Aws-cli: The cli should respect XDG spec for config and credential file storage

I'll mark this as a feature request. It will require some discussion.

It should also respect the XDG cache folder when assuming role.

Good Morning!

We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.

This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.

As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.

We’ve imported existing feature requests from GitHub - Search for this issue there!

And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.

GitHub will remain the channel for reporting bugs.

Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface

-The AWS SDKs & Tools Team

This entry can specifically be found on UserVoice at: https://aws.uservoice.com/forums/598381-aws-command-line-interface/suggestions/33168373-the-cli-should-respect-xdg-spec-for-config-and-cre

Based on community feedback, we have decided to return feature requests to GitHub issues.

Hi there. Any news on this one?

Yeah, this isn't so much a 'feature request' as a bug report. the XDG spec has been defined and adopted for some number of years now.

AWS team: is this a feature you'd consider merging if somebody contributed the code?

Here's a workaround until someone sends a patch:

export AWS_CONFIG_FILE="$XDG_CONFIG_HOME/aws/config"
export AWS_CLI_HISTORY_FILE="$XDG_DATA_HOME/aws/history"
export AWS_CREDENTIALS_FILE="$XDG_DATA_HOME/aws/credentials"
export AWS_WEB_IDENTITY_TOKEN_FILE="$XDG_DATA_HOME/aws/token"
export AWS_SHARED_CREDENTIALS_FILE="$XDG_DATA_HOME/aws/shared-credentials"

For some reason terraform doesn't like the AWS_WEB_IDENTITY_TOKEN_FILE variable, causing it to throw this: WebIdentityErr: role ARN is not set - so you'd better not export it if not necessary.

It's almost end of 2019, sad to see that the XDG settings are not being recognized on a more wide basis across applications.

Not to mention the fact that it's very discouraging to anyone potentially motivated to offer a patch when there are PRs sitting dormant for years providing things as simple as documentation improvements.

Should the credentials really stored in $XDG_CONFIG_HOME/aws?

There are much users which makes usage of dotfiles repositories. Normally the $XDG_CONFIG_HOME is included in this repository.

Maybe the credentials should be stored in $XDG_DATA_HOME/aws?

Should the credentials really stored in $XDG_CONFIG_HOME/aws?

There are much users which makes usage of dotfiles repositories. Normally the $XDG_CONFIG_HOME is included in this repository.

Maybe the credentials should be stored in $XDG_DATA_HOME/aws?

I agree, many users include the whole $XDG_CONFIG_HOME folder in their dotfiles repo, so this would cause problems. But your recommended directory is very appropriate.

Is there any updates on this feature request?

Should the credentials really stored in $XDG_CONFIG_HOME/aws?

In all honesty, credentials should not be stored in a plain-text file in a well-known location really. You might want to consider something like aws-vault.

I'm not against opposed to using $XDG_DATA_HOME though, just mentioning alternative solutions for this specific scenario.