diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh index ef435fe3b..e1566b113 100644 --- a/plugins/aws/aws.plugin.zsh +++ b/plugins/aws/aws.plugin.zsh @@ -50,32 +50,39 @@ function acp() { # First, if the profile has MFA configured, lets get the token and session duration local mfa_serial="$(aws configure get mfa_serial --profile $profile)" + local sess_duration="$(aws configure get duration_seconds --profile $profile)" if [[ -n "$mfa_serial" ]]; then local -a mfa_opt - local mfa_token sess_duration + local mfa_token echo -n "Please enter your MFA token for $mfa_serial: " read -r mfa_token - echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): " - read -r sess_duration + if [[ -z "$sess_duration" ]]; then + echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): " + read -r sess_duration + fi mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}") # Now see whether we need to just MFA for the current role, or assume a different one local role_arn="$(aws configure get role_arn --profile $profile)" + local sess_name="$(aws configure get role_session_name --profile $profile)" if [[ -n "$role_arn" ]]; then # Means we need to assume a specified role aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}") # Check whether external_id is configured to use while assuming the role - local external_id="$(aws configure get external_id --profile "$profile")" + local external_id="$(aws configure get external_id --profile $profile)" if [[ -n "$external_id" ]]; then aws_command+=(--external-id "$external_id") fi # Get source profile to use to assume role - local source_profile="$(aws configure get source_profile --profile "$profile")" - aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${source_profile:-profile}") + local source_profile="$(aws configure get source_profile --profile $profile)" + if [[ -z "$sess_name" ]]; then + sess_name="${source_profile:-profile}" + fi + aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}") echo "Assuming role $role_arn using profile ${source_profile:-profile}" else @@ -122,13 +129,13 @@ function aws_change_access_key() { return 1 fi - echo Insert the credentials when asked. + echo "Insert the credentials when asked." asp "$1" || return 1 AWS_PAGER="" aws iam create-access-key AWS_PAGER="" aws configure --profile "$1" - echo You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\` - echo Your current keys are: + echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`" + echo "Your current keys are:" AWS_PAGER="" aws iam list-access-keys }