vegas-credentials

How it Works

As far as various AWS tools are concerned, nothing special needs to be done! No bash script wrappers, no need to export any environment variables and no need for custom code to handle the credentials:

$ aws s3api create-bucket --bucket=my-bucket --profile=my-profile

$ npx cdk deploy --profile=my-profile

$ AWS_PROFILE=my-profile python3 create-bucket.py

$ terraform apply -var="aws_profile=my-profile

// in your Terraform AWS Provider configuration
variable "aws_profile" {
  type = string
}
provider "aws" {
  profile = var.aws_profile
}

$ ansible-playbook -i hosts tasks.yml --extra-vars "aws_profile=my-profile"

---
- name: Create Bucket
  hosts: local
  connection: local
  vars:
    aws_profile:
  tasks:
    - name: Create new bucket
      aws_s3:
        bucket: my-bucket
        mode: create
        region: eu-west-1
        profile: "{{ aws_profile }}"

$ pulumi config set aws:profile=my-profile && pulumi up

Features

List of most noteworthy features shipping with vegas-credentials

Pluggable

Into AWS credential_process

what's that?

Automatic Refresh

Credential Refresh on Session Expiry

for example CLI v2 and Go SDK

Role Chaining

Start with Vegas, go anywhere

IAM User → Role A → Role B

Yubikey Touch

Multiple Devices & Password Protection

Series 5 with OATH TOTP support

Authenticator Apps

For copy-pasting TOTP codes

Authy, Google Authenticator, etc.

Multiple MFA inputs

Yubikey Touch, GUI Prompt & Standard Input

first input wins

Encrypted Cache

Protection against Credential Scrapers

... and only temporary credentials cached

Cache Invalidation

On Configuration Change or Credential Expiry

e.g. change of role_session_name

Fast

<100ms for Cached Credentials

... does that count as blazing?

Parallelism

Parallel calls handled via mutex locking

e.g. Terraform --parallelism=n

Cross-Platform

Built with Go

macos|linux|win @ x86_64|arm64

Minimal Configuration

Within AWS config file

~/.aws/config

Supported Tools

Partial list of tools that work with vegas-credentials

AWS CLI

Since version v2
docs

AWS SDKs

C++/Go/Java/JS/.NET/PHP/Python/Ruby
compatibility

AWS CDK

Since version v1.73.0
release info

Terraform

Since terraform-provider-aws version v3.0.0
release info

Pulumi

Respects and uses your configuration settings
details

Ansible

Respects and uses your configuration settings
details