AWS Profile Management - lars-hagen/dotfiles GitHub Wiki

AWS Profile Management

This document describes the AWS profile management script located at bin/aws-profile-management.

Overview

The script provides automated AWS profile management with Browser integration for SSO login and direnv hooks for automatic profile assumption. It handles the technical aspects of AWS role assumption, particularly focusing on browser integration and automatic profile switching through direnv.

Requirements

  • direnv: For loading/unloading environment variables
  • granted: For AWS credentials management and role assumption

Installation

# Install direnv
brew install direnv

# Install granted
brew tap common-fate/granted
brew install common-fate/granted/granted

Configuration and Core Functions

Browser Integration and AWS Role Assumption

# Browser profile configuration for AWS SSO login:
# - Leave empty ("") to use system default browser
# - For Chrome, specify profile name (e.g., "Work" or "Default")
# - Works with any browser supported by granted
CHROME_PROFILE="Default"

run_assume() {
    if [ -n "$CHROME_PROFILE" ](/lars-hagen/dotfiles/wiki/--n-"$CHROME_PROFILE"-); then
        FORCE_NO_ALIAS=true assume "$1" --es --browser-launch-template-arg "--profile-directory=$CHROME_PROFILE"
    else
        FORCE_NO_ALIAS=true assume "$1" --es
    fi
}

What it does:

  • Configures browser behavior for AWS SSO login
  • Handles AWS role assumption with Chrome profile integration
  • Uses FORCE_NO_ALIAS to skip the alias creation prompt as its interactive prompt would break the script
  • Uses --es to export the SSO token so that the AWS CLI can use it
  • When CHROME_PROFILE is set, uses Chrome with the specified profile
  • Falls back to default browser when CHROME_PROFILE is empty

Direnv Integration

direnv_hook_for_envrc() {
    if [ -n "$DIRENV_DIR" && -n "$AWS_PROFILE" ](/lars-hagen/dotfiles/wiki/--n-"$DIRENV_DIR"-&&--n-"$AWS_PROFILE"-); then
        run_assume "$AWS_PROFILE"
    fi
}

# Add to the Direnv reload hook
precmd_functions+=(direnv_hook_for_envrc)

Setup and Operation

  1. Create an .envrc file in your project directory: 
    export AWS_PROFILE=your-profile-name
  2. Allow the configuration: 
    direnv allow

When you enter a directory with an .envrc file:

  • direnv loads the AWS_PROFILE environment variable
  • The direnv hook automatically runs assume with the configured Chrome profile
  • When leaving the directory, the environment is automatically unloaded

Integration

There are two ways to integrate this functionality:

  1. Source the script file (recommended):
source "$DOTFILES_DIR/bin/aws-profile-management"
  1. Copy directly into .zshrc:
    • Copy the contents of the script into your .zshrc
    • Remove the first line (#!/bin/zsh)
    • The functionality will be identical