aws-codedeploy-session-helper 0.9.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d22cb073dbe07046bf1e20755b20aca69409765b
+  data.tar.gz: 62f15cdf8589766b301aec978fca68d8004cfa22
+SHA512:
+  metadata.gz: 0898802a080c7b1ae3ee7807bd58f58cfb9e6c3a00642dd791d6b395122680c7ae856ac0ef6577e1b442c18dfbf7261b6e7d332dde551805b50882012a10e21c
+  data.tar.gz: ea1ca651b27b17c99c3e1dce17c5577399510b1e8a01779fcd96fe3c61349fb00df7088c9de2aba7b3196cc7c5dbf3fff8ad98c347507573f4458b0bea6f9734

data/bin/get_sts_creds

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require File.expand_path('../../lib/STSCredentialsProvider', __FILE__)
+
+# Setup parser
+options = {}
+OptionParser.new do |parser|
+  parser.banner = "Usage: get_sts_creds --role-arn ROLE_ARN --file FILEPATH [options]"
+  parser.on("-h", "--help", "Show this help message", "\tNote: Pass credentials using environment variables or credentials file, see http://docs.aws.amazon.com/sdk-for-ruby/v2/developer-guide/setup-config.html") do ||
+    puts parser
+    exit
+  end
+
+  parser.on("--role-arn ROLE_ARN", "[required] The IAM ARN that the AWS IAM Role that the session credentials will assume",
+            "\tExample: '--role-arn arn:aws:iam::123456789012:role/FooRole'") do |v|
+    options[:role] = v
+  end
+  parser.on("--file FILEPATH", "[required] The fully qualified file path that the session credentials will be writen to",
+            "\tExample: '--file /foo/baz/aws_session_creds'") do |v|
+    options[:creds_file] = v
+  end
+  parser.on("--region REGION", "The AWS region for configuring outbound AWS calls",
+            "By default, this tool will check the AWS_REGION environment variable", "\tExample: '--region us-east-1'") do |v|
+    options[:region] = v
+  end
+  parser.on("--session-name-override SESSION_NAME", "The name for the IAM Session that will be included in the AWS STS Session ARN",
+            "By default, this tool will use the HOSTNAME of the current.",
+            "\tExample: '--session-name-override test-session'") do |v|
+    options[:session_name] = v
+  end
+  parser.on("--duration SECONDS", "The duration (in seconds) of the life of the session credentials that this tool generates",
+            "Defaults to 3600, or one hour. Value must be between 900 and 3600",
+            "\tExample: '--duration 1800'") do |v|
+    options[:duration] = v
+  end
+  parser.on("--print-session-arn", "Provide this flag to have the tool output (STDOUT) the ARN of the STS Session",
+            "Defaults to not printing arn") do |v|
+    options[:output_arn] = v
+  end
+end.parse!
+
+provider = STSCredentialsProvider.new(options)
+provider.get

data/lib/STSCredentialsProvider.rb

@@ -0,0 +1,62 @@
+require 'aws-sdk-core'
+require 'socket'
+
+class STSCredentialsProvider
+    def initialize(args)
+        raise ArgumentError.new("Param to STSCredentialsProvider.new() must be present, of type hash") if args.nil? or !args.is_a? Hash
+        @role = args[:role]
+        @creds_file = args[:creds_file]
+        @region = args[:region]
+        @session_name = args[:session_name]
+        @duration = args[:duration]
+        @output_arn = args[:output_arn]
+
+        # Validation
+        raise ArgumentError.new("No value for AWS IAM Role that the session credentials will assume, use --role-arn ROLE_ARN") if @role.nil?
+
+        raise ArgumentError.new("No value for the fully qualified path that the session credentials will be written to, use --file FILEPATH") if @creds_file.nil?
+        raise ArgumentError.new("Unable to write to directory " + File.dirname(@creds_file) + ".") unless File.writable?(File.dirname(@creds_file))
+        raise ArgumentError.new("Unable to write to file " + @creds_file + ".") unless (File.exist?(@creds_file) ? File.writable?(@creds_file) : true)
+
+        @session_name = Socket.gethostname if @session_name.nil?
+    end
+
+    def configure_aws_client
+        Aws.use_bundled_cert!
+        if !@region.nil?
+            Aws.config.update({
+                region: @region,
+            })
+        end
+    end
+
+    def get_session_creds
+        sts = Aws::STS::Client.new
+        return sts.assume_role({
+            role_arn: @role,
+            role_session_name: @session_name,
+            duration_seconds: @duration
+        })
+    end
+
+    def get
+        configure_aws_client()
+        resp = get_session_creds()
+
+        if resp.nil? or resp.credentials.nil? or resp.credentials.access_key_id.nil? or resp.credentials.secret_access_key.nil? or resp.credentials.session_token.nil?
+            raise RuntimeError.new("Unexpected response from call to AWS STS, did not have expected fields, response: #{resp.inspect}")
+        end
+
+        puts resp.assumed_role_user.arn if @output_arn
+
+        str = "[default]\naws_access_key_id = #{resp.credentials.access_key_id}\naws_secret_access_key = #{resp.credentials.secret_access_key}\naws_session_token = #{resp.credentials.session_token}\n"
+        begin
+            file = File.open(@creds_file, "w")
+            file.write(str)
+        rescue IOError => e
+            raise RuntimeError.new("Unable to write to file " + @creds_file + ". Error: #{e}")
+        ensure
+            file.close unless file.nil?
+        end
+    end
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: aws-codedeploy-session-helper
+version: !ruby/object:Gem::Version
+  version: 0.9.1
+platform: ruby
+authors:
+- Ryan Gorup
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-12-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+description: See readme of the code on GitHub, https://github.com/awslabs/aws-codedeploy-samples/tree/master/utilities/aws-codedeploy-session-helper
+email: gorup@amazon.com
+executables:
+- get_sts_creds
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/get_sts_creds
+- lib/STSCredentialsProvider.rb
+homepage: https://github.com/awslabs/aws-codedeploy-samples/tree/master/utilities/aws-codedeploy-session-helper
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: This tool helps grab AWS STS credentials, useful when using CodeDeploy OnPremises
+  instances with IAM Sessions.
+test_files: []