AWS_PROFILE to respect config role_arn

[mattbailey]

Support for AWS_PROFILE is great, but without automatically assuming the role_arn in ~/.aws/config for that profile makes it useless for the most common use case for even having profiles (master account delegating access to other accounts). The node.js SDK appears to just ignore this role_arn and try to perform actions on the "master" account.

This could be potentially dangerous, since it behaves differently from the CLI, one might issue commands on an unintended account.

[jeskew]

Hi @mattbailey,

I understand your concern, but the SDK does not currently read any values from the ~/.aws/config file. It will, however, assume roles specified using a role_arn provided in the ~/.aws/credentials file. It would arguably be dangerous to start reading from the config file now, as customers might now be relying on that file only being used by the AWS CLI. If we do add support for autoloading profile data from ~/.aws/config, it would need to be opt in.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.