aws-mfa-secure 0.3.5 → 0.3.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +10 -1
- data/aws-mfa-secure.gemspec +1 -0
- data/lib/aws_mfa_secure/base.rb +9 -10
- data/lib/aws_mfa_secure/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a728b3bca2a3ecf8c4566c122eeb29e98e8f2e54ce6bd515c601a0cd070933a
|
|
4
|
+
data.tar.gz: '00894d69954b1abba894fe5cbfbd71c360d33f87a3805413379634724e3da3cd'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfee9f00cb2b17c5123d6c57eaf5b078fff8b579b137900f27e9d8457bb22a8a737bbf2e597bbcefb845b986994f5678c2836ca3137c7fa11b82323feb9e9309
|
|
7
|
+
data.tar.gz: aa7ce5e4a34d622f877f16dba24687dc1d883c5b4f22db715528334df55e76fbb2dd1e0c82677ecbff98c72077097cd98a91555caac4f02ff2d4feef330516d1
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.3.6]
|
|
7
|
+
- #1 speed up iam_mfa? detection with AWSConfig parser
|
|
8
|
+
|
|
6
9
|
## [0.3.5]
|
|
7
10
|
- prompt for mfa when using AWS_* env and `AWS_MFA_SERIAL`
|
|
8
11
|
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# AWS MFA Secure
|
|
2
2
|
|
|
3
|
+
[](https://www.youtube.com/watch?v=cYqKeMUS9pc)
|
|
4
|
+
|
|
3
5
|
[](http://badge.fury.io/rb/aws-mfa-secure)
|
|
4
6
|
|
|
5
7
|
Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) does not yet support MFA for normal IAM users. See: [boto/botocore/pull/1399](https://github.com/boto/botocore/pull/1399) The aws-mfa-secure tool decorates the AWS CLI or API to handle MFA authentication. The MFA prompt only activates if `mfa_serial` is configured.
|
|
@@ -11,7 +13,7 @@ Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) d
|
|
|
11
13
|
Prerequisite: The [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/) is required. You can install the AWS CLI via pip.
|
|
12
14
|
|
|
13
15
|
pip install awscli --upgrade --user
|
|
14
|
-
|
|
16
|
+
|
|
15
17
|
## Usage
|
|
16
18
|
|
|
17
19
|
**Summary**:
|
|
@@ -113,6 +115,13 @@ You can also set the MFA info with env variables. They take the highest preceden
|
|
|
113
115
|
|
|
114
116
|
Docs: [How It Works](docs/how-it-works.md)
|
|
115
117
|
|
|
118
|
+
## Linux Support
|
|
119
|
+
|
|
120
|
+
This tool only supports Linux. For Windows, you'll have to set the `AWS_*` env variables manually. Refer to these resources:
|
|
121
|
+
|
|
122
|
+
* [Switching to an IAM Role (Tools for Windows PowerShell)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-twp.html)
|
|
123
|
+
* [How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?](https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/)
|
|
124
|
+
|
|
116
125
|
## Related
|
|
117
126
|
|
|
118
127
|
You may also be interested in [tongueroo/aws-rotate](https://github.com/tongueroo/aws-rotate). It's an easy way to rotate all your AWS keys in your `~/.aws/credentials`.
|
data/aws-mfa-secure.gemspec
CHANGED
data/lib/aws_mfa_secure/base.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require "aws-sdk-core"
|
|
2
|
+
require "aws_config"
|
|
2
3
|
require "json"
|
|
3
4
|
require "memoist"
|
|
4
5
|
require "time"
|
|
@@ -17,9 +18,9 @@ module AwsMfaSecure
|
|
|
17
18
|
# The iam_mfa? check will only return true for the case when mfa_serial is set and access keys are used.
|
|
18
19
|
# This is because for assume role cases, the current aws cli tool supports mfa_serial already.
|
|
19
20
|
# Sending session AWS based access keys intefere with the current aws cli assume role mfa_serial support
|
|
20
|
-
aws_access_key_id =
|
|
21
|
-
aws_secret_access_key =
|
|
22
|
-
source_profile =
|
|
21
|
+
aws_access_key_id = aws_config(:aws_access_key_id)
|
|
22
|
+
aws_secret_access_key = aws_config(:aws_secret_access_key)
|
|
23
|
+
source_profile = aws_config(:source_profile)
|
|
23
24
|
|
|
24
25
|
aws_access_key_id && aws_secret_access_key && !source_profile
|
|
25
26
|
end
|
|
@@ -117,7 +118,7 @@ module AwsMfaSecure
|
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
def mfa_serial
|
|
120
|
-
ENV['AWS_MFA_SERIAL'] ||
|
|
121
|
+
ENV['AWS_MFA_SERIAL'] || aws_config(:mfa_serial)
|
|
121
122
|
end
|
|
122
123
|
|
|
123
124
|
def sts
|
|
@@ -125,13 +126,11 @@ module AwsMfaSecure
|
|
|
125
126
|
end
|
|
126
127
|
memoize :sts
|
|
127
128
|
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
v = `aws configure get #{prop}`.strip
|
|
132
|
-
v unless v.empty?
|
|
129
|
+
def aws_config(prop)
|
|
130
|
+
v = AWSConfig[aws_profile][prop.to_s]
|
|
131
|
+
v unless v.blank?
|
|
133
132
|
end
|
|
134
|
-
memoize :
|
|
133
|
+
memoize :aws_config
|
|
135
134
|
|
|
136
135
|
def aws_profile
|
|
137
136
|
ENV['AWS_PROFILE'] || 'default'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-mfa-secure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: aws_config
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: memoist
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|