Aws cli (#42)

* add aws sso login option
* add aws tab completion

Author: sei-tspencer

.claude/settings.json

@@ -1,7 +1,12 @@
 {
+  "env": {
+    "CLAUDE_CODE_USE_BEDROCK": "1",
+    "AWS_REGION": "us-east-1",
+    "AWS_PROFILE": "default"
+  },
   "permissions": {
     "additionalDirectories": [
-        "/mnt/data/crucible"
+      "/mnt/data/crucible"
     ]
   }
 }

.devcontainer/.aws/config.example

@@ -0,0 +1,15 @@
+# AWS SSO Configuration Template
+# Copy this file to 'config' and fill in your organization's values
+# Run 'scripts/aws-sso-login.sh' to authenticate
+
+[sso-session crucible-sso]
+sso_start_url = https://<YOUR-ORG>.awsapps.com/start>
+sso_region = <your-region>
+sso_registration_scopes = sso:account:access
+
+[profile default]
+sso_session = crucible-sso
+sso_account_id = <your-account-id>
+sso_role_name = <your-role>
+region = <your-region>
+output = json

.devcontainer/.gitignore

@@ -1 +1,4 @@
 .aws/credentials
+.aws/config
+.aws/sso*
+.aws/cli

.devcontainer/Dockerfile

@@ -2,6 +2,7 @@ FROM mcr.microsoft.com/devcontainers/dotnet:2.0.5-10.0-noble
 
 ARG TARGETARCH
 ARG DEBIAN_FRONTEND=noninteractive
+ARG AWS_CLI_VERSION="2.32.9"
 
 # Switch to root for configuring image
 USER root
@@ -48,6 +49,32 @@ RUN set -eux; \
 RUN git clone https://github.com/jaggedmountain/k-alias.git /tmp/k-alias && \
     cp /tmp/k-alias/[h,k]* /usr/local/bin
 
+# Install AWS CLI with Session Manager Plugin
+RUN case "${TARGETARCH}" in \
+    amd64)  AWSCLI_PKG="awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip" \
+    SSM_URL="https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" ;; \
+    arm64)  AWSCLI_PKG="awscli-exe-linux-aarch64-${AWS_CLI_VERSION}.zip" \
+    SSM_URL="https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_arm64/session-manager-plugin.deb" ;; \
+    *)      echo "Unsupported architecture: ${TARGETARCH}" >&2; exit 1 ;; \
+    esac && \
+    curl "https://awscli.amazonaws.com/${AWSCLI_PKG}" -o /tmp/awscliv2.zip && \
+    unzip -q /tmp/awscliv2.zip -d /tmp && \
+    /tmp/aws/install --update && \
+    curl "${SSM_URL}" -o /tmp/session-manager-plugin.deb && \
+    dpkg -i /tmp/session-manager-plugin.deb
+
+# Configure AWS CLI bash completion
+RUN echo '' >> /home/vscode/.bashrc && \
+    echo '# AWS CLI completion' >> /home/vscode/.bashrc && \
+    echo 'bind "set show-all-if-ambiguous on"' >> /home/vscode/.bashrc && \
+    echo 'complete -C /usr/local/bin/aws_completer aws' >> /home/vscode/.bashrc
+
+# Configure AWS CLI zsh completion (using bashcompinit for AWS CLI v2 compatibility)
+RUN echo '' >> /home/vscode/.zshrc && \
+    echo '# AWS CLI completion' >> /home/vscode/.zshrc && \
+    echo 'autoload -Uz bashcompinit && bashcompinit' >> /home/vscode/.zshrc && \
+    echo 'complete -C /usr/local/bin/aws_completer aws' >> /home/vscode/.zshrc
+
 # Configure ZSH History
 RUN mkdir -p "/home/vscode/.history" && touch "/home/vscode/.history/zsh_history" && \
     chown -R vscode:vscode /home/vscode/.history && \

.devcontainer/devcontainer.json

@@ -1,6 +1,9 @@
 {
   "name": "Crucible Development",
-  "runArgs": ["--name", "crucible-dev"],
+  "runArgs": [
+    "--name",
+    "crucible-dev"
+  ],
   "build": {
     "dockerfile": "Dockerfile"
   },
@@ -15,7 +18,11 @@
     "ghcr.io/devcontainers/features/node:1": {
       "installYarnUsingApt": false
     },
-    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
+    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
+      "version": "latest",
+      "kubectl": "latest",
+      "helm": "latest"
+    },
     "ghcr.io/devcontainers-extra/features/markdownlint-cli2:1": {},
     "ghcr.io/devcontainers/features/github-cli:1": {},
     "ghcr.io/devcontainers/features/php:1": {
@@ -36,7 +43,7 @@
     // Shell history
     "source=crucible-dev-shell-history,target=/home/vscode/.history,type=volume",
     // AWS credentials for Claude Code (optional)
-    "source=${localWorkspaceFolder}/.devcontainer/.aws,target=/home/vscode/.aws,type=bind,readonly",
+    "source=${localWorkspaceFolder}/.devcontainer/.aws,target=/home/vscode/.aws,type=bind",
     // Claude Code data (sessions, history, todos, etc.)
     "source=crucible-dev-claude,target=/home/vscode/.claude,type=volume"
   ],
@@ -60,7 +67,8 @@
         "shardulm94.trailing-spaces",
         "shd101wyy.markdown-preview-enhanced",
         "pflannery.vscode-versionlens",
-        "Anthropic.claude-code"
+        "Anthropic.claude-code",
+        "AmazonWebServices.aws-toolkit-vscode"
       ],
       "settings": {
         "editor.formatOnSave": true,

README.md

@@ -29,9 +29,9 @@ Development certificates, including a CA, are generated at container build time
 
 ## Claude Code
 
-The dev container includes [Claude Code](https://docs.anthropic.com/en/docs/claude-code), Anthropic's CLI for Claude, configured to use AWS Bedrock via the official [Claude Code devcontainer feature](https://github.com/anthropics/devcontainer-features).
+The dev container includes [Claude Code](https://docs.anthropic.com/en/docs/claude-code), Anthropic's CLI for Claude, configured to use AWS Bedrock via the official [Claude Code devcontainer feature](https://github.com/anthropics/devcontainer-features).  There are two setup methods that can be used to authenticate to AWS.  Select the one that fits your use case.
 
-### Setup
+### Setup option 1 - credential authentication
 
 1. Copy the example credentials file:
    ```bash
@@ -49,6 +49,36 @@ The dev container includes [Claude Code](https://docs.anthropic.com/en/docs/clau
 
 The credentials file is mounted to `/home/vscode/.aws/credentials` inside the container and is excluded from git via `.devcontainer/.gitignore`.
 
+### Setup option 2 - sso login authentication
+
+1. Copy the example config file:
+   ```bash
+   cp .devcontainer/.aws/config.example .devcontainer/.aws/config
+   ```
+
+2. Edit `.devcontainer/.aws/config` and add your AWS account information:
+   ```ini
+   [sso-session crucible-sso]
+   sso_start_url = https://<YOUR-ORG>.awsapps.com/start
+   sso_region = <your-region>
+   sso_registration_scopes = sso:account:access
+
+   [profile default]
+   sso_session = crucible-sso
+   sso_account_id = <your-account-id>
+   sso_role_name = <your-role>
+   region = <your-region>
+   output = json
+   ```
+
+3. Build or rebuild the dev container
+4. Run the aws-sso-login.sh script
+   ```ini
+   scripts/aws-sso-login.sh
+   ```
+
+The config file is mounted to `/home/vscode/.aws/config` inside the container and is excluded from git via `.devcontainer/.gitignore`.
+
 ### Usage
 
 Once the container is running with valid credentials, run `claude` in the terminal to start Claude Code.

scripts/aws-sso-login.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# start clean
+rm -f /home/vscode/.aws/cli/cache/*
+# login
+aws sso login --sso-session crucible-sso
+# create a file with the aws credentials needed for moodle or other docker-in-docker containers
+aws configure export-credentials --profile default > /home/vscode/.aws/sso-credentials