From 84ec13ece906f41b8179061f6ec0974999ab12e6 Mon Sep 17 00:00:00 2001
From: Bengt Brodersen <bengt.brodersen@gmail.com>
Date: Thu, 1 Feb 2018 13:51:32 +0100
Subject: [PATCH 1/2] feat: set AWS_DEFAULT_REGION if possible

---
 main.go | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/main.go b/main.go
index 5847cbb..4407ffc 100644
--- a/main.go
+++ b/main.go
@@ -71,6 +71,7 @@ func main() {
 
 	// Load credentials from configFilePath if it exists, else use regular AWS config
 	var creds *credentials.Value
+	var region *string
 	var err error
 	if roleArnRe.MatchString(role) {
 		creds, err = assumeRole(role, "", *duration)
@@ -88,7 +89,7 @@ func main() {
 
 		creds, err = assumeRole(roleConfig.Role, roleConfig.MFA, *duration)
 	} else {
-		creds, err = assumeProfile(role)
+		creds, region, err = assumeProfile(role)
 	}
 
 	must(err)
@@ -96,11 +97,11 @@ func main() {
 	if len(args) == 0 {
 		switch *format {
 		case "powershell":
-			printPowerShellCredentials(role, creds)
+			printPowerShellCredentials(role, creds, region)
 		case "bash":
-			printCredentials(role, creds)
+			printCredentials(role, creds, region)
 		case "fish":
-			printFishCredentials(role, creds)
+			printFishCredentials(role, creds, region)
 		default:
 			flag.Usage()
 			os.Exit(1)
@@ -108,11 +109,11 @@ func main() {
 		return
 	}
 
-	err = execWithCredentials(args, creds)
+	err = execWithCredentials(args, creds, region)
 	must(err)
 }
 
-func execWithCredentials(argv []string, creds *credentials.Value) error {
+func execWithCredentials(argv []string, creds *credentials.Value, region *string) error {
 	argv0, err := exec.LookPath(argv[0])
 	if err != nil {
 		return err
@@ -122,6 +123,9 @@ func execWithCredentials(argv []string, creds *credentials.Value) error {
 	os.Setenv("AWS_SECRET_ACCESS_KEY", creds.SecretAccessKey)
 	os.Setenv("AWS_SESSION_TOKEN", creds.SessionToken)
 	os.Setenv("AWS_SECURITY_TOKEN", creds.SessionToken)
+	if region != nil {
+		os.Setenv("AWS_DEFAULT_REGION", *region)
+	} 
 
 	env := os.Environ()
 	return syscall.Exec(argv0, argv, env)
@@ -129,36 +133,45 @@ func execWithCredentials(argv []string, creds *credentials.Value) error {
 
 // printCredentials prints the credentials in a way that can easily be sourced
 // with bash.
-func printCredentials(role string, creds *credentials.Value) {
+func printCredentials(role string, creds *credentials.Value, region *string) {
 	fmt.Printf("export AWS_ACCESS_KEY_ID=\"%s\"\n", creds.AccessKeyID)
 	fmt.Printf("export AWS_SECRET_ACCESS_KEY=\"%s\"\n", creds.SecretAccessKey)
 	fmt.Printf("export AWS_SESSION_TOKEN=\"%s\"\n", creds.SessionToken)
 	fmt.Printf("export AWS_SECURITY_TOKEN=\"%s\"\n", creds.SessionToken)
 	fmt.Printf("export ASSUMED_ROLE=\"%s\"\n", role)
+	if region != nil {
+		fmt.Printf("export AWS_DEFAULT_REGION=\"%s\"\n", *region)
+	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# eval $(%s)\n", strings.Join(os.Args, " "))
 }
 
 // printFishCredentials prints the credentials in a way that can easily be sourced
 // with fish.
-func printFishCredentials(role string, creds *credentials.Value) {
+func printFishCredentials(role string, creds *credentials.Value, region *string) {
 	fmt.Printf("set -gx AWS_ACCESS_KEY_ID \"%s\";\n", creds.AccessKeyID)
 	fmt.Printf("set -gx AWS_SECRET_ACCESS_KEY \"%s\";\n", creds.SecretAccessKey)
 	fmt.Printf("set -gx AWS_SESSION_TOKEN \"%s\";\n", creds.SessionToken)
 	fmt.Printf("set -gx AWS_SECURITY_TOKEN \"%s\";\n", creds.SessionToken)
 	fmt.Printf("set -gx ASSUMED_ROLE \"%s\";\n", role)
+	if region != nil {
+		fmt.Printf("set -gx AWS_DEFAULT_REGION \"%s\";\n", *region)
+	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# eval (%s)\n", strings.Join(os.Args, " "))
 }
 
 // printPowerShellCredentials prints the credentials in a way that can easily be sourced
 // with Windows powershell using Invoke-Expression.
-func printPowerShellCredentials(role string, creds *credentials.Value) {
+func printPowerShellCredentials(role string, creds *credentials.Value, region *string) {
 	fmt.Printf("$env:AWS_ACCESS_KEY_ID=\"%s\"\n", creds.AccessKeyID)
 	fmt.Printf("$env:AWS_SECRET_ACCESS_KEY=\"%s\"\n", creds.SecretAccessKey)
 	fmt.Printf("$env:AWS_SESSION_TOKEN=\"%s\"\n", creds.SessionToken)
 	fmt.Printf("$env:AWS_SECURITY_TOKEN=\"%s\"\n", creds.SessionToken)
 	fmt.Printf("$env:ASSUMED_ROLE=\"%s\"\n", role)
+	if region != nil {
+		fmt.Printf("$env:AWS_DEFAULT_REGION=\"%s\"\n", *region)
+	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# %s | Invoke-Expression \n", strings.Join(os.Args, " "))
 }
@@ -166,18 +179,19 @@ func printPowerShellCredentials(role string, creds *credentials.Value) {
 // assumeProfile assumes the named profile which must exist in ~/.aws/config
 // (https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html) and returns the temporary STS
 // credentials.
-func assumeProfile(profile string) (*credentials.Value, error) {
+func assumeProfile(profile string) (*credentials.Value, *string, error) {
 	sess := session.Must(session.NewSessionWithOptions(session.Options{
 		Profile:                 profile,
 		SharedConfigState:       session.SharedConfigEnable,
 		AssumeRoleTokenProvider: readTokenCode,
 	}))
 
+	region := sess.Config.Region
 	creds, err := sess.Config.Credentials.Get()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	return &creds, nil
+	return &creds, region, nil
 }
 
 // assumeRole assumes the given role and returns the temporary STS credentials.

From c6d88d2492aa302096e2ab50e4359805c023eb2b Mon Sep 17 00:00:00 2001
From: Bengt Brodersen <bengt.brodersen@gmail.com>
Date: Thu, 1 Feb 2018 17:34:08 +0100
Subject: [PATCH 2/2] Update main.go

---
 main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/main.go b/main.go
index 4407ffc..3abcfe7 100644
--- a/main.go
+++ b/main.go
@@ -125,6 +125,7 @@ func execWithCredentials(argv []string, creds *credentials.Value, region *string
 	os.Setenv("AWS_SECURITY_TOKEN", creds.SessionToken)
 	if region != nil {
 		os.Setenv("AWS_DEFAULT_REGION", *region)
+		os.Setenv("AWS_REGION", *region)
 	} 
 
 	env := os.Environ()
@@ -141,6 +142,7 @@ func printCredentials(role string, creds *credentials.Value, region *string) {
 	fmt.Printf("export ASSUMED_ROLE=\"%s\"\n", role)
 	if region != nil {
 		fmt.Printf("export AWS_DEFAULT_REGION=\"%s\"\n", *region)
+		fmt.Printf("export AWS_REGION=\"%s\"\n", *region)
 	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# eval $(%s)\n", strings.Join(os.Args, " "))
@@ -156,6 +158,7 @@ func printFishCredentials(role string, creds *credentials.Value, region *string)
 	fmt.Printf("set -gx ASSUMED_ROLE \"%s\";\n", role)
 	if region != nil {
 		fmt.Printf("set -gx AWS_DEFAULT_REGION \"%s\";\n", *region)
+		fmt.Printf("set -gx AWS_REGION \"%s\";\n", *region)
 	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# eval (%s)\n", strings.Join(os.Args, " "))
@@ -171,6 +174,7 @@ func printPowerShellCredentials(role string, creds *credentials.Value, region *s
 	fmt.Printf("$env:ASSUMED_ROLE=\"%s\"\n", role)
 	if region != nil {
 		fmt.Printf("$env:AWS_DEFAULT_REGION=\"%s\"\n", *region)
+		fmt.Printf("$env:AWS_REGION=\"%s\"\n", *region)
 	} 
 	fmt.Printf("# Run this to configure your shell:\n")
 	fmt.Printf("# %s | Invoke-Expression \n", strings.Join(os.Args, " "))