In my last post I talked my discovery of the aws-vault utility. In the last few weeks, as I have gotten to know the application better, I have added a few new bits of functionality to my workflow so that it would work even better.

The first thing that I did was update the function that I used to launch aws-vault. I found that I kept forgetting to log into 1Password every time that I opened a new window and would instead just run my aws-vault work command. To solve that problem I decided to update the function to see if the 1Password variable was set and if it wasn’t then run the login first. In my .bash_functions file, it looks like this:

avwork() {
  if [[ -z OP_SESSION_$my_1password_account]]; then
    eval $(op signin $my_1password_account)
  aws-vault exec --assume-role-ttl=1h -m $(opauth) $1

Once I had that working, the next problem I had was not knowing which account I was authenticated against in a particular terminal window. To solve that problem, I added a small if statement to the bottom of my .bashrc file to set a slightly different prompt:

if [[ -n AWS_VAULT]]; then
  export PS1="\[\e[33;38m\](aws-vault: $AWS_VAULT)\n\[\e[0m\]$PS1"
  workon aws

I also added the `workon aws` to activate a specific python virtualenv that I use for working in AWS. The result is a nice prompt that tells me the virtualenv and account I am working in:

( pickle-rick:~)
% avwork auth
Enter the password for user $user at $

(aws) | (aws-vault: auth)
( pickle-rick:~)