proper profile support

build.zig.zon

@@ -9,6 +9,10 @@
         .lambda_build = .{
             .path = "tools/build",
         },
+        .aws = .{
+            .url = "git+https://git.lerch.org/lobo/aws-sdk-for-zig#686b18d1f4329e80cf6d9b916eaa0c231333edb9",
+            .hash = "aws-0.0.1-SbsFcAc3CgCdWfayHWFazNfJBxkzLyU2wOJSj7h4W17-",
+        },
     },
     // Specifies the set of files and directories that are included in this package.
     // Only files and directories listed here are included in the `hash` that

tools/build/src/deploy.zig

@@ -212,9 +212,6 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
         return error.InvalidArchitecture;
     }
 
-    // Note: Profile is expected to be set via AWS_PROFILE env var before invoking this tool
-    // (e.g., via aws-vault exec)
-
     // Get or create IAM role if not provided
     const role_arn = if (deploy_opts.role_arn) |r|
         try options.allocator.dupe(u8, r)
@@ -244,6 +241,7 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
     const aws_options = aws.Options{
         .client = client,
         .region = region,
+        .credential_options = .{ .profile = .{ .profile_name = options.profile } },
     };
 
     // Convert arch string to Lambda format
@@ -279,6 +277,7 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
         .client = client,
         .region = region,
         .diagnostics = &create_diagnostics,
+        .credential_options = .{ .profile = .{ .profile_name = options.profile } },
     };
 
     const create_result = aws.Request(services.lambda.create_function).call(.{

tools/build/src/iam.zig

@@ -58,9 +58,6 @@ fn printHelp(writer: *std.Io.Writer) void {
 /// Get or create an IAM role for Lambda execution
 /// Returns the role ARN
 pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
-    // Note: Profile is expected to be set via AWS_PROFILE env var before invoking this tool
-    // (e.g., via aws-vault exec)
-
     var client = aws.Client.init(options.allocator, .{});
     defer client.deinit();
 
@@ -73,12 +70,10 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
         .allocator = options.allocator,
     };
 
-    const region = options.region orelse "us-east-1"; // IAM is global, but needs a region for signing
-    _ = region;
-
     const aws_options = aws.Options{
         .client = client,
         .diagnostics = &diagnostics,
+        .credential_options = .{ .profile = .{ .profile_name = options.profile } },
     };
 
     const get_result = aws.Request(services.iam.get_role).call(.{
@@ -87,7 +82,7 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
         defer diagnostics.deinit();
         if (diagnostics.http_code == 404) {
             // Role doesn't exist, create it
-            return try createRole(options.allocator, role_name, client);
+            return try createRole(options.allocator, role_name, client, options.profile);
         }
         std.log.err("IAM GetRole failed: {} (HTTP {})", .{ err, diagnostics.http_code });
         return error.IamGetRoleFailed;
@@ -98,11 +93,12 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
     return try options.allocator.dupe(u8, get_result.response.role.arn);
 }
 
-fn createRole(allocator: std.mem.Allocator, role_name: []const u8, client: aws.Client) ![]const u8 {
+fn createRole(allocator: std.mem.Allocator, role_name: []const u8, client: aws.Client, profile: ?[]const u8) ![]const u8 {
     const services = aws.Services(.{.iam}){};
 
     const aws_options = aws.Options{
         .client = client,
+        .credential_options = .{ .profile = .{ .profile_name = profile } },
     };
 
     const assume_role_policy =