1 files changed, 47 insertions, 10 deletions

diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh
index 1c386a3e1..c946515be 100644
--- a/plugins/aws/aws.plugin.zsh
+++ b/plugins/aws/aws.plugin.zsh
@@ -9,7 +9,7 @@ function agr() {
 # AWS profile selection
 function asp() {
   if [[ -z "$1" ]]; then
-    unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE
+    unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_PROFILE_REGION
     echo AWS profile cleared.
     return
   fi
@@ -26,6 +26,8 @@ function asp() {
   export AWS_PROFILE=$1
   export AWS_EB_PROFILE=$1
 
+  export AWS_PROFILE_REGION=$(aws configure get region)
+
   if [[ "$2" == "login" ]]; then
     aws sso login
   fi
@@ -158,14 +160,39 @@ function aws_change_access_key() {
     return 1
   fi
 
-  echo "Insert the credentials when asked."
-  asp "$1" || return 1
-  AWS_PAGER="" aws iam create-access-key
-  AWS_PAGER="" aws configure --profile "$1"
+  local profile="$1"
+  # Get current access key
+  local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
+
+  asp "$profile" || return 1
+  echo "Generating a new access key pair for you now."
+  if aws --no-cli-pager iam create-access-key; then
+    echo "Insert the newly generated credentials when asked."
+    aws --no-cli-pager configure --profile $profile
+  else
+    echo "Current access keys:"
+    aws --no-cli-pager iam list-access-keys
+    echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`"
+    return 1
+  fi
 
-  echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`"
+  read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? "
+  case $yn in
+    [Yy]*)
+      echo -n "\nDisabling access key ${original_aws_access_key_id}..."
+      if aws --no-cli-pager iam update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then
+        echo "done."
+      else
+        echo "\nFailed to disable ${original_aws_access_key_id} key."
+      fi
+      ;;
+    *)
+      echo ""
+      ;;
+  esac
+  echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`"
   echo "Your current keys are:"
-  AWS_PAGER="" aws iam list-access-keys
+  aws --no-cli-pager iam list-access-keys
 }
 
 function aws_regions() {
@@ -194,15 +221,25 @@ compctl -K _aws_profiles asp acp aws_change_access_key
 
 # AWS prompt
 function aws_prompt_info() {
-  if [[ -z $AWS_REGION && -z $AWS_PROFILE ]];then return; fi
-  echo "${ZSH_THEME_AWS_PROFILE_PREFIX:=<aws:}${AWS_PROFILE}${ZSH_THEME_AWS_PROFILE_SUFFIX:=>} ${ZSH_THEME_AWS_REGION_PREFIX:=<region:}${AWS_REGION}${ZSH_THEME_AWS_REGION_SUFFIX:=>}"
+  local _aws_to_show
+  local region="${AWS_REGION:-${AWS_DEFAULT_REGION:-$AWS_PROFILE_REGION}}"
+
+  if [[ -n "$AWS_PROFILE" ]];then
+    _aws_to_show+="${ZSH_THEME_AWS_PROFILE_PREFIX="<aws:"}${AWS_PROFILE}${ZSH_THEME_AWS_PROFILE_SUFFIX=">"}"
+  fi
+
+  if [[ -n "$region" ]]; then
+    [[ -n "$_aws_to_show" ]] && _aws_to_show+="${ZSH_THEME_AWS_DIVIDER=" "}"
+    _aws_to_show+="${ZSH_THEME_AWS_REGION_PREFIX="<region:"}${region}${ZSH_THEME_AWS_REGION_SUFFIX=">"}"
+  fi
+
+  echo "$_aws_to_show"
 }
 
 if [[ "$SHOW_AWS_PROMPT" != false && "$RPROMPT" != *'$(aws_prompt_info)'* ]]; then
   RPROMPT='$(aws_prompt_info)'"$RPROMPT"
 fi
 
-
 # Load awscli completions
 
 # AWS CLI v2 comes with its own autocompletion. Check if that is there, otherwise fall back