Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So I had an observation about AWS scripting that I'd like to share. I've been working on some AWS scripts lately for both personal projects and stuff we deploy at work, which means that I often use 2 sets of credentials.

A lot of people on Github/SO seem to like to set their AWS credentials as env variables in their scripts. I was doing this myself (since it seemed like the established pattern), but then found out aws cli has a --profile option. You store everything in the ~/.aws/credentials file instead of on an env variable and simply switch the profile you use when executing the script.

This works better for me when managing multiple credentials and doesn't allow the off-chance of uploading my credentials to a remote git repo. I was curious if people just didn't know about this option or if setting your credentials within the script is preferred for some reason.



If you are writing a demo, it make sense to encapsulate all of the credentials directly in the script, so that it can be comprehended as a single file. How you actually include your credentials will depend on your use case, so it shouldn't be part of the proof-of-concept.


Yes, it's a godsend .. soo much easier than baking in credentials. If you are using the PowerShell tools, you can also set it up so that your PowerShell session always starts with a particular set of credentials (e.g. Dev). Not sure if you can do the same with the CLI.


It would be fantastic if their was better CLI support for SAML auth in the AWS CLI.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: