awsudo
awsudo copied to clipboard
marceloboeira
> sudo-like behavior for role assumed access on AWS accounts
AWS allows us to get the STS expiration timestamp from the response, at this point we just assume 1 hour and use that hardcoded all around. More info: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
aws-cli supports a `source_profile` option in the config file which specifies which profile to get the credentials from. I actually don't have a `[default]` section in my ~/.aws/credentials file, so...
Right now, errors are not handled in a way... ```shell $ awsudo -u invalid echo bar thread 'main' panicked at 'Profile not found', src/main.rs:34:27 note: Run with `RUST_BACKTRACE=1` environment variable...
At this moment, we use `stdin/out` to both print the `Please type your MFA token...` and collect the MFA token. That can be intrusive to users that might want to...
It's often necessary to use unix pipes with `awsudo` credentials injection... ```shell cat foo.csv | awsudo -u staging s3_uploader ``` where **s3_uploader** is a binary that takes `stdin` and stream...
Make it possible to force / purge the cache e.g.: `awsudo -u production --force ...` -> forces the token generation
Sort of hard at this point, since there is no "docker-image" for AWS STS, it would have to be a REAL account structure, with some ROLE authorisation configured... Might be...
Metadata
Owner
Metadata
> sudo-like behavior for role assumed access on AWS accounts