Can I print my current profile?

[ronkorving]

Hello there,

I'm currently in the process of making the switch from AWS Vault to Granted. I'm loving it so far!

In some of my shell scripts, I used to check for $AWS_VAULT, to ensure I was running the script through aws-vault exec (equivalent to assume --exec), so I could:

1. Give human friendly errors early, rather than fail with some IAM error further down the script.
2. Print the profile name before doing a dangerous action, so the user has a final chance to abort if they accidentally assumed the wrong role.

Is there a way to do this with Granted? I noticed there's no environment variable set during --exec that contains the profile name.

I guess I could parse it out of the Arn I see when I run aws sts get-caller-identity, but that doesn't describe the account as well as the SSO profile name. It was a nice convenience that AWS Vault used to provide. Is there a simple way to see the profile name, that I'm perhaps missing?

[dannysteenman]

Put this in your granted config:

DefaultExportAllEnvVar = true

it will export your aws credentials but also your aws profile and then you can use it however you want. Example your profile will be returned like:

AWS_PROFILE='active profile name'