This setup helps to streamline the process of authenticating with aws cli, especially if you have muliple profiles. It's primary featurs are
- Logs you in automatically (via the browser)
- Giving you a list of profiles to choose from if you have more than one or have not set the
AWS_PROFILEenvironment variable.
-
macOS (Homebrew):
brew install --cask aws-vault -
Only work on Mac for now
Note that https://github.com/ByteNess/aws-vault is the current source code.
# Transparent aws wrapper with aws-vault + SSO
aws() {
local _AWS=aws
# Already inside aws-vault? just run it
if [[ -n "$AWS_VAULT" ]]; then
$_AWS "$@"
return
fi
# Respect env-selected profile
if [[ -n "$AWS_PROFILE" ]]; then
command aws-vault exec "$AWS_PROFILE" -- $_AWS "$@"
return
fi
if [[ -n "$AWS_DEFAULT_PROFILE" ]]; then
command aws-vault exec "$AWS_DEFAULT_PROFILE" -- $_AWS "$@"
return
fi
# Discover profiles
local -a profiles
profiles=("${(@f)$(aws-vault list --profiles 2>/dev/null)}")
# If exactly one, use it
if (( ${#profiles[@]} == 1 )); then
command aws-vault exec "${profiles[1]}" -- $_AWS "$@"
return
fi
# Multiple: choose (fzf if present, else select)
local profile
if command -v fzf >/dev/null 2>&1; then
profile="$(printf "%s\n" "${profiles[@]}" | fzf --prompt='Select AWS profile > ')"
else
echo "Select AWS profile:"
select p in "${profiles[@]}"; do profile="$p"; break; done
fi
[[ -z "$profile" ]] && { echo "No profile selected."; return 1 }
command aws-vault exec "$profile" -- $_AWS "$@"
}