111111111111:mfa/myuser mfa_serial = arn:aws:iam::111111111111:mfa/myuser
region = us-east-1 region = us-east-1

View file

@ -160,14 +160,39 @@ function aws_change_access_key() {
return 1 return 1
fi fi
echo "Insert the credentials when asked." local profile="$1"
asp "$1" || return 1 # Get current access key
AWS_PAGER="" aws iam create-access-key local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
AWS_PAGER="" aws configure --profile "$1"
echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`" asp "$profile" || return 1
echo "Generating a new access key pair for you now."
if aws --no-cli-pager iam create-access-key; then
echo "Insert the newly generated credentials when asked."
aws --no-cli-pager configure --profile $profile
else
echo "Current access keys:"
aws --no-cli-pager iam list-access-keys
echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`"
return 1
fi
read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? "
case $yn in
[Yy]*)
echo -n "\nDisabling access key ${original_aws_access_key_id}..."
if aws --no-cli-pager update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then
echo "done."
else
echo "\nFailed to disable ${original_aws_access_key_id} key."
fi
;;
*)
echo ""
;;
esac
echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`"
echo "Your current keys are:" echo "Your current keys are:"
AWS_PAGER="" aws iam list-access-keys aws --no-cli-pager iam list-access-keys
} }
function aws_regions() { function aws_regions() {