A multi environment AWS config file, to be used with AWS-Vault and IDEs such as PyCharm

config

# An example for a config file which a developer might while work.
# It allows the developer to have 1 user in 1 AWWS Account,
# and access multiple other accounts (which exist for different environments).
# The access to different environment is being done with AssumeRole protected with MFA.
# The `credential_process` allows simple usage of this config file by `aws --profile john`
# or IDEs, and in this example the session tokens for each profile will be returned from 
# aws-vault which stores the long-lived credentials in a secure keychain.

[default]
region=us-east-1

[profile john]
region=us-east-1
mfa_serial=arn:aws:iam::123456789012:mfa/john
credential_process = /opt/homebrew/bin/aws-vault exec ohav --json

[profile prod]
region=us-east-1
source_profile=john
role_arn=arn:aws:iam::1111111111:role/Readonly
mfa_serial=arn:aws:iam::123456789012:mfa/john

[profile staging]
region=us-east-1
source_profile=john
role_arn=arn:aws:iam::2222222222:role/Readonly
mfa_serial=arn:aws:iam::123456789012:mfa/john

[profile dev-admin]
region=us-east-1
source_profile=john
role_arn=arn:aws:iam::3333333333:role/Administrator
mfa_serial=arn:aws:iam::123456789012:mfa/john

[profile lions-admin]
region=us-east-1
source_profile=john
role_arn=arn:aws:iam::4444444444:role/Administrator
mfa_serial=arn:aws:iam::123456789012:mfa/john

[profile panthers-admin]
region=us-east-1
source_profile=john
role_arn=arn:aws:iam::5555555555:role/Administrator
mfa_serial=arn:aws:iam::123456789012:mfa/john