Automic Vault

brew-Paketinformationen

awscli installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für awscli in AI-Agent-Workflows.

Installationsbefehl Sicherheitshinweise

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen 
sudo av install brew:awscli

macOS

Homebrew verifiziert · 100%
brew install awscli

local Homebrew formula metadata

Linux

Debian apt verifiziert · 92%
sudo apt install awscli

Debian stable package indexes · awscli · Quelle: deb.debian.org

Nix verifiziert · 92%
nix profile install nixpkgs#awscli

nixpkgs package indexes · pkgs/by-name/aw/awscli/package.nix · Quelle: api.github.com

Fedora dnf verifiziert · 92%
sudo dnf install aws

Fedora Rawhide package metadata · aws · Quelle: dl.fedoraproject.org

Windows

Chocolatey verifiziert · 92%
choco install awscli

Chocolatey community package catalog · awscli · Quelle: community.chocolatey.org

Scoop verifiziert · 92%
scoop install main/aws

Scoop official bucket manifest trees · bucket/aws.json · Quelle: api.github.com

Plattformhinweise

  • Homebrew publishes bottles for current macOS and Linux targets.
  • The examples directory is installed under $HOMEBREW_PREFIX/share/awscli/examples.

Überblick

Paketzusammenfassung

Automic Vault veröffentlicht paketspezifische Installationswege, Executable-Fakten und Sicherheitsmetadaten für awscli aus lokalen Paketdaten.

Befehle und Aliase

  • aws
  • aws_completer

Quellzusammenfassung

Official Amazon AWS command-line interface

Radioisotope

Plain Text Secrets

`aws` stores credentials as plaintext at ~/.aws/credentials. Our isotope securely locks them in the macOS keychain such that only the root-controlled `aws` launcher running isolated Python can retrieve them through AWS' native credential_process protocol. External AWS CLI legacy plugins are disabled because they can run inside that credential-approved process. Explicit `aws config export-credentials` output is approval gated.

Risikoklassifikator

orange Risiko · high Konfidenz · infrastructure

Warum

  • cloud infrastructure mutation tool

Signale

  • override:awscli

Installationsverhalten

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installiert mit 2 Laufzeitabhängigkeiten.
  • Build-Metadaten listen 1 Build-Abhängigkeiten.

Lokaler README-Auszug

Automic Vault aws-cli Isotope

The isotope now uses AWS' native credential_process protocol instead of placing AWS secrets in the aws process environment.

Implementation

Migration moves plain text keys from ~/.aws/credentials to the Keychain and installs this non-secret config in ~/.aws/config:

[default]
    credential_process = /usr/local/bin/av credential-helper aws

The installed /opt/awscli/bin/aws launcher runs AWS Python in isolated mode and mints a short-lived AUTOMIC_VAULT_CREDENTIAL_HELPER_TOKEN for the AWS process. The helper only answers when that token is present and the parent process is the root-controlled AWS launcher path running under isolated Python, so unrelated processes cannot call the helper directly to retrieve credentials and cannot use PYTHONPATH/sitecustomize injection to make AWS Python call it. The isotope also disables AWS CLI legacy external plugins because those plugins run as Python code inside the credential-approved AWS process.

aws config export-credentials is approval gated before it can print the credential-process result, including invocations with AWS global options before the config command.

Detection also treats aws login cache files under ~/.aws/login/cache as plain text credentials. Migration warns when those files are present because this isotope cannot safely migrate the result of aws login.

Caveats

We assume a single profile and user. If you have more complex credential requirements you should use brew:aws-vault-binary instead. It’s more cumbersome but also more capable.

AWS CLI legacy external plugins configured under [plugins] are intentionally disabled. If your workflow depends on them, use non-isotoped brew:awscli or a dedicated credential manager.

Quelle: data/radioisotopes/aws-cli/README.md

Caveats

  • We only support console allocated key/secret pairs.
  • We do not support `aws login` derived creds (PR welcome!). Note that if you authenticate in this manner we will continue to (correctly) report it as a secrets-hazard.
  • We do not support multiple profiles (use `brew:aws-vault-binary`)
  • We disable AWS CLI legacy external plugins configured under `[plugins]`.

Approval Gates

Human review metadata for risky commands

The local approval-gate seed includes 8 rules for awscli. Covered entrypoints: aws. Severity labels: critical, high. Coverage: partial, geprüft 2026-05-21.

Beispiele für gated Aktionen

  • Export AWS credentials to stdout or process environment formats.
  • Assume an AWS role and receive temporary credentials.
  • Read and print a secret from AWS Secrets Manager.
  • Delete S3 objects or buckets.
  • Recursively mutate S3 objects.
  • Create, update, or delete IAM access keys.
  • Create, update, deploy, or delete CloudFormation stacks.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
awscliglobal executablePrimary AWS command-line interface.
aws_completercompletion helperHomebrew executable; excluded from Automic Vault stubsShell completion helper for aws.

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-05-26
Manager-Version2.34.53
Manager aktualisiert2026-05-22
lokale Datenok
Upstreamcurrent
neueste erkannte Version2.34.53

https://github.com/aws/aws-cli

  • okEs wurden keine Aktualitätswarnungen generiert.

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:awscli
Version2.34.53
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/awscli
Homepagehttps://aws.amazon.com/cli/
Repositoryhttps://github.com/aws/aws-cli
Upstream-Dokumentationhttps://docs.aws.amazon.com/cli/
LizenzApache-2.0
Quellarchivhttps://github.com/aws/aws-cli/archive/refs/tags/2.34.53.tar.gz
Aktualisiert2026-05-22T22:50:32Z
verifiziert2026-05-23
Pulseupdated
Abhängigkeitenopenssl@3, python@3.14
Build-Abhängigkeitencmake
Von macOS bereitgestellte Bibliothekenlibffi, mandoc
Bottleverfügbar (arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert
CaveatsThe examples directory has been installed to $HOMEBREW_PREFIX/share/awscli/examples.

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandt

  • aws-vault-binaryCredential manager for AWS CLI workflows.
  • aws-sam-cliBuilds, tests, and deploys AWS SAM serverless applications.
  • eksctlCreates and manages Amazon EKS clusters.
  • s3cmdS3-focused command-line tool.
  • awscli-localLocalStack wrapper around the AWS CLI.
  • openssl@3Runtime dependency declared by Homebrew.
  • python@3.14Runtime dependency declared by Homebrew.
  • cmakeBuild dependency declared by Homebrew.
  • rosa-cliPopular package that depends on this formula.
  • iamyPopular package that depends on this formula.
  • awscli@1Package name indicates the same formula family.

Auch verfügbar über

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von scripts/generate-pkg-pages.py geschrieben. Deployments verweigern die Veröffentlichung, wenn www/pkg/ gegenüber lokalen Paketdaten veraltet ist.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • cross-ecosystem install command graph
  • local isotope README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • package-page supplement data/pkg-pages/brew/awscli.json
  • radioisotope security manifest