Share AWS Vault on WSL

I've installed and configured AWS Vault in Windows. Now I need to execute some bash scripts which use account impersonation. I don't want to setup AWS Vault again for Windows Subsystem for Linux (WSL), so let's see how we can link AWS Vault using an alias.

AWS Vault, where art thou?

To locate where AWS Vault is installed on your system, you can execute the following in PowerShell:

Get-Command aws-vault

I installed AWS Vault using Chocolatey, so it is located in the directory C:\ProgramData\chocolatey\bin\aws-vault.exe.

Setup aws-vault alias in WSL

When you open up WSL you'll find out that you can actually run Windows applications from your command-line. In my case this works:

/mnt/c/ProgramData/chocolatey/bin/aws-vault.exe --version

So the only thing we need to do is setup an alias to access the Windows application:

  1. Open WSL (using the wsl command or bash).
  2. Execute nano ~/.bash_profile to open (or create) the Bash profile.
  3. Add the path to AWS Vault on a new line:
    alias aws-vault="/mnt/c/ProgramData/chocolatey/bin/aws-vault.exe"
  4. Save (ctrl+x and yes).
  5. Reload the Bash profile: . ~/.bash_profile
  6. Check if it works by doing: aws-vault --version

Example ECR login

Why did I need this? Well I want to connect AWS Elastic Container Registry (ECR) to Docker. In order to access the it, I need to impersonate my dev account, and retrieve the login for Docker. My script looks like this:

aws-vault exec my_impersonated_dev_account \
aws ecr get-login-password --region eu-west-1 | \
docker login \
  --username AWS \
  --password-stdin 123456789012.dkr.ecr.eu-west-1.amazonaws.com

Works like a charm.

expand_less