GithubHelp home page GithubHelp logo

reverbdotcom / awsume Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dialt0ne/awsume

0.0 6.0 0.0 269 KB

A utility for easily assuming AWS IAM roles from the command line.

Home Page: https://www.trek10.com/blog/awsume-aws-assume-made-awesome/

License: MIT License

Python 92.23% Shell 2.72% Batchfile 2.11% PowerShell 2.94%

awsume's Introduction

AWSume: AWS Assume Made Awesome

Utility for easily assuming AWS IAM roles from the command line, now in Python!

What is AWSume?

AWSume is a cross-platform (Mac, Linux, Windows) command-line tool that makes assuming AWS roles and setting user credentials from the AWS CLI easy! It works by scanning your .aws/config and .aws/credentials files for the profile you give it, making AWS calls to get that profile's credentials, and exporting those credentials to your shell's environment variables. Then, any AWS CLI calls you make in that shell will be under the profile you gave AWSume.

Installation

Pip Installation

AWSume has been conveniently wrapped into a Python package and installable with just one simple command:

pip install awsume

The installer places the python and shell scripts into your python directory. If you're using Bash or Zsh, the installer will add an alias definition (sources awsume when it's called) to their resource control file, either .bash_alias, .bashrc, .bash_profile, or .zshrc. When uninstalling AWSume, the alias definition will not be removed.

Once you have AWSume installed, you're ready to set up AWSume!

Console Plugin installation

Once you've installed AWSume, you can install the console plugin with:

awsume --install-plugin https://raw.githubusercontent.com/trek10inc/awsume/master/examplePlugin/console.py https://raw.githubusercontent.com/trek10inc/awsume/master/examplePlugin/console.yapsy-plugin

Setup

Configuring Using The AWS CLI

aws configure set <key> <value> --profile <profile_name>

Where:

  • key is what you would like to set within the config/credentials file, such as:
    • aws_access_key_id, aws_secret_access_key, region, output, mfa_serial, role_arn, or source_profile
  • value is the value you'd like to set the key to
  • profile_name is the name of the profile you are creating
    • profile_name is what you will pass into AWSume

Configuring Manually

Add profiles to

~/.aws/config (for macOS / Linux)

%userprofile%\.aws\config (for Windows)

~/.aws/config

[default]
region = us-east-1
[profile internal-admin]
role_arn = arn:aws:iam::<your aws account id>:role/admin-role
source_profile = joel
region = us-east-1
[profile client1-admin]
role_arn = arn:aws:iam::<client #1 account id>:role/admin-role
mfa_serial = arn:aws:iam::<your aws account id>:mfa/joel
source_profile = joel
region = us-west-2
[profile client2-admin]
role_arn = arn:aws:iam::<client #2 account id>:role/admin-role
mfa_serial = arn:aws:iam::<your aws account id>:mfa/joel
source_profile = joel
region = us-east-1

Add credentials to

~/.aws/credentials (for macOS / Linux)

%userprofile%\.aws\credentials (for Windows)

~/.aws/credentials

[default]
aws_access_key_id = AKIAIOIEUFSN9EXAMPLE
aws_secret_access_key = wJalrXIneUATF/K7MDENG/jeuFHEnfEXAMPLEKEY
[joel]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Plugins

AWSume is now extensible. It now comes with a built-in plugin manager! To get started developing plugins, check out our plugin documentation.

AWSume Console Plugin

To demonstrate the plugin manager, we've extended the functionality of AWSume through the AWSume Console plugin. This plugin will open the AWS console to the assumed role. Read about it here

Example Usages

awsume client1-source-profile Exports client1-source-profile credentials into current shell, will ask for MFA if needed

awsume client1-source-profile -n Exports client1-source-profile credentials into current shell, will usually not ask for MFA, but it will if client1-source-profile is a role profile instead of a source profile, and requires MFA

awsume client1-admin Exports client1-admin credentials into current shell, will ask for MFA if needed

awsume Exports the default profile's credentials into current shell, will ask for MFA if needed

awsume -d Exports the default profile's credentials into current shell, will ask for MFA if needed

awsume client1-admin -s Outputs export commands to shell, useful if you want to copy / paste into some other shell, will ask for MFA if needed

awsume client1-admin -r Delete cached credentials and refresh, will always prompt for MFA.

awsume client1-admin -a Exports auto-refresh profile to shell's AWS_DEFAULT_PROFILE and AWS_PROFILE environment variables, creates a profile in the .aws/credentials file called auto-refresh-client1-admin that contains profile's role credentials, and spawns a background process to auto-refresh those role credentials when they expire, for as long as the role's source profile is valid.

awsume client1-admin -k Removes the auto-refresh-client1-admin profile from the .aws/credentials file. If no more auto-refresh- profiles are left in the .aws/credentials file, the auto-refreshing background process will be killed.

awsume -k Removes all auto-refresh- profiles from the .aws/credentials file, and kills the auto-refreshing background process.

See our blog posts AWSume and AWSume - Now in Python for more details.

awsume's People

Contributors

mbarneyjr avatar hauboldj avatar shortjared avatar charlesguse avatar azurelogic avatar awarzon avatar gcohler avatar giuliocalzolari avatar jaykay avatar dyk avatar dialt0ne avatar kreece27 avatar

Watchers

Mike Costanza avatar Dan Melnick avatar James Cloos avatar Erik Benoist avatar Andrew Zimmerman avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.