- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 2.4k
feat: Add AWS credentials file support #14778
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
- Automatically reads AWS credentials from ~/.aws/credentials - Supports AWS_PROFILE and AWS_SHARED_CREDENTIALS_FILE environment variables - Adds support for temporary credentials with session tokens - Maintains backward compatibility with existing credential methods - Follows standard AWS credential precedence order Based on PR #14460 by @lefth with the following improvements: - Fixed variable naming to match existing code (access_key vs aws_access_key) - Added session token support for temporary credentials - Integrated credential discovery directly into prompts.yml - Added comprehensive tests - Added documentation Closes #14382
| Claude finished @dguido's task —— View job AWS Credentials PR ReviewI've conducted a comprehensive code review of this AWS credentials implementation. Here's my detailed analysis: Review Tasks: 
 🎯 Overall Assessment: EXCELLENTThis is a well-implemented feature that follows AWS best practices and maintains strong security standards. The code quality is high with comprehensive testing and documentation. ✅ StrengthsSecurity Excellence
 Code Quality
 Test Coverage
 Documentation
 🔍 Minor ObservationsPerformance Considerations
 Potential Edge Cases
 Code Enhancement Opportunities
 🏗️ Architecture ReviewIntegration Points
 Security Architecture
 🧪 Test Quality AnalysisThe test suite is exceptionally thorough: 
 Test file structure ( path: /tmp/test-aws
mode: '0700'  # Directory
credentials file mode: '0600'  # FileThis matches AWS CLI behavior perfectly. 📋 RecommendationsImmediate Actions ✅
 Future Enhancements (Optional)
 Documentation Suggestions
 🔒 Security VerdictAPPROVED - This implementation follows security best practices: 
 🎯 Final RecommendationAPPROVE FOR MERGE - This is a high-quality implementation that: 
 The code is production-ready and represents a valuable improvement to the Algo project. | 
Summary
This PR adds support for automatically reading AWS credentials from the standard
~/.aws/credentialsfile, making Algo behave like other AWS tools and improving the user experience.Features
~/.aws/credentialsAWS_PROFILEenvironment variable for profile selectionAWS_SHARED_CREDENTIALS_FILEfor custom credential file locationsCredential Precedence (highest to lowest)
-e aws_access_key=...)AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY)~/.aws/credentials)Implementation Details
prompts.ymlfor clarityno_log: trueto prevent credential leakage in logserrors='ignore'Testing
Includes comprehensive test suite (
tests/test-aws-credentials.yml) that verifies:Documentation
docs/aws-credentials.md)Credits
Based on #14460 by @lefth with significant improvements to address implementation issues.
Fixes #14382
Note: This is a clean version of #14777 without unintended ansible-lint changes.