aswrap
aswrap copied to clipboard
Published
20 hours ago •
fujiwara
fujiwara
AWS assume role credential wrapper
aswrap
AWS assume role credential wrapper.
Description
aswrap is useful for some commands which couldn't resolve an assume role credentials in ~/.aws/credentials.
For example,
- Implemented with aws-sdk-go
- Terraform
- Packer
- etc.
Install
Place a aswrap command to your PATH and set an executable flag.
$ curl -Lso path/to/aswrap https://github.com/fujiwara/aswrap/releases/download/v0.0.3/aswrap && chmod +x path/to/aswrap
Or use Homebrew.
$ brew install fujiwara/tap/aswrap
Usage
# ~/.aws/credentials
[my-profile]
aws_access_key_id=XXX
aws_secret_access_key=YYY
[foo]
region=ap-northeast-1
source_profile=my-profile
role_arn=arn:aws:iam::999999999999:role/MyRole
As command wrapper
$ AWS_PROFILE=foo aswrap some_command [arg1 arg2...]
aswrap works as below.
- Find
AWS_PROFILEsection in ~/.aws/credentials and ~/.aws/config . - Call
aws sts assume-roleto a get temporary credentials. - Set the credentilas to environment variables.
-
AWS_ACCESS_KEY_ID -
AWS_SECRET_ACCESS_KEY -
AWS_SESSION_TOKEN -
AWS_REGIONif available in the section.
-
- Execute
some_commandwith args.
As env exporter
When aswrap is executed with no arguments, aswrap outputs shell script to export AWS credentials environment variables.
$ export AWS_PROFILE=foo
$ aswrap
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=eW8JjiLZk+mzNmEQJyORdzk....
export AWS_SESSION_TOKEN=2b0gN9qucmINvL8D4sgpLbzvJ31Es5/VBy9gYFpxKFWBrODYMBqcq5WksJGp9RW.....
export AWS_REGION=ap-northeast-1
You can set the credentials in current shell by eval.
$ eval "$(aswrap)"
Temporary credentials has expiration time (about 1 hour).
Requirements
- Perl (>= 5.14.0)
- required JSON::PP
- aws-cli
LICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Author
Copyright (c) 2017 FUJIWARA Shunichiro
fujiwara