process_credentials support with CDK

[pahud]

process_credentials is working with JS SDK (v2.775.0) now

But still not supported in AWS CDK

A workaround is using aws-export-credentials to export credentials in the env vars, but might be a concern for paranoid people as it exposes the credentials in env vars.

A workaround is to generate ~/.aws/credentials with refresh_credentials.sh .

I am leaving this issue open for discussion and tracking.

[benkehoe]

See workaround for CDK here: aws/aws-cdk#5455 (comment)

[pahud]

See workaround for CDK here: aws/aws-cdk#5455 (comment)

I noticed the workaround is eventually to expose the credentials in env var from its sso() function, which I believe some people might avoid doing this for some security concern. Sometimes programs tend to dump all env vars for debug mode logging and this might be a security concern.

[hoegertn]

Should be done!?

[pahud]

Should be done!?

Yes. And I personally prefer aws-sso-credential-process in Bash so I wrote one here

https://github.com/pahud/vscode/blob/main/.devcontainer/bin/aws-sso-credential-process

And the setup experience would be like

https://www.youtube.com/watch?v=lKWPvBalInY&t=759s

I will add the shell script into this template repo and update the README accordingly.