Skip to content
/ aws-switchrole Public

a tool for generating temporary aws credentials as export commands when you want to assume a role.

License

MIT license
9 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hybby/aws-switchrole

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
aws_switchrole
aws_switchrole
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

aws-switchrole

a script to generate temporary credentials for aws roles.

use it if you need environment variablised credentials for use with tools that don't support role switching (looking at you apex).

usage

provide a profile name that you have configured in ~/.aws/config

$ aws-switchrole.py --profile profile-name [--duration-seconds <secs>]

if you don't provide a profile, you'll be asked to pick from a list.

optionally, provide a period of time you'd like the generated credentials to be valid for, in seconds (--duration-seconds). the minimum is 15 mins (900s). the maximum is 12 hrs (43200). an aws exception will be thrown if this is not valid. defaults to 1 hr (3600)

we then use the role_arn to perform an aws sts assume-role command and print out the resultant credentials as export commands, ready for you to use. for example:

export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_SESSION_TOKEN=xxx
export AWS_SECURITY_TOKEN=xxx

paste 'em into your shell and you're good to go for a while. creds last for one hour. sadly we can't set up the environment from a child process, so copy and pasting into your environment will have to do.

optionally the '--copy' option will copy the exports to the clipboard automatically

Installation

  1. pip install aws-switchrole
  2. ensure your ~/.aws/credentials and ~/.aws/config files are configured. i use the latter for profiles:
$ cat ~/.aws/credentials
[default]
aws_access_key_id = XXX
aws_secret_access_key = XXX

$ cat ~/.aws/config
[profile samplerole]
output = json
region = us-east-1
role_arn = arn:aws:iam::${aws_account_id_with_target_role}:role/SampleRoleName
mfa_serial = arn:aws:iam::${aws_account_id_with_iam_info}:mfa/your.iam.username
source_profile = default

Development

PRs welcome and encouraged.

Contributed code has to be compatible with python 2 and python 3

Publishing

for my own benefit, mainly.

make sure ~/.pypirc is configured correctly for pypitest and pypi.

tag your latest commit

git tag -a 0.1 'release notes'
git push --tags

upload to the test pypi with

python setup.py sdist upload -r pypitest

and the real one with

python setup.py sdist upload -r pypi

Set up

  • mkvirtualenv aws-switchrole
  • make requirements

Simulating package install

If you want to use the code as if it was installed in your virtualenv (for example to use the CLI tool while you develop):

  • pip install --editable . , where . is the path to the folder containing setup.py

About

a tool for generating temporary aws credentials as export commands when you want to assume a role.

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages