Skip to content

Prevent 'aws login' from updating a profile with existing credentials #9924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ashovlin wants to merge 3 commits into
base: v2
Choose a base branch
from
Open

Prevent 'aws login' from updating a profile with existing credentials #9924

ashovlin wants to merge 3 commits into from
+105 −0

Conversation

@ashovlin
Copy link
Member

@ashovlin ashovlin commented Dec 16, 2025
edited
Loading

Issue #, if available: #9869

Description of changes:

This adds a prompt to aws login to warn users when running it for a profile that already has a different style of credentials:

$ aws login

Warning: Profile 'default' is already configured with Access Key credentials. If you continue to log in, the CLI and other tools may continue to use the existing credentials instead.

You may run 'aws login --profile new-profile-name' to create a new profile, or else you may manually remove the existing credentials from 'default'.

Do you want to continue adding login credentials to 'default'? (y/n):

This now prevents the user from proceeding if the profile already has existing credentials.

$ aws login

Error: Profile 'default' is already configured with Access Key credentials.

You may run 'aws login --profile new-profile-name' to create a new profile, or you must first manually remove the existing credentials from 'default'.

This should help avoid the confusing case where you run aws login but subsequent commands are still using different credentials.

I did not add support for clearing the other style of credentials yet. For access keys there wouldn't be an easy way to undo or retrieve them if we just delete them from the credentials file, so I'd want to be more careful here. If we get feedback, we could expand in the future.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@hssyoo hssyoo self-requested a review December 17, 2025 18:54
hssyoo
hssyoo reviewed Dec 17, 2025
View reviewed changes
@ashovlin ashovlin changed the title Add a prompt to 'aws login' to warn users when updating a profile with existing credentials Prevent 'aws login' from updating a profile with existing credentials Jan 5, 2026
@ashovlin ashovlin requested a review from hssyoo January 5, 2026 21:32
hssyoo
hssyoo approved these changes Jan 6, 2026
View reviewed changes
Copy link
Contributor

@hssyoo hssyoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had a non-blocking comment but otherwise 🏆

awscli/customizations/login/login.py
f'If you continue to log in, the CLI and other tools may '
f'continue to use the existing credentials instead.\n\n'
if existing_credentials_style:
uni_print(
Copy link
Contributor

@hssyoo hssyoo Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

non-blocking: It's a little weird that the command returns 0 and an error message is directed to stdout in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hssyoo hssyoo hssyoo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashovlin @hssyoo