@goldstack/infra-aws 0.3.30 → 0.3.34

package/dist/src/infraAws.spec.js

@@ -1,13 +1,14 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const infraAws_1 = require("./infraAws");
-const utils_sh_1 = require("@goldstack/utils-sh");
-const assert_1 = __importDefault(require("assert"));
-describe('AWS User config', () => {
-    it('Should read AWS config from Goldstack config file', async () => {
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const infraAws_1 = require("./infraAws");
+const utils_sh_1 = require("@goldstack/utils-sh");
+const assert_1 = __importDefault(require("assert"));
+const path_1 = __importDefault(require("path"));
+describe('AWS User config', () => {
+    it.skip('Should read AWS config from Goldstack config file', async () => {
         const awsConfig = `{
   "users": [
     {
@@ -29,47 +30,91 @@ describe('AWS User config', () => {
       }
     }
   ]
-}`;
-        const testDir = './goldstackLocal/tests/getAWSUser';
-        (0, utils_sh_1.mkdir)('-p', testDir);
-        (0, utils_sh_1.write)(awsConfig, testDir + '/config-embedded.json');
-        const credentialsDev = await (0, infraAws_1.getAWSUser)('goldstack-dev', testDir + '/config-embedded.json');
-        (0, assert_1.default)(credentialsDev.accessKeyId === 'dummy');
-        const credentialsProd = await (0, infraAws_1.getAWSUser)('goldstack-prod', testDir + '/config-embedded.json');
-        (0, assert_1.default)(credentialsProd.accessKeyId === 'dummy-prod');
-    });
-    // problems when initialising AWS config more than once, so leaving this as one test for now
-    // following difficult to test
-    it.skip('Should read from AWS config in user folder if no config provided', async () => {
-        const credentials = await (0, infraAws_1.getAWSUser)('default', './invalid');
-        (0, assert_1.default)(credentials.accessKeyId);
-    });
-    it.skip('Should read from AWS config in user folder if credentials config provided', async () => {
-        const testDir = './goldstackLocal/tests/getAWSUser';
+}`;
+        const testDir = './goldstackLocal/tests/getAWSUser';
+        (0, utils_sh_1.mkdir)('-p', testDir);
+        (0, utils_sh_1.write)(awsConfig, testDir + '/config-embedded.json');
+        const credentialsDev = await (0, infraAws_1.getAWSUser)('goldstack-dev', testDir + '/config-embedded.json');
+        (0, assert_1.default)(credentialsDev.accessKeyId === 'dummy');
+        const credentialsProd = await (0, infraAws_1.getAWSUser)('goldstack-prod', testDir + '/config-embedded.json');
+        (0, assert_1.default)(credentialsProd.accessKeyId === 'dummy-prod');
+    });
+    // problems when initialising AWS config more than once, so leaving this as one test for now
+    // following difficult to test
+    it.skip('Should read from AWS config in user folder if no config provided', async () => {
+        const credentials = await (0, infraAws_1.getAWSUser)('default', './invalid');
+        (0, assert_1.default)(credentials.accessKeyId);
+    });
+    it('Should read from AWS credentials file', async () => {
+        const testDir = './goldstackLocal/tests/getAWSUser';
         const awsConfig = `{
   "users": [
     {
       "name": "dev",
       "type": "profile",
       "config": {
-        "profile": "default",
-        "awsDefaultRegion": "us-west-2"
+        "profile": "goldstack-dev",
+        "awsDefaultRegion": "us-west-2",
+        "awsCredentialsFileName": "${path_1.default
+            .resolve('./testData/awsCredentials')
+            .replace(/\\/g, '/')}"
       }
-    },
+    }
+  ]
+}`;
+        (0, utils_sh_1.mkdir)('-p', testDir);
+        (0, utils_sh_1.write)(awsConfig, testDir + '/config.json');
+        const credentialsDev = await (0, infraAws_1.getAWSUser)('dev', testDir + '/config.json');
+        expect(credentialsDev.secretAccessKey).toEqual('devsecret');
+        expect(credentialsDev.accessKeyId).toEqual('devkey');
+    });
+    it('Should load credentials using a credentials source defined in the credentials file', async () => {
+        const testDir = './goldstackLocal/tests/getAWSUser';
+        const awsConfig = `{
+  "users": [
     {
-      "name": "prod",
+      "name": "process",
       "type": "profile",
       "config": {
-        "profile": "prod",
-        "awsDefaultRegion": "us-west-2"
+        "profile": "with-process",
+        "awsDefaultRegion": "us-west-2",
+        "credentialsSource": "process",
+        "awsCredentialsFileName": "${path_1.default
+            .resolve('./testData/awsCredentials')
+            .replace(/\\/g, '/')}"
+      }
+    }
+  ]
+}`;
+        (0, utils_sh_1.mkdir)('-p', testDir);
+        (0, utils_sh_1.write)(awsConfig, testDir + '/config.json');
+        const credentialsProcess = await (0, infraAws_1.getAWSUser)('process', testDir + '/config.json');
+        expect(credentialsProcess.secretAccessKey).toEqual('processsecret');
+        expect(credentialsProcess.accessKeyId).toEqual('processkey');
+    });
+    it('Should load credentials using a credentials source defined in the config file', async () => {
+        const testDir = './goldstackLocal/tests/getAWSUser';
+        const awsConfig = `{
+  "users": [
+    {
+      "name": "process-from-config",
+      "type": "profile",
+      "config": {
+        "profile": "with-process",
+        "awsDefaultRegion": "us-west-2",
+        "credentialsSource": "process",
+        "awsConfigFileName": "${path_1.default
+            .resolve('./testData/awsConfig')
+            .replace(/\\/g, '/')}"
       }
     }
   ]
-}`;
-        (0, utils_sh_1.mkdir)('-p', testDir);
-        (0, utils_sh_1.write)(awsConfig, testDir + '/config.json');
-        const credentialsDefault = await (0, infraAws_1.getAWSUser)('dev', testDir + '/config.json');
-        (0, assert_1.default)(credentialsDefault.accessKeyId);
-    });
-});
+}`;
+        (0, utils_sh_1.mkdir)('-p', testDir);
+        (0, utils_sh_1.write)(awsConfig, testDir + '/config.json');
+        const credentialsProcessFromConfig = await (0, infraAws_1.getAWSUser)('process-from-config', testDir + '/config.json');
+        expect(credentialsProcessFromConfig.secretAccessKey).toEqual('processsecret');
+        expect(credentialsProcessFromConfig.accessKeyId).toEqual('processkey');
+    });
+});
 //# sourceMappingURL=infraAws.spec.js.map

package/dist/src/infraAws.spec.js.map

@@ -1 +1 @@
-{"version":3,"file":"infraAws.spec.js","sourceRoot":"","sources":["../../src/infraAws.spec.ts"],"names":[],"mappings":";;;;;AAAA,yCAAwC;AACxC,kDAAmD;AACnD,oDAA4B;AAE5B,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;EAqBpB,CAAC;QACC,MAAM,OAAO,GAAG,mCAAmC,CAAC;QACpD,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,uBAAuB,CAAC,CAAC;QACpD,MAAM,cAAc,GAAG,MAAM,IAAA,qBAAU,EACrC,eAAe,EACf,OAAO,GAAG,uBAAuB,CAClC,CAAC;QACF,IAAA,gBAAM,EAAC,cAAc,CAAC,WAAW,KAAK,OAAO,CAAC,CAAC;QAC/C,MAAM,eAAe,GAAG,MAAM,IAAA,qBAAU,EACtC,gBAAgB,EAChB,OAAO,GAAG,uBAAuB,CAClC,CAAC;QACF,IAAA,gBAAM,EAAC,eAAe,CAAC,WAAW,KAAK,YAAY,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,4FAA4F;IAE5F,8BAA8B;IAC9B,EAAE,CAAC,IAAI,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAU,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC7D,IAAA,gBAAM,EAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,IAAI,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QAC9F,MAAM,OAAO,GAAG,mCAAmC,CAAC;QAEpD,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;EAmBpB,CAAC;QAEC,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,cAAc,CAAC,CAAC;QAC3C,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAU,EACzC,KAAK,EACL,OAAO,GAAG,cAAc,CACzB,CAAC;QACF,IAAA,gBAAM,EAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"infraAws.spec.js","sourceRoot":"","sources":["../../src/infraAws.spec.ts"],"names":[],"mappings":";;;;;AAAA,yCAAwC;AACxC,kDAAmD;AACnD,oDAA4B;AAC5B,gDAAwB;AAExB,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,IAAI,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;EAqBpB,CAAC;QACC,MAAM,OAAO,GAAG,mCAAmC,CAAC;QACpD,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,uBAAuB,CAAC,CAAC;QACpD,MAAM,cAAc,GAAG,MAAM,IAAA,qBAAU,EACrC,eAAe,EACf,OAAO,GAAG,uBAAuB,CAClC,CAAC;QACF,IAAA,gBAAM,EAAC,cAAc,CAAC,WAAW,KAAK,OAAO,CAAC,CAAC;QAC/C,MAAM,eAAe,GAAG,MAAM,IAAA,qBAAU,EACtC,gBAAgB,EAChB,OAAO,GAAG,uBAAuB,CAClC,CAAC;QACF,IAAA,gBAAM,EAAC,eAAe,CAAC,WAAW,KAAK,YAAY,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,4FAA4F;IAE5F,8BAA8B;IAC9B,EAAE,CAAC,IAAI,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAU,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC7D,IAAA,gBAAM,EAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,OAAO,GAAG,mCAAmC,CAAC;QAEpD,MAAM,SAAS,GAAG;;;;;;;;qCAQe,cAAI;aAC9B,OAAO,CAAC,2BAA2B,CAAC;aACpC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;;;;EAI5B,CAAC;QAEC,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,cAAc,CAAC,CAAC;QAE3C,MAAM,cAAc,GAAG,MAAM,IAAA,qBAAU,EAAC,KAAK,EAAE,OAAO,GAAG,cAAc,CAAC,CAAC;QACzE,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oFAAoF,EAAE,KAAK,IAAI,EAAE;QAClG,MAAM,OAAO,GAAG,mCAAmC,CAAC;QAEpD,MAAM,SAAS,GAAG;;;;;;;;;qCASe,cAAI;aAC9B,OAAO,CAAC,2BAA2B,CAAC;aACpC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;;;;EAI5B,CAAC;QAEC,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,cAAc,CAAC,CAAC;QAE3C,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAU,EACzC,SAAS,EACT,OAAO,GAAG,cAAc,CACzB,CAAC;QACF,MAAM,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACpE,MAAM,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,OAAO,GAAG,mCAAmC,CAAC;QAEpD,MAAM,SAAS,GAAG;;;;;;;;;gCASU,cAAI;aACzB,OAAO,CAAC,sBAAsB,CAAC;aAC/B,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;;;;EAI5B,CAAC;QAEC,IAAA,gBAAK,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrB,IAAA,gBAAK,EAAC,SAAS,EAAE,OAAO,GAAG,cAAc,CAAC,CAAC;QAE3C,MAAM,4BAA4B,GAAG,MAAM,IAAA,qBAAU,EACnD,qBAAqB,EACrB,OAAO,GAAG,cAAc,CACzB,CAAC;QACF,MAAM,CAAC,4BAA4B,CAAC,eAAe,CAAC,CAAC,OAAO,CAC1D,eAAe,CAChB,CAAC;QACF,MAAM,CAAC,4BAA4B,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/schemas/accountConfigSchema.json

@@ -1,207 +1,223 @@
-{
-    "$ref": "#/definitions/AWSConfiguration",
-    "$schema": "http://json-schema.org/draft-07/schema#",
-    "definitions": {
-        "AWSAPIKeyUserConfig": {
-            "additionalProperties": false,
-            "description": "User accessing AWS using an access key id and secret access key. Only recommended for users used during development. The provided credentials will be included in the downloaded package but by default will not be committed to git.",
-            "properties": {
-                "awsAccessKeyId": {
-                    "$ref": "#/definitions/AWSAccessKeyId"
-                },
-                "awsDefaultRegion": {
-                    "$ref": "#/definitions/AWSRegion"
-                },
-                "awsSecretAccessKey": {
-                    "$ref": "#/definitions/AWSSecretAccessKey"
-                }
-            },
-            "required": [
-                "awsDefaultRegion"
-            ],
-            "title": "AWS API Key User Configuration",
-            "type": "object"
-        },
-        "AWSAccessKeyId": {
-            "description": "Access key for this user.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Access Key Id",
-            "type": "string"
-        },
-        "AWSAccessKeyIdVariableName": {
-            "description": "Name of environment variable for AWS Access Key Id. When in doubt, use AWS_ACCESS_KEY_ID.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Access Key Id Variable Name",
-            "type": "string"
-        },
-        "AWSConfiguration": {
-            "additionalProperties": false,
-            "description": "Global configuration for deploying to AWS.",
-            "properties": {
-                "users": {
-                    "$ref": "#/definitions/AWSUsers"
-                }
-            },
-            "required": [
-                "users"
-            ],
-            "title": "AWS Configuration",
-            "type": "object"
-        },
-        "AWSDefaultRegionVariableName": {
-            "description": "Name of environment variable for AWS Default Region. When in doubt, use AWS_DEFAULT_REGION.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Default Region Varialbe Name",
-            "type": "string"
-        },
-        "AWSDeploymentRegion": {
-            "description": "AWS region that infrastructure should be deployed to.",
-            "enum": [
-                "us-east-1",
-                "us-east-2",
-                "us-west-1",
-                "us-west-2",
-                "af-south-1",
-                "ap-east-1",
-                "ap-south-1",
-                "ap-northeast-3",
-                "ap-northeast-2",
-                "ap-southeast-1",
-                "ap-southeast-2",
-                "ap-northeast-1",
-                "ca-central-1",
-                "eu-central-1",
-                "eu-west-1",
-                "eu-west-2",
-                "eu-south-1",
-                "eu-west-3",
-                "eu-north-1",
-                "me-south-1",
-                "sa-east-1"
-            ],
-            "title": "AWS Deployment Region",
-            "type": "string"
-        },
-        "AWSEnvironmentVariableUserConfig": {
-            "additionalProperties": false,
-            "description": "Obtain AWS user from environment variables. This will be useful for CI/CD.",
-            "properties": {
-                "awsAccessKeyIdVariableName": {
-                    "$ref": "#/definitions/AWSAccessKeyIdVariableName"
-                },
-                "awsDefaultRegionVariableName": {
-                    "$ref": "#/definitions/AWSDefaultRegionVariableName"
-                },
-                "awsSecretAccessKeyVariableName": {
-                    "$ref": "#/definitions/AWSSecretAccessKeyVariableName"
-                }
-            },
-            "required": [
-                "awsAccessKeyIdVariableName",
-                "awsSecretAccessKeyVariableName",
-                "awsDefaultRegionVariableName"
-            ],
-            "title": "AWS Environment Variable User Configuration",
-            "type": "object"
-        },
-        "AWSProfileConfig": {
-            "additionalProperties": false,
-            "description": "User that is configured using the aws cli. Useful for development environments.",
-            "properties": {
-                "awsDefaultRegion": {
-                    "$ref": "#/definitions/AWSRegion"
-                },
-                "profile": {
-                    "$ref": "#/definitions/Profile"
-                }
-            },
-            "required": [
-                "profile",
-                "awsDefaultRegion"
-            ],
-            "title": "AWS Local User Configuration",
-            "type": "object"
-        },
-        "AWSRegion": {
-            "$ref": "#/definitions/AWSDeploymentRegion",
-            "description": "Default AWS region to use.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Region"
-        },
-        "AWSSecretAccessKey": {
-            "description": "Secret key for this user.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Secret Access Key",
-            "type": "string"
-        },
-        "AWSSecretAccessKeyVariableName": {
-            "description": "Name of environment variable for AWS Secret Access Key. When in doubt, use AWS_SECRET_ACCESS_KEY.",
-            "pattern": "^[^\\s]*$",
-            "title": "AWS Secret Access Key Variable Name",
-            "type": "string"
-        },
-        "AWSUser": {
-            "additionalProperties": false,
-            "description": "AWS user",
-            "properties": {
-                "config": {
-                    "$ref": "#/definitions/AwsUserConfig"
-                },
-                "name": {
-                    "$ref": "#/definitions/Name"
-                },
-                "type": {
-                    "$ref": "#/definitions/Type"
-                }
-            },
-            "required": [
-                "name",
-                "type",
-                "config"
-            ],
-            "title": "AWS User",
-            "type": "object"
-        },
-        "AWSUsers": {
-            "items": {
-                "$ref": "#/definitions/AWSUser"
-            },
-            "type": "array"
-        },
-        "AwsUserConfig": {
-            "anyOf": [
-                {
-                    "$ref": "#/definitions/AWSProfileConfig"
-                },
-                {
-                    "$ref": "#/definitions/AWSEnvironmentVariableUserConfig"
-                },
-                {
-                    "$ref": "#/definitions/AWSAPIKeyUserConfig"
-                }
-            ]
-        },
-        "Name": {
-            "description": "Identifier for this user. No spaces allowed.",
-            "pattern": "^[^\\s]*$",
-            "title": "Name",
-            "type": "string"
-        },
-        "Profile": {
-            "description": "Profile name of the user configured with the aws cli. When in doubt, use `default`.",
-            "pattern": "^[^\\s]*$",
-            "title": "Profile",
-            "type": "string"
-        },
-        "Type": {
-            "description": "Type of this user.",
-            "enum": [
-                "apiKey",
-                "profile",
-                "environmentVariables"
-            ],
-            "title": "Type",
-            "type": "string"
-        }
-    }
-}
+{
+    "$ref": "#/definitions/AWSConfiguration",
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "definitions": {
+        "AWSAPIKeyUserConfig": {
+            "additionalProperties": false,
+            "description": "User accessing AWS using an access key id and secret access key. Only recommended for users used during development. The provided credentials will be included in the downloaded package but by default will not be committed to git.",
+            "properties": {
+                "awsAccessKeyId": {
+                    "$ref": "#/definitions/AWSAccessKeyId"
+                },
+                "awsDefaultRegion": {
+                    "$ref": "#/definitions/AWSRegion"
+                },
+                "awsSecretAccessKey": {
+                    "$ref": "#/definitions/AWSSecretAccessKey"
+                }
+            },
+            "required": [
+                "awsDefaultRegion"
+            ],
+            "title": "AWS API Key User Configuration",
+            "type": "object"
+        },
+        "AWSAccessKeyId": {
+            "description": "Access key for this user.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Access Key Id",
+            "type": "string"
+        },
+        "AWSAccessKeyIdVariableName": {
+            "description": "Name of environment variable for AWS Access Key Id. When in doubt, use AWS_ACCESS_KEY_ID.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Access Key Id Variable Name",
+            "type": "string"
+        },
+        "AWSConfiguration": {
+            "additionalProperties": false,
+            "description": "Global configuration for deploying to AWS.",
+            "properties": {
+                "users": {
+                    "$ref": "#/definitions/AWSUsers"
+                }
+            },
+            "required": [
+                "users"
+            ],
+            "title": "AWS Configuration",
+            "type": "object"
+        },
+        "AWSDefaultRegionVariableName": {
+            "description": "Name of environment variable for AWS Default Region. When in doubt, use AWS_DEFAULT_REGION.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Default Region Varialbe Name",
+            "type": "string"
+        },
+        "AWSDeploymentRegion": {
+            "description": "AWS region that infrastructure should be deployed to.",
+            "enum": [
+                "us-east-1",
+                "us-east-2",
+                "us-west-1",
+                "us-west-2",
+                "af-south-1",
+                "ap-east-1",
+                "ap-south-1",
+                "ap-northeast-3",
+                "ap-northeast-2",
+                "ap-southeast-1",
+                "ap-southeast-2",
+                "ap-northeast-1",
+                "ca-central-1",
+                "eu-central-1",
+                "eu-west-1",
+                "eu-west-2",
+                "eu-south-1",
+                "eu-west-3",
+                "eu-north-1",
+                "me-south-1",
+                "sa-east-1"
+            ],
+            "title": "AWS Deployment Region",
+            "type": "string"
+        },
+        "AWSEnvironmentVariableUserConfig": {
+            "additionalProperties": false,
+            "description": "Obtain AWS user from environment variables. This will be useful for CI/CD.",
+            "properties": {
+                "awsAccessKeyIdVariableName": {
+                    "$ref": "#/definitions/AWSAccessKeyIdVariableName"
+                },
+                "awsDefaultRegionVariableName": {
+                    "$ref": "#/definitions/AWSDefaultRegionVariableName"
+                },
+                "awsSecretAccessKeyVariableName": {
+                    "$ref": "#/definitions/AWSSecretAccessKeyVariableName"
+                }
+            },
+            "required": [
+                "awsAccessKeyIdVariableName",
+                "awsSecretAccessKeyVariableName",
+                "awsDefaultRegionVariableName"
+            ],
+            "title": "AWS Environment Variable User Configuration",
+            "type": "object"
+        },
+        "AWSProfileConfig": {
+            "additionalProperties": false,
+            "description": "User that is configured using the aws cli. Useful for development environments.",
+            "properties": {
+                "awsConfigFileName": {
+                    "description": "Path to the AWS configuration, e.g. `~/.aws/config`. If environment variable `AWS_CONFIG_FILE` is set, this is ignored.",
+                    "type": "string"
+                },
+                "awsCredentialsFileName": {
+                    "description": "Path to the AWS configuration, e.g. `~/.aws/credentials`. If environment variable `AWS_SHARED_CREDENTIALS_FILE` is set, this is ignored.",
+                    "type": "string"
+                },
+                "awsDefaultRegion": {
+                    "$ref": "#/definitions/AWSRegion"
+                },
+                "credentialsSource": {
+                    "$ref": "#/definitions/CredentialsSource",
+                    "description": "Set to `process`, if credentials should be loaded by running a `credential-process` defined in the AWS credentials configuration. See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html"
+                },
+                "profile": {
+                    "$ref": "#/definitions/Profile"
+                }
+            },
+            "required": [
+                "profile",
+                "awsDefaultRegion"
+            ],
+            "title": "AWS Local User Configuration",
+            "type": "object"
+        },
+        "AWSRegion": {
+            "$ref": "#/definitions/AWSDeploymentRegion",
+            "description": "Default AWS region to use.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Region"
+        },
+        "AWSSecretAccessKey": {
+            "description": "Secret key for this user.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Secret Access Key",
+            "type": "string"
+        },
+        "AWSSecretAccessKeyVariableName": {
+            "description": "Name of environment variable for AWS Secret Access Key. When in doubt, use AWS_SECRET_ACCESS_KEY.",
+            "pattern": "^[^\\s]*$",
+            "title": "AWS Secret Access Key Variable Name",
+            "type": "string"
+        },
+        "AWSUser": {
+            "additionalProperties": false,
+            "description": "AWS user",
+            "properties": {
+                "config": {
+                    "$ref": "#/definitions/AwsUserConfig"
+                },
+                "name": {
+                    "$ref": "#/definitions/Name"
+                },
+                "type": {
+                    "$ref": "#/definitions/Type"
+                }
+            },
+            "required": [
+                "name",
+                "type",
+                "config"
+            ],
+            "title": "AWS User",
+            "type": "object"
+        },
+        "AWSUsers": {
+            "items": {
+                "$ref": "#/definitions/AWSUser"
+            },
+            "type": "array"
+        },
+        "AwsUserConfig": {
+            "anyOf": [
+                {
+                    "$ref": "#/definitions/AWSProfileConfig"
+                },
+                {
+                    "$ref": "#/definitions/AWSEnvironmentVariableUserConfig"
+                },
+                {
+                    "$ref": "#/definitions/AWSAPIKeyUserConfig"
+                }
+            ]
+        },
+        "CredentialsSource": {
+            "const": "process",
+            "type": "string"
+        },
+        "Name": {
+            "description": "Identifier for this user. No spaces allowed.",
+            "pattern": "^[^\\s]*$",
+            "title": "Name",
+            "type": "string"
+        },
+        "Profile": {
+            "description": "Profile name of the user configured with the aws cli. When in doubt, use `default`.",
+            "pattern": "^[^\\s]*$",
+            "title": "Profile",
+            "type": "string"
+        },
+        "Type": {
+            "description": "Type of this user.",
+            "enum": [
+                "apiKey",
+                "profile",
+                "environmentVariables"
+            ],
+            "title": "Type",
+            "type": "string"
+        }
+    }
+}