Is it possible to set AWS Profile somewhere in the...
# sst
ö
Is it possible to set AWS Profile somewhere in the project? There would be better for people using multiple profiles.
a
No, you can just set env-var.
“build”: “AWS_PROFILE=yabbleDevelopment sst build --verbose”,
s
I would love this feature
ö
People seem to recommend giving up profiles altogether, but they are easy to use. Right now I either pass in the CLI, or just set it as an environment variable in the terminal session. but I guess it would be better to do that in a script in
package.json
or as you suggested
.env
f
Thanks @Adrián Mouly!
@Seth Geoghegan @Ömer Toraman Just curious, do you find yourself needing to set AWS Profile when running
sst start
?
I ask b/c when you deploy, AWS credentials are all saved in the CI service and profiles aren’t used.
s
I use profiles to prevent myself from deploying to production 🙂
my organization recently rolled out SSO, so I've started using
aws sso login
to authenticate
which supports using named profiles
but to be honest, I'm still wrapping my head around how to best use AWS profiles effectively in my development process
a
@Seth Geoghegan how is that sso stuff working?
I also have SSO.
But I’m using profiles like I’ve sent above.
Just configuring the profile in
.aws/credentials
s
Yeah, Ben Kehoe wrote an interesting article proposing an alternative approach to putting temporary credentials into ~/.aws/credentials, but I am still having to do so when running SST for some reason
a
I seee.
Yeah maybe there is a gap there then.
s
even though I do the same thing as you when calling SST
AWS_PROFILE=seth-staging sst start
i set up
aws sso login
and it's working. I'm just not clear on how to use it to not need to modify my ~/.aws/credentials file
a
Yeah would like to know more.
s
when you use it, it logs you in and stores cookies in your browser representing the logged in sessions. It also caches the token in
~/.aws/sso/cache
a
Interesting.
s
so, how I expect this to work
is that
aws sso login
fetches an accessToken using SSO and caches it locally
when I later specify a profile (e.g. using an AWS SDK) it uses that cached token to retrieve the credentials for the account+role in the profile
but, I haven't taken the time to digest all of this info, so I just keep stuffing rotating credentials in my ~/.aws/credentials 😆
ö
@Frank I haven’t used or set CI yet 😞 I usually set it as an environment variable in the terminal, like
export AWS_PROFILE=myOtherProfile
, and thus i dont have to set it in the subsequent sst commands if I run them in the same terminal.
@Seth Geoghegan I think if u set it as the session variable it would be better so u wouldnt need to pass it as the env variable to the sst process every time u run it
or i guess putting it as a script in package.json would work as well