aws_role_creds 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +39 -8
- data/aws_role_creds.gemspec +1 -1
- data/lib/aws_role_creds.rb +20 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ed47caef3e66af494812e02b3bbe0191769db1c
|
4
|
+
data.tar.gz: 691bf9f04ded159398640b3ad985c031b59464a0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4a66cdac979455064d323ed6ab06ab325c1a85ae2a8ca2b34c3a821c4da551a0bd0d3e3cdacbb3c662f0d9fe8a11da77f18ac7c717a186d406f0fe76b504dcf6
|
7
|
+
data.tar.gz: c6d4a5fc32080429955e1a718e46ba125214cac04757b12b22b09cddb984c73ed0a1bd884a88d21bb0ed2248a3ca2120c34745a89f039a028c7b50048b9be884
|
data/README.md
CHANGED
@@ -1,8 +1,12 @@
|
|
1
1
|
# AwsRoleCreds
|
2
2
|
|
3
|
-
Have several AWS accounts that you access through delegation? Want a id/key
|
3
|
+
Have several AWS accounts that you access through delegation? Want a id/key
|
4
|
+
combo for each one? Need to use MFA? But want to use the cli?
|
4
5
|
|
5
|
-
It can get frustrating managing so many accounts. If you have one (or even more)
|
6
|
+
It can get frustrating managing so many accounts. If you have one (or even more)
|
7
|
+
'master' account that you assume roles in other accounts then this script will
|
8
|
+
handle generating profiles and temporary session credentials, and keeping your
|
9
|
+
MFA logins to a minimum.
|
6
10
|
|
7
11
|
## Installation
|
8
12
|
|
@@ -12,7 +16,8 @@ Install with
|
|
12
16
|
|
13
17
|
## Usage
|
14
18
|
|
15
|
-
Create a YAML file to manage your profiles, and MFA device, at
|
19
|
+
Create a YAML file to manage your profiles, and MFA device, at
|
20
|
+
`~/.aws/config.yaml`
|
16
21
|
|
17
22
|
```
|
18
23
|
---
|
@@ -27,23 +32,49 @@ profiles:
|
|
27
32
|
role_arn:
|
28
33
|
region: (optional)
|
29
34
|
default: default profile to use
|
35
|
+
|
36
|
+
exists:
|
37
|
+
- name:
|
38
|
+
id:
|
39
|
+
key:
|
40
|
+
mfa_serial: (optional)
|
41
|
+
region: (optional)
|
42
|
+
role_arn: (optional)
|
43
|
+
source_profile: (optional)
|
44
|
+
external_id: (optional)
|
45
|
+
role_session_name: (optional)
|
30
46
|
```
|
31
47
|
|
32
|
-
Run `aws_role_creds` and it will get credentials for your default accounts. It
|
48
|
+
Run `aws_role_creds` and it will get credentials for your default accounts. It
|
49
|
+
will then use these credentials to Assume Roles and get credentials for each of
|
50
|
+
your profiles.
|
51
|
+
|
52
|
+
Default accounts get creds lasting 24 hours, and assumed role profiles can last
|
53
|
+
an hour. If your credentials expire, run the script again and it will refresh
|
54
|
+
them. It will ask for you MFA if its required, i.e. your session
|
55
|
+
credentials have expired.
|
33
56
|
|
34
|
-
|
57
|
+
Any `exists` items are added to the credentials and config file as is, no role
|
58
|
+
stuff will happen to them. These correspond to the names
|
59
|
+
[here](https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles).
|
35
60
|
|
36
61
|
## Development
|
37
62
|
|
38
63
|
After checking out the repo, run `bin/setup` to install dependencies.
|
39
64
|
|
40
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To
|
65
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To
|
66
|
+
release a new version, update the version number in `version.rb`, and then run
|
67
|
+
`bundle exec rake release`, which will create a git tag for the version, push
|
68
|
+
git commits and tags, and push the `.gem` file to
|
69
|
+
[rubygems.org](https://rubygems.org).
|
41
70
|
|
42
71
|
## Contributing
|
43
72
|
|
44
|
-
Bug reports and pull requests are welcome on GitHub at
|
73
|
+
Bug reports and pull requests are welcome on GitHub at
|
74
|
+
https://github.com/MrPrimate/aws_role_creds.
|
45
75
|
|
46
76
|
|
47
77
|
## License
|
48
78
|
|
49
|
-
The gem is available as open source under the terms of the [MIT
|
79
|
+
The gem is available as open source under the terms of the [MIT
|
80
|
+
License](http://opensource.org/licenses/MIT).
|
data/aws_role_creds.gemspec
CHANGED
data/lib/aws_role_creds.rb
CHANGED
@@ -177,6 +177,26 @@ class AwsRoleCreds
|
|
177
177
|
credentials["#{k}"] = profile
|
178
178
|
end
|
179
179
|
|
180
|
+
exist_optional_configs = [
|
181
|
+
'region',
|
182
|
+
'mfa_serial',
|
183
|
+
'role_arn',
|
184
|
+
'source_profile',
|
185
|
+
'external_id',
|
186
|
+
'role_session_name',
|
187
|
+
]
|
188
|
+
@config['exists'].each do |p|
|
189
|
+
profile = {
|
190
|
+
"aws_access_key_id" => "#{p['id']}",
|
191
|
+
"aws_secret_access_key" => "#{p['key']}",
|
192
|
+
}
|
193
|
+
exist_optional_configs.each do |i|
|
194
|
+
profile[i] = p[i] if p.key?(i)
|
195
|
+
end
|
196
|
+
config["profile #{p['name']}"] = profile
|
197
|
+
credentials["#{p['name']}"] = profile
|
198
|
+
end
|
199
|
+
|
180
200
|
# save file
|
181
201
|
config.write()
|
182
202
|
@log.debug "#{config_out_file} updated"
|