Profiles needs a rework.

[barkermn01]

Describe the feature

Authenticating and setting a default profile needs improvement. The current system is unwieldy and frustrating when running numerous commands. The --profile system feels incomplete. Since regions aren’t included in the default profile names, switching regions within the same account requires appending --region or using a --profile set to the correct region. However, you need to remember to change the profile name to include the region, or you might accidentally overwrite it. This is annoying when running many commands and can lead to executing commands in the wrong region. Similarly, using --profile can result in running commands in the wrong account or region if you forget to apply it in a list of commands.

Use Case

It’s easy to accidentally connect to eu-west-1 instead of eu-west-2. This issue often arises during repetitive tasks like aws configure sso, which involves five steps that rarely need changing. Typically, I only need to update the account ID to set my default, as I prefer not to append --profile {RoleName}-{AccountNumber} to every command when running dozens of them. I just want to set the default and proceed.

I usually work across four accounts through the SSO provider. While the CLI profile naming system encourages the use of profiles, descriptive role names can become unwieldy. Additionally, changing regions is cumbersome because the region isn’t included in the profile. This often leads to overwriting other region connection details during reconfiguration, which is quite frustrating.

Proposed Solution

Firstly, the generated profile name from aws configure sso should include the region in the profile name. As AWS is moving towards presenting regions by names, it should probably use that in the name. For example, in eu-west-1, {RoleName}-{AccountNumber}-Ireland would be ideal, but {RoleName}-{AccountNumber}-eu-west-1 would also be acceptable. This prevents users from accidentally overwriting connection details when switching regions.

This change would address the profile region issue. However, for the default profile, I recommend adding the following commands to make switching defaults or regions easier without updating a profile:

Add Commands:

• aws configure default: Lists all profiles and asks the user to select the profile they need as the default at that moment.
• aws configure default {profile_name}: Sets the default to the specified profile.

To quickly switch the region on the default profile:

• aws configure region: Asks the user to supply the new region and updates the profile for this session.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

aws-cli/2.24.8

Environment details (OS name and version, etc.)

Python/3.12.6 Windows/11 exe/AMD64