aws-recon not honoring AWS_PROFILE variable

[rams3sh]

I tried running aws-recon for multiple accounts. The instance where aws-recon resides is part of an account with a role attached to it and an aws config file with assume role profiles to multiple accounts.

The format of my ~/.aws/config looks like this :-

....

[profile  random-1 ]
role_arn =  arn:aws:iam::111111111111:role/randomRole
credential_source = Ec2InstanceMetadata

[profile  random-2 ]
role_arn =  arn:aws:iam::222222222222:role/randomRole
credential_source = Ec2InstanceMetadata

.....

This is the command I used

AWS_REGION=us-east-1 AWS_PROFILE=random-1 ruby recon.rb --services=s3 -v 

The output remains the same across each run and I found that its been scanning the current account and has not been honoring the AWS_PROFILE.

I have followed the same method as suggested in the README. I am not quite sure if this is a bug or I am doing some mistake.

Also I would suggest to have --profile as an argument to the tool which would resemble aws-cli like syntax and would be easier to use and adopt.

[joshlarsen]

We do not have plans to support different profiles within the tool itself, we will just use what is currently exposed in the environment. See here for details on how the Ruby SDK uses credentials.

The exception to that is that setting AWS_REGION only affects global service calls, since we pin the client to a specific region for all regional service calls.