Use boto3's default behaviour to decide the default region #93
Comments
nathan-muir
added a commit
to 3stack-software/credsmash
that referenced
this issue
Sep 28, 2016
The goal was to clean up some of the CLI, and to modularise the api for calling kms/dynamodb. This will let us add new features like setting default options from a configuration file, and writing configuration templates. Fixes fugue#93 allowing boto3/botocore to configure itself. Fixes fugue#79 as file input is the default for put/put-many Closes fugue#88 as `put` only allows for files , so you must use `printf`/`echo` to put any value.
artburkart
pushed a commit
to artburkart/credstash
that referenced
this issue
Oct 13, 2017
Rather than depending on the partially implemented `AWS_DEFAULT_REGION` check, this change makes it so credstash relies more heavily on boto3 to discover regions. Now we can do things like define an `~/.aws/config` file that looks like this: ```ini [profile work] region=us-west-2 ``` and run credstash like this: ```command AWS_PROFILE=work credstash -n arn:aws:iam::000000000000:role/some-role get test ``` and it will successfully find the correct region Only in the case where the region is absolutely not found, does credstash then default to us-east-1. It's slightly backward incompatible, but I think it's a nice improvement.
|
I've opened a PR to tackle this problem. I don't think it can really be done without breaking backwards compatibility though... not unless we added a new arg to indicate that we want to use the default AWS credential chain. Not sure if that's worth it though. |
artburkart
pushed a commit
to artburkart/credstash
that referenced
this issue
Oct 13, 2017
Rather than depending on the partially implemented `AWS_DEFAULT_REGION` check, this change makes it so credstash relies more heavily on boto3 to discover regions. Now we can do things like define an `~/.aws/config` file that looks like this: ```ini [profile work] region=us-west-2 ``` and run credstash like this: ```command AWS_PROFILE=work credstash -n arn:aws:iam::000000000000:role/some-role get test ``` and it will successfully find the correct region Only in the case where the region is absolutely not found, does credstash then default to us-east-1. It's slightly backward incompatible, but I think it's a nice improvement.
|
I agree. I'd like to remove the hardcoded default but keep the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now credstash uses the environment variable AWS_DEFAULT_REGION or the -r CLI parameter to specify in which region credstash should operate. If none of those are available it defaults forcibly to us-east-1 (this is hardcoded).
Boto3 will use one of the configured AWS profiles, for which a default region can be specified. Boto3 will use that region as the default when creating any client. Plus, Boto3 will use as a default the EC2 instance region when using Instance Profiles to fetch credentials.
Is there any reason to have us-east-1 hardcoded instead of relying in the default behaviour of boto3? I've already fallen trap of this a couple time by forgetting to specify a region and not realising why it was not working.
The text was updated successfully, but these errors were encountered: