mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2024-12-19 20:29:45 +01:00
feat(aws)!: improve aws_change_access_key
(#11378)
BREAKING CHANGE: This commit removes compatibility for `aws` cli v1. Now only v2 is supported.
This commit is contained in:
parent
d889eca726
commit
673b9fc331
2 changed files with 37 additions and 11 deletions
|
@ -1,7 +1,8 @@
|
||||||
# aws
|
# aws
|
||||||
|
|
||||||
This plugin provides completion support for [awscli](https://docs.aws.amazon.com/cli/latest/reference/index.html)
|
This plugin provides completion support for [awscli v2](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html)
|
||||||
and a few utilities to manage AWS profiles/regions and display them in the prompt.
|
and a few utilities to manage AWS profiles/regions and display them in the prompt.
|
||||||
|
[awscli v1](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html) is no longer supported.
|
||||||
|
|
||||||
To use it, add `aws` to the plugins array in your zshrc file.
|
To use it, add `aws` to the plugins array in your zshrc file.
|
||||||
|
|
||||||
|
@ -12,9 +13,9 @@ plugins=(... aws)
|
||||||
## Plugin commands
|
## Plugin commands
|
||||||
|
|
||||||
* `asp [<profile>]`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to `<profile>`.
|
* `asp [<profile>]`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to `<profile>`.
|
||||||
It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`.
|
It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`.
|
||||||
Run `asp` without arguments to clear the profile.
|
Run `asp` without arguments to clear the profile.
|
||||||
* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection.
|
* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection.
|
||||||
|
|
||||||
* `asr [<region>]`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to `<region>`.
|
* `asr [<region>]`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to `<region>`.
|
||||||
Run `asr` without arguments to clear the profile.
|
Run `asr` without arguments to clear the profile.
|
||||||
|
@ -65,7 +66,7 @@ the current `$AWS_PROFILE` and `$AWS_REGION`. It uses four variables to control
|
||||||
|
|
||||||
Source profile credentials in `~/.aws/credentials`:
|
Source profile credentials in `~/.aws/credentials`:
|
||||||
|
|
||||||
```
|
```ini
|
||||||
[source-profile-name]
|
[source-profile-name]
|
||||||
aws_access_key_id = ...
|
aws_access_key_id = ...
|
||||||
aws_secret_access_key = ...
|
aws_secret_access_key = ...
|
||||||
|
@ -73,7 +74,7 @@ aws_secret_access_key = ...
|
||||||
|
|
||||||
Role configuration in `~/.aws/config`:
|
Role configuration in `~/.aws/config`:
|
||||||
|
|
||||||
```
|
```ini
|
||||||
[profile source-profile-name]
|
[profile source-profile-name]
|
||||||
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
|
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
|
||||||
region = us-east-1
|
region = us-east-1
|
||||||
|
|
|
@ -160,14 +160,39 @@ function aws_change_access_key() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Insert the credentials when asked."
|
local profile="$1"
|
||||||
asp "$1" || return 1
|
# Get current access key
|
||||||
AWS_PAGER="" aws iam create-access-key
|
local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
|
||||||
AWS_PAGER="" aws configure --profile "$1"
|
|
||||||
|
|
||||||
echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`"
|
asp "$profile" || return 1
|
||||||
|
echo "Generating a new access key pair for you now."
|
||||||
|
if aws --no-cli-pager iam create-access-key; then
|
||||||
|
echo "Insert the newly generated credentials when asked."
|
||||||
|
aws --no-cli-pager configure --profile $profile
|
||||||
|
else
|
||||||
|
echo "Current access keys:"
|
||||||
|
aws --no-cli-pager iam list-access-keys
|
||||||
|
echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? "
|
||||||
|
case $yn in
|
||||||
|
[Yy]*)
|
||||||
|
echo -n "\nDisabling access key ${original_aws_access_key_id}..."
|
||||||
|
if aws --no-cli-pager update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then
|
||||||
|
echo "done."
|
||||||
|
else
|
||||||
|
echo "\nFailed to disable ${original_aws_access_key_id} key."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo ""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`"
|
||||||
echo "Your current keys are:"
|
echo "Your current keys are:"
|
||||||
AWS_PAGER="" aws iam list-access-keys
|
aws --no-cli-pager iam list-access-keys
|
||||||
}
|
}
|
||||||
|
|
||||||
function aws_regions() {
|
function aws_regions() {
|
||||||
|
|
Loading…
Reference in a new issue