diff options
Diffstat (limited to 'plugins/aws')
| -rw-r--r-- | plugins/aws/README.md | 13 | ||||
| -rw-r--r-- | plugins/aws/aws.plugin.zsh | 57 |
2 files changed, 55 insertions, 15 deletions
diff --git a/plugins/aws/README.md b/plugins/aws/README.md index e1e355741..9e1e055b8 100644 --- a/plugins/aws/README.md +++ b/plugins/aws/README.md @@ -1,7 +1,8 @@ # aws -This plugin provides completion support for [awscli](https://docs.aws.amazon.com/cli/latest/reference/index.html) +This plugin provides completion support for [awscli v2](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html) and a few utilities to manage AWS profiles/regions and display them in the prompt. +[awscli v1](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html) is no longer supported. To use it, add `aws` to the plugins array in your zshrc file. @@ -12,9 +13,9 @@ plugins=(... aws) ## Plugin commands * `asp [<profile>]`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to `<profile>`. - It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. + It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`. Run `asp` without arguments to clear the profile. -* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. +* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. * `asr [<region>]`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to `<region>`. Run `asr` without arguments to clear the profile. @@ -57,6 +58,8 @@ the current `$AWS_PROFILE` and `$AWS_REGION`. It uses four variables to control * ZSH_THEME_AWS_REGION_SUFFIX: sets the suffix of the AWS_REGION. Defaults to `>`. +* ZSH_THEME_AWS_DIVIDER: sets the divider between ZSH_THEME_AWS_PROFILE_SUFFIX and ZSH_THEME_AWS_REGION_PREFIX. Defaults to ` ` (single space). + ## Configuration [Configuration and credential file settings](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) by AWS @@ -65,7 +68,7 @@ the current `$AWS_PROFILE` and `$AWS_REGION`. It uses four variables to control Source profile credentials in `~/.aws/credentials`: -``` +```ini [source-profile-name] aws_access_key_id = ... aws_secret_access_key = ... @@ -73,7 +76,7 @@ aws_secret_access_key = ... Role configuration in `~/.aws/config`: -``` +```ini [profile source-profile-name] mfa_serial = arn:aws:iam::111111111111:mfa/myuser region = us-east-1 diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh index 1c386a3e1..c946515be 100644 --- a/plugins/aws/aws.plugin.zsh +++ b/plugins/aws/aws.plugin.zsh @@ -9,7 +9,7 @@ function agr() { # AWS profile selection function asp() { if [[ -z "$1" ]]; then - unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE + unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_PROFILE_REGION echo AWS profile cleared. return fi @@ -26,6 +26,8 @@ function asp() { export AWS_PROFILE=$1 export AWS_EB_PROFILE=$1 + export AWS_PROFILE_REGION=$(aws configure get region) + if [[ "$2" == "login" ]]; then aws sso login fi @@ -158,14 +160,39 @@ function aws_change_access_key() { return 1 fi - echo "Insert the credentials when asked." - asp "$1" || return 1 - AWS_PAGER="" aws iam create-access-key - AWS_PAGER="" aws configure --profile "$1" + local profile="$1" + # Get current access key + local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)" + + asp "$profile" || return 1 + echo "Generating a new access key pair for you now." + if aws --no-cli-pager iam create-access-key; then + echo "Insert the newly generated credentials when asked." + aws --no-cli-pager configure --profile $profile + else + echo "Current access keys:" + aws --no-cli-pager iam list-access-keys + echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`" + return 1 + fi - echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`" + read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? " + case $yn in + [Yy]*) + echo -n "\nDisabling access key ${original_aws_access_key_id}..." + if aws --no-cli-pager iam update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then + echo "done." + else + echo "\nFailed to disable ${original_aws_access_key_id} key." + fi + ;; + *) + echo "" + ;; + esac + echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`" echo "Your current keys are:" - AWS_PAGER="" aws iam list-access-keys + aws --no-cli-pager iam list-access-keys } function aws_regions() { @@ -194,15 +221,25 @@ compctl -K _aws_profiles asp acp aws_change_access_key # AWS prompt function aws_prompt_info() { - if [[ -z $AWS_REGION && -z $AWS_PROFILE ]];then return; fi - echo "${ZSH_THEME_AWS_PROFILE_PREFIX:=<aws:}${AWS_PROFILE}${ZSH_THEME_AWS_PROFILE_SUFFIX:=>} ${ZSH_THEME_AWS_REGION_PREFIX:=<region:}${AWS_REGION}${ZSH_THEME_AWS_REGION_SUFFIX:=>}" + local _aws_to_show + local region="${AWS_REGION:-${AWS_DEFAULT_REGION:-$AWS_PROFILE_REGION}}" + + if [[ -n "$AWS_PROFILE" ]];then + _aws_to_show+="${ZSH_THEME_AWS_PROFILE_PREFIX="<aws:"}${AWS_PROFILE}${ZSH_THEME_AWS_PROFILE_SUFFIX=">"}" + fi + + if [[ -n "$region" ]]; then + [[ -n "$_aws_to_show" ]] && _aws_to_show+="${ZSH_THEME_AWS_DIVIDER=" "}" + _aws_to_show+="${ZSH_THEME_AWS_REGION_PREFIX="<region:"}${region}${ZSH_THEME_AWS_REGION_SUFFIX=">"}" + fi + + echo "$_aws_to_show" } if [[ "$SHOW_AWS_PROMPT" != false && "$RPROMPT" != *'$(aws_prompt_info)'* ]]; then RPROMPT='$(aws_prompt_info)'"$RPROMPT" fi - # Load awscli completions # AWS CLI v2 comes with its own autocompletion. Check if that is there, otherwise fall back |