Aws-cdk: This is how to properly select AWS CLI profiles for your stacks/accounts

Created on 5 Sep 2019  路  4Comments  路  Source: aws/aws-cdk

There are various discussions here about how to use select the appropriate CLI profiles. I have not found any suitable solution until now.
In particular, AWS_PROFILE wasn't enough since cdk needs to make calls in different accounts for different stacks.

I wanted a solution that could:

  1. reuse my existing profiles (~/.aws/config), but also
  2. different profiles for different accounts (in my case, this implied different cdk stacks), while
  3. keeping the cli invocation simple.

The trick is to use the plugin feature which really means just a javascript class.
You can define a class which will be loaded at runtime. It allows you to pick some profile for a certain account ID.

Here is the gist and an example cdk.json:
https://gist.github.com/jeshan/178dfa811df0f652b30d3cc61058512d/

Note that you can also specify plugins with: cdk --plugin ... deploy

I'm leaving this here as a how-to for the community. Feel free to copy the class into your project.

If anybody knows of a simpler way to achieve this, please let me know.

managemendevenv managementracking ops-excellence packagtools
Source
picture jeshan
👍5 🚀1

Most helpful comment

@ NLG321 I feel this should be merged into the Authentication master issue that is also pinned. Thoughts?

picture rix0rrr on 11 Oct 2019
👍3

All 4 comments

Hey @jeshan,

Thank you so much for sharing your solution! I am pinning this issue for now to increase visibility

NGL321 picture NGL321 on 10 Oct 2019

@ NLG321 I feel this should be merged into the Authentication master issue that is also pinned. Thoughts?

rix0rrr picture rix0rrr on 11 Oct 2019
👍3

No problem. I must tell you it works well on typical dev setups but not on CodeBuild. I still have not figured the latter out

jeshan picture jeshan on 13 Oct 2019

To get this to work for me, I needed to change the call to AWS.SharedIniFileCredentials as per the docs, to pass in an object with the key profile and value of the profile name.

i.e.

new AWS.SharedIniFileCredentials({profile: 'myprofile'})
john-tipper picture john-tipper on 16 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nzspambot picture nzspambot  路  3Comments
abelmokadem picture abelmokadem  路  3Comments
v-do picture v-do  路  3Comments
EduardTheThird picture EduardTheThird  路  3Comments
NukaCody picture NukaCody  路  3Comments