CICD or non-interactive use option #206
Description
Feature Description
non-interactive mode, with auth for AWS provided externally (not only as a profile) via whatever form the caller likes
Similar to the request #138
We are looking to collect our json data during an automated pipeline which delivers AWS resources via IAC (terraform apply), via short-lived token based auth via OIDC/jwt trust for GitHub.
currently, the only non-interactive operation is by using the profile option, but that forces us to write the access creds to a profile on disk - they are already on the environment and we would prefer keeping them in memory as they already are, rather than adding code to explicitly write these to disk as a profile
Since the underlying AWS CLI already 'just works' with env vars as generated by aws-actions/configure-aws-credentials with no further work / files needed, we just need to be able to not be prompted for further input via the GUI and the rest will 'just work' for GitHub pipelines using OIDC
Use Case
GitHub pipelines using OIDC for short lived token based auth into AWS
Suggested Solution
roughly similar to the change delivered here but not forcing the credentials to be loaded from disk; let the caller pass them in a manner of their choosing, as long as that remains compatible with the AWS CLI which is consuming them
Alternatives Considered
workaround is that we explicitly write a profile to disk, not really appealing.
Additional Context
we're looking to drive the capture of an infra diagram as part of any CICD pipeline-driven IAC change, so would also love a REST api to publish the json file into, rather than the manual import or assume-role based approach (we would like to push a diagram change from our short-lived access pipelines, exactly if/when the infra does change, rather than grant long-lived access to an external tool)
Checklist
- I have searched for similar feature requests.
- I have included all necessary information.