Skip to content

v5.0.0

Compare
Choose a tag to compare
@mtibben mtibben released this 19 Dec 22:18
· 564 commits to master since this release

Refactoring on the codebase took place for this release, see the full changeset here. Please report any bugs

Fixed

  • aws-vault exec: Signals to processes now propagate correctly #454
  • Case is ignored when parsing config #461
  • non-profile sections are ignored when parsing config #293

Added

  • The AWS_ROLE_ARN, AWS_ROLE_SESSION_NAME and AWS_MFA_SERIAL environment variables can be used to specify config for the exec, login and rotate commands #443 6c94f99
  • A new config variable parent_profile allows a profile to import all of the config and credentials from the specified parent profile, and should be used in conjunction with source_profile. Note that this config variable is not recognised or compatible with aws-cli or SDK #450
  • Support for duration_seconds in the .aws/config file 17062f1
  • --duration flag on the exec and login command to specify the duration of the session #464

Removed

  • --mfa-token flag from the rotate command #460
  • --mfa-serial-override flag from the exec command (use AWS_MFA_SERIAL instead) 6c94f99
  • --session-ttl, --assume-role-ttl flags from the exec and login command (use --duration instead) #464
  • --federation-token-ttl flag from the login command (use --duration instead) #464

Changed

  • [BC break] The mfa_serial config is no longer imported from the source_profile. This was behaviour introduced in v4.6.0, however it had unintended backwards-incompatible side effects on existing configs. source_profile now imports credentials only, the same way that the aws cli does. If you relied on the previous mfa_serial importing behaviour, use parent_profile (along with source_profile) #445
  • [BC break] The aws-vault exec short flag for --mfa-token was changed from -m to -t, to make it consistent with aws-vault login #464
  • aws-vault exec now uses the exec syscall rather than creating a child process #454
  • Changed the default durations #464
    • GetSessionToken: 1h (previously 4h)
    • AssumeRole: 1h (previously 15m)
    • GetFederationToken: 1h (previously 12h)
    • Cached MFA GetSessionToken for AssumeRole: 8h (previously 4h)
  • Changed API for package github.com/99designs/aws-vault/vault. Note this package exists only to support the CLI and has no guarantees for backwards compatibility. It is public only for the convenience of those already using it