aws-mfa-secure 0.3.5 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +10 -1
- data/aws-mfa-secure.gemspec +1 -0
- data/lib/aws_mfa_secure/base.rb +9 -10
- data/lib/aws_mfa_secure/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a728b3bca2a3ecf8c4566c122eeb29e98e8f2e54ce6bd515c601a0cd070933a
|
|
4
|
+
data.tar.gz: '00894d69954b1abba894fe5cbfbd71c360d33f87a3805413379634724e3da3cd'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfee9f00cb2b17c5123d6c57eaf5b078fff8b579b137900f27e9d8457bb22a8a737bbf2e597bbcefb845b986994f5678c2836ca3137c7fa11b82323feb9e9309
|
|
7
|
+
data.tar.gz: aa7ce5e4a34d622f877f16dba24687dc1d883c5b4f22db715528334df55e76fbb2dd1e0c82677ecbff98c72077097cd98a91555caac4f02ff2d4feef330516d1
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.3.6]
|
|
7
|
+
- #1 speed up iam_mfa? detection with AWSConfig parser
|
|
8
|
+
|
|
6
9
|
## [0.3.5]
|
|
7
10
|
- prompt for mfa when using AWS_* env and `AWS_MFA_SERIAL`
|
|
8
11
|
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# AWS MFA Secure
|
|
2
2
|
|
|
3
|
+
[](https://www.youtube.com/watch?v=cYqKeMUS9pc)
|
|
4
|
+
|
|
3
5
|
[](http://badge.fury.io/rb/aws-mfa-secure)
|
|
4
6
|
|
|
5
7
|
Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) does not yet support MFA for normal IAM users. See: [boto/botocore/pull/1399](https://github.com/boto/botocore/pull/1399) The aws-mfa-secure tool decorates the AWS CLI or API to handle MFA authentication. The MFA prompt only activates if `mfa_serial` is configured.
|
|
@@ -11,7 +13,7 @@ Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) d
|
|
|
11
13
|
Prerequisite: The [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/) is required. You can install the AWS CLI via pip.
|
|
12
14
|
|
|
13
15
|
pip install awscli --upgrade --user
|
|
14
|
-
|
|
16
|
+
|
|
15
17
|
## Usage
|
|
16
18
|
|
|
17
19
|
**Summary**:
|
|
@@ -113,6 +115,13 @@ You can also set the MFA info with env variables. They take the highest preceden
|
|
|
113
115
|
|
|
114
116
|
Docs: [How It Works](docs/how-it-works.md)
|
|
115
117
|
|
|
118
|
+
## Linux Support
|
|
119
|
+
|
|
120
|
+
This tool only supports Linux. For Windows, you'll have to set the `AWS_*` env variables manually. Refer to these resources:
|
|
121
|
+
|
|
122
|
+
* [Switching to an IAM Role (Tools for Windows PowerShell)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-twp.html)
|
|
123
|
+
* [How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?](https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/)
|
|
124
|
+
|
|
116
125
|
## Related
|
|
117
126
|
|
|
118
127
|
You may also be interested in [tongueroo/aws-rotate](https://github.com/tongueroo/aws-rotate). It's an easy way to rotate all your AWS keys in your `~/.aws/credentials`.
|
data/aws-mfa-secure.gemspec
CHANGED
data/lib/aws_mfa_secure/base.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require "aws-sdk-core"
|
|
2
|
+
require "aws_config"
|
|
2
3
|
require "json"
|
|
3
4
|
require "memoist"
|
|
4
5
|
require "time"
|
|
@@ -17,9 +18,9 @@ module AwsMfaSecure
|
|
|
17
18
|
# The iam_mfa? check will only return true for the case when mfa_serial is set and access keys are used.
|
|
18
19
|
# This is because for assume role cases, the current aws cli tool supports mfa_serial already.
|
|
19
20
|
# Sending session AWS based access keys intefere with the current aws cli assume role mfa_serial support
|
|
20
|
-
aws_access_key_id =
|
|
21
|
-
aws_secret_access_key =
|
|
22
|
-
source_profile =
|
|
21
|
+
aws_access_key_id = aws_config(:aws_access_key_id)
|
|
22
|
+
aws_secret_access_key = aws_config(:aws_secret_access_key)
|
|
23
|
+
source_profile = aws_config(:source_profile)
|
|
23
24
|
|
|
24
25
|
aws_access_key_id && aws_secret_access_key && !source_profile
|
|
25
26
|
end
|
|
@@ -117,7 +118,7 @@ module AwsMfaSecure
|
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
def mfa_serial
|
|
120
|
-
ENV['AWS_MFA_SERIAL'] ||
|
|
121
|
+
ENV['AWS_MFA_SERIAL'] || aws_config(:mfa_serial)
|
|
121
122
|
end
|
|
122
123
|
|
|
123
124
|
def sts
|
|
@@ -125,13 +126,11 @@ module AwsMfaSecure
|
|
|
125
126
|
end
|
|
126
127
|
memoize :sts
|
|
127
128
|
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
v = `aws configure get #{prop}`.strip
|
|
132
|
-
v unless v.empty?
|
|
129
|
+
def aws_config(prop)
|
|
130
|
+
v = AWSConfig[aws_profile][prop.to_s]
|
|
131
|
+
v unless v.blank?
|
|
133
132
|
end
|
|
134
|
-
memoize :
|
|
133
|
+
memoize :aws_config
|
|
135
134
|
|
|
136
135
|
def aws_profile
|
|
137
136
|
ENV['AWS_PROFILE'] || 'default'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-mfa-secure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: aws_config
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: memoist
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|