Home Explore Help
Sign In
HonorLee
/
ohmyzsh
mirror of https://github.com/ohmyzsh/ohmyzsh.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a7efd96a60
Branches Tags
ohmyzsh
/
plugins
/
aws
Mike Mattice fe9d87d6dc feat(aws): accept aws mfa tokencode on `acp` cli call (#10130) 2 years ago
..
README.md fe9d87d6dc feat(aws): accept aws mfa tokencode on `acp` cli call (#10130) 2 years ago
aws.plugin.zsh fe9d87d6dc feat(aws): accept aws mfa tokencode on `acp` cli call (#10130) 2 years ago

README.md

aws

This plugin provides completion support for awscli and a few utilities to manage AWS profiles and display them in the prompt.

To use it, add aws to the plugins array in your zshrc file.

plugins=(... aws)

Plugin commands

  • asp [<profile>]: sets $AWS_PROFILE and $AWS_DEFAULT_PROFILE (legacy) to <profile>. It also sets $AWS_EB_PROFILE to <profile> for the Elastic Beanstalk CLI. Run asp without arguments to clear the profile.

  • asp [<profile>] login: If AWS SSO has been configured in your aws profile, it will run the aws sso login command following profile selection.

  • acp [<profile>] [<mfa_token>]: in addition to asp functionality, it actually changes the profile by assuming the role specified in the <profile> configuration. It supports MFA and sets $AWS_ACCESS_KEY_ID, $AWS_SECRET_ACCESS_KEY and $AWS_SESSION_TOKEN, if obtained. It requires the roles to be configured as per the official guide. Run acp without arguments to clear the profile.

  • agp: gets the current value of $AWS_PROFILE.

  • aws_change_access_key: changes the AWS access key of a profile.

  • aws_profiles: lists the available profiles in the $AWS_CONFIG_FILE (default: ~/.aws/config). Used to provide completion for the asp function.

Plugin options

  • Set SHOW_AWS_PROMPT=false in your zshrc file if you want to prevent the plugin from modifying your RPROMPT. Some themes might overwrite the value of RPROMPT instead of appending to it, so they'll need to be fixed to see the AWS profile prompt.

Theme

The plugin creates an aws_prompt_info function that you can use in your theme, which displays the current $AWS_PROFILE. It uses two variables to control how that is shown:

  • ZSH_THEME_AWS_PREFIX: sets the prefix of the AWS_PROFILE. Defaults to <aws:.

  • ZSH_THEME_AWS_SUFFIX: sets the suffix of the AWS_PROFILE. Defaults to >.

Configuration

Configuration and credential file settings by AWS

Scenario: IAM roles with a source profile and MFA authentication

Source profile credentials in ~/.aws/credentials:

[source-profile-name]
aws_access_key_id = ...
aws_secret_access_key = ...

Role configuration in ~/.aws/config:

[profile source-profile-name]
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
region = us-east-1
output = json

[profile profile-with-role]
role_arn = arn:aws:iam::9999999999999:role/myrole
mfa_serial = arn:aws:iam::111111111111:mfa/myuser
source_profile = source-profile-name
region = us-east-1
output = json