Skip to content

Add a prompt to 'aws login' to warn users when updating a profile with existing credentials #9924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ashovlin wants to merge 1 commit into
base: v2
Choose a base branch
from
Open

Add a prompt to 'aws login' to warn users when updating a profile with existing credentials #9924

ashovlin wants to merge 1 commit into from
+154 −0

Conversation

@ashovlin
Copy link
Member

@ashovlin ashovlin commented Dec 16, 2025

Issue #, if available: #9869

Description of changes:

This adds a prompt to aws login to warn users when running it for a profile that already has a different style of credentials:

$ aws login

Warning: Profile 'default' is already configured with Access Key credentials. If you continue to log in, the CLI and other tools may continue to use the existing credentials instead.

You may run 'aws login --profile new-profile-name' to create a new profile, or else you may manually remove the existing credentials from 'default'.

Do you want to continue adding login credentials to 'default'? (y/n):

This should help avoid the confusing case where you run aws login but subsequent commands are still using different credentials.

I did not add support for clearing the other style of credentials yet. For access keys there wouldn't be an easy way to undo or retrieve them if we just delete them from the credentials file, so I'd want to be more careful here. If we get feedback, we could expand from y | n to y | n | clear in the future.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@hssyoo hssyoo self-requested a review December 17, 2025 18:54
hssyoo
hssyoo reviewed Dec 17, 2025
View reviewed changes
awscli/customizations/login/login.py
Comment on lines +212 to +213
f'If you continue to log in, the CLI and other tools may '
f'continue to use the existing credentials instead.\n\n'
Copy link
Contributor

@hssyoo hssyoo Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a weird experience and I feel like we should be gatekeeping here. Are there reasons we shouldn't just deny the login attempt here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hssyoo hssyoo hssyoo left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashovlin @hssyoo