Application permission design #36
Comments
|
@kohidave What do you envision the |
efekarakus
added
type/enhancement
|
See: https://twitter.com/__steele/status/1237196010130046978 For a user that wants to use environment variables to configure their project instead of named profiles. |
|
This makes a lot of sense, especially since most federation tools end up generating temp credentials that folks copy into their terminals as env vars. I'm not sure how to handle getting rid of the profiles completely. Since the project (where metadata is stored) and environment (where actual infra is created) could be totally different accounts/identities, I don't think there's a great way to specify exactly which set of creds belong to what. If we can take a project profile for granted, then we can use the default credential provider chain for the env. We should still give folks the option of choosing a different profile, since that's the best way to show what accounts a customer has access to. If we can't take the project profile for granted, we'll have to think of interesting solutions. |
|
related #1104 |
|
related #1105 |
|
related #1115 |
|
related #1068 |
|
related #1151 |
|
We have now recommendations on application and environment credentials here (https://aws.github.io/copilot-cli/docs/credentials/). We ended an entry in our roadmap to provide a way for platform teams and dev teams to have different permissions with the CLI. |
Right now we use the default profile for folks using the ECS CLI for project management. We want to copy the ecs-cli and have a .config file with the name of an application as the profile name so that we can have reliable experience when running project commands
The text was updated successfully, but these errors were encountered: