I have yet to get around to it but I was considering seeing if I could remove the [default] because I want to ensure I always specify a profile so I don't by mistake deploy to default for something intended for another account.
Uncertain if credentials will complain if [default] is not present.
I was also thinking about what is the best means of securing the credentials files on a workstation.
I believe you can set MFA for API calls via IAM policy maybe as a Permissions Boundary but this would not protect the local file.
I suppose if your workstation is password protected but lets say you walked away from your workstation and someone then just cat your credentials file and take a screenshot with their phone.
The MFA would protect again API calls but not from capturing all those keys.
Urban legend, former IMDb editor, conference speaker, Seattle CoderDojo organizer. Love finding inspiration in dev tools and products, then sharing it with dev communities.
Location
Seattle, WA
Education
BA in Creative Writing, self-taught + some certification courses in modern programming languages
Just brainstorming here as a curious dev and not on behalf of Amazon (the CLI is not my product and I cannot provide official guidance), but check out docs.aws.amazon.com/cli/latest/use...
Seems like you could have the credentials encrypted within a secure store and set up a retrieval app. You just need some asynchronous way to provide authorization to the app so it can return the credentials when they're requested before the credential request times out.
You can still use profiles too it seems.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I love
--profile
I have yet to get around to it but I was considering seeing if I could remove the
[default]
because I want to ensure I always specify a profile so I don't by mistake deploy to default for something intended for another account.Uncertain if credentials will complain if
[default]
is not present.I was also thinking about what is the best means of securing the credentials files on a workstation.
I believe you can set MFA for API calls via IAM policy maybe as a Permissions Boundary but this would not protect the local file.
I suppose if your workstation is password protected but lets say you walked away from your workstation and someone then just
cat
your credentials file and take a screenshot with their phone.The MFA would protect again API calls but not from capturing all those keys.
Just some thoughts going around in my head.
Just brainstorming here as a curious dev and not on behalf of Amazon (the CLI is not my product and I cannot provide official guidance), but check out docs.aws.amazon.com/cli/latest/use...
Seems like you could have the credentials encrypted within a secure store and set up a retrieval app. You just need some asynchronous way to provide authorization to the app so it can return the credentials when they're requested before the credential request times out.
You can still use profiles too it seems.