| They're good questions. I can tell you how I manage regions and accounts but am interested in learning how people think Bash-my-AWS might better support users in this regard. The AWCLI, as well as SDKs all support grabbing Regions and account credentials from environment variables. For Regions, I work tend to use the following aliases: alias au='export AWS_DEFAULT_REGION=ap-southeast-2'
alias us='export AWS_DEFAULT_REGION=us-east-1'
alias dr='export AWS_DEFAULT_REGION=ap-southeast-1'
I normally work in a single Region and swap when required by typing the 2 character alias.To run a script or command (doesn't have to be Bash-my-AWS) across all Regions I use region-each: $ region-each stacks | column -t
example-ec2-ap-northeast-1 CREATE_COMPLETE 2011-05-23T15:47:44Z NEVER_UPDATED NOT_NESTED #ap-northeast-1
example-ec2-ap-northeast-2 CREATE_COMPLETE 2011-05-23T15:47:44Z NEVER_UPDATED NOT_NESTED #ap-northeast-2
...
example-ec2-us-west-2 CREATE_COMPLETE 2011-05-23T15:47:44Z NEVER_UPDATED NOT_NESTED #us-west-2
For AWS accounts, I type the name of the account and I'm in. For accounts using IDP (ldap/AD backed corporate logins) I generate aliases so I have tab completion and simple naming.In accounts that are only setup to use AWS keys, I use aliases that export credentials kept in GPG encrypted files. Last time I looked, AWS docs suggested keeping these long lives credentials in plaintext files readable by your account. That's asking for trouble IMO, especially if they're kept in a known location that a compromised node library could exfiltrate them from. AWSCLI v2 beta includes support for SSO so it's probably a good time to look at how BMA could include support for auth. |