aws_runas 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9eeec3efe7aee175787d2ac5479086e7fed933ef
-  data.tar.gz: cf85fb2f0b0da64650789774d7b197d46b94a21d
+  metadata.gz: 29d8ce9a9034488a4faa15f5243852d67fb45850
+  data.tar.gz: 177b2295df14d918a2a0105527f6fb0c4057b22a
 SHA512:
-  metadata.gz: 553fb10ff06a4aad52e00e44c5bb97a8dc2c14b23c4d36817162e129789105d8d6e8b4bb076c092e784167a6df343937adad70e3176760d3fb875184ebf8a62f
-  data.tar.gz: 11ec64975cc9e6396d32c2b58e60ec411d94d2c684093a5ada606ef288de810ab5672073c9d5ce361d5e3589ce7aba12977169fef16dff5f54545ca9b92d1675
+  metadata.gz: 051dc45bdd27dc5a6c93d41f0f3e25cfde3767e8d7b0d0774ef8db619d30136644edfd716d974f1ecdb0850be1c8fc2e1b78a214f4bde92918e28d5c9562dcca
+  data.tar.gz: 7508a80014cc4d18de0f7228b7871a519038d8b9a7c83728904abc3d534de9cbc1fc0f1c4355097369766c2a6074778810c2e308b34349902f9a594cb8359d1c

checksums.yaml.gz.sig

@@ -1,4 +1,3 @@
-��
-@
9�e1�xRD�6��o��u�|�t��������a�p��T�$syK�[���t?���O9
-
-R@k�ܾN���?��{x-5M�u�1V��m�N�
+�%��v��b�#�0����k�[pr��ȫ�?U��FM�|��$���V�U���Z9nv1s���,����k%���0}���T&o����,���
+�`�O���&1#n��@�ִ�������܅�#l��_-��z�j�|�g)PCs�I�m�b��	�0,������As�@w�E�ێFS� 
+��H4U�*��`p%��|�Ӈ�d��=�

data/CHANGELOG.md

@@ -1,3 +1,42 @@
+## v0.6.0
+
+### Session Duration Support
+
+This update brings the `--duration` flag, which allows you to control the
+session duration for both session tokens and assumed roles. Note that the
+maximum depends on what kind of user you are using (IAM versus root account),
+whether or not you are assuming a role or not, and the maximum duration set on
+any role that you are assuming. `aws-runas` may silently truncate the maximum if
+you request it too high, although your session will be rejected when assuming a
+role. For more details, see [GetSesionToken][get-session-token] and
+[AssumeRole][assume-role] for more details.
+
+[get-session-token]: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
+[assume-role]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+
+Thanks to the work done in
+[#16](https://github.com/vancluever/aws-runas/pull/16) for this!
+
+### Zsh `PROMPT` Support
+
+Some issues were discovered where the zsh prompt support was not functioning
+correctly when using shell functions. Colors were not rendering properly as
+well. Thanks to the work in
+[#14](https://github.com/vancluever/aws-runas/pull/14) for the fix on this!
+
+### Better Session IDs
+
+`aws-runas` will now expose the IAM user's identity information (account ID/user
+name) and enter it in the session ID, when available. The new format is
+`aws-runas-session_ACCTID_USERNAME_TIMESTAMP` when the user has access to
+[`GetCallerIdentity`][get-caller-identity], and the old
+`aws-runas-session_TIMESTAMP` format when they do not.
+
+Thanks to the work done in
+[#11](https://github.com/vancluever/aws-runas/pull/11) for this!
+
+[get-caller-identity]: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
+
 ## v0.5.0
 
 ### Zsh Support
@@ -27,7 +66,7 @@ The default interactive prompt that you get when you run `aws-runas` with no
 command supplied can now by skipped by adding `--skip-prompt` to the CLI
 arguments. The profile functions mentioned above are still passed in. This
 allows you to leverage their functionality inside your own scripts and custom
-prompts if you want in other ways. 
+prompts if you want in other ways.
 
 ### Additional Variables
 

data/README.md

@@ -74,8 +74,9 @@ shells:
    returns 0 on true and 1 on false, which can be used semantically in shell
    scripts.
  * `aws_session_status_color`, which works off of `aws_session_expired` to
-   render an ANSI numeric color code - red when `aws_session_expired` is `true`,
-   yellow otherwise.
+   render either an ANSI color number (for bash)
+   or a human readable color name (for zsh)
+   - (red or 31) when `aws_session_expired` is `true`, (yellow or 33) otherwise.
 
 #### Skipping the Fancy Prompt
 
@@ -87,7 +88,7 @@ to you however, which you can use in your own scripts.
 Usage
 ------
 
-Install the gem (`gem install aws-runas`), and the command can be run via
+Install the gem (`gem install aws_runas`), and the command can be run via
 `aws-runas` via your regular `$PATH`.
 
 ```
@@ -100,11 +101,12 @@ If COMMAND is omitted, the default shell ($SHELL, /bin/sh, or cmd.exe,
 depending on your system) will launch.
 
 [options] are:
-  -n, --no-role        Get a session token only, do not assume a role
-  -s, --skip-prompt    Do not launch interactive sessions with the fancy prompt
-  -p, --path=<s>       Path to the AWS config file
-  -r, --profile=<s>    The AWS profile to load (default: default)
-  -h, --help           Show this message
+  -n, --no-role         Get a session token only, do not assume a role
+  -s, --skip-prompt     Do not launch interactive sessions with the fancy prompt
+  -p, --path=<s>        Path to the AWS config file
+  -r, --profile=<s>     The AWS profile to load (default: default)
+  -d, --duration=<i>    The duration in seconds for temporary credentials (default: 3600)
+  -h, --help            Show this message
 ```
 
 `--path` is optional, and if omitted will default to the files in the

data/aws_runas.gemspec

@@ -37,7 +37,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = ['>= 2.2.6']
 
-  spec.add_dependency 'aws-sdk', '~> 2.6'
+  spec.add_dependency 'aws-sdk', '~> 2.11'
   spec.add_dependency 'inifile', '~> 3.0'
   spec.add_dependency 'trollop', '~> 2.1'
 

data/certs/vancluever.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
 MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQ8wDQYDVQQDDAZjaHJp
 c20xHjAcBgoJkiaJk/IsZAEZFg52YW5jbHVldmVydGVjaDETMBEGCgmSJomT8ixk
-ARkWA2NvbTAeFw0xNzAzMTYxNjM0MTZaFw0xODAzMTYxNjM0MTZaMEYxDzANBgNV
+ARkWA2NvbTAeFw0xODA0MTcwNTExMDdaFw0yMTA0MTYwNTExMDdaMEYxDzANBgNV
 BAMMBmNocmlzbTEeMBwGCgmSJomT8ixkARkWDnZhbmNsdWV2ZXJ0ZWNoMRMwEQYK
 CZImiZPyLGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
 3i76LgHtAqSINqsk+1joj4bx4Mwk2Dgc5HMSe2MUAUzBxCXMDdlSSSJMBB8ZTXbf
@@ -12,11 +12,11 @@ w3FQeGwDZkvpI6dQxgQKuwNMIZVs39QSu5ltzlrjkFhm4mJKf5Zf1hVjMfKKWJSM
 BDYULea2Iv+fpGU2SkhrSwIDAQABo4GGMIGDMAkGA1UdEwQCMAAwCwYDVR0PBAQD
 AgSwMB0GA1UdDgQWBBRJbzaO73nDGmYlgYL+7tEDhL6+FjAkBgNVHREEHTAbgRlj
 aHJpc21AdmFuY2x1ZXZlcnRlY2guY29tMCQGA1UdEgQdMBuBGWNocmlzbUB2YW5j
-bHVldmVydGVjaC5jb20wDQYJKoZIhvcNAQEFBQADggEBALVY07yDy4um9cYp0ku9
-WMZLWUwsxXsqmhnKcKa552NWhrdnjy/jCdc1fWcsyF60X5FZ4OEIHB2WubTa8/Ty
-fWW/FNQMxAYNUzO8XBZGuE/5m8V3dJL8AlUiuiDLfZoeQAVe6zeaeBWYJenxNBRS
-8oLbWQukwSlOP62gMme5mVXM0NKc/MeO2wQSRJXjYoGdDCfqgaIImPg7ExME6Fw+
-g09hCEeualN7su6OZYCUknxeGDmCvfO5fQlGmTzAVewWgGApG7XUvM0gJXV8ks0+
-80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
-2zQ=
+bHVldmVydGVjaC5jb20wDQYJKoZIhvcNAQEFBQADggEBAHNOOr9CLdo03I/jJ1R0
+lKVglJZFWceZkLzbxyPM/nXHK6Gvzt61d1HEZKCXV3cGrVgQjB5hUjCnp/kI1Ew4
+5VFSgtIzrSoFYyPpGNq6zvowUHWth48cLRXTOPMQlx1vB/YyAAbKY6yRJq5ymi0V
+VYNEyNVO9No8VVCEVuTEe+Xs6L9ia4IaVxhPRwncGjglM5D8yqyU/i8e+P/wTIrL
+HyhqrYDJXlQSVs5Lvkw26PIcesIYxV4BE9dE9/JBgNKNUwqEIacxZnISop1fPTHO
+/CMDeSP9Z1l0CVvcRsZvmOu3NllZcezFyYi78K+tlmRajCeAV4pWXdcJg26w+u7I
+uK4=
 -----END CERTIFICATE-----

data/lib/aws_runas/cli.rb

@@ -40,6 +40,7 @@ module AwsRunAs
         opt :skip_prompt, 'Do not launch interactive sessions with the fancy prompt', type: TrueClass, default: nil
         opt :path, 'Path to the AWS config file', type: String
         opt :profile, 'The AWS profile to load', type: String, default: 'default'
+        opt :duration, 'The duration in seconds for temporary credentials', type: Integer, default: 3600
         stop_on_unknown
       end
     end
@@ -49,7 +50,7 @@ module AwsRunAs
     def start
       opts = load_opts
       mfa_code = read_mfa_if_needed(path: opts[:path], profile: opts[:profile])
-      @main = AwsRunAs::Main.new(path: opts[:path], profile: opts[:profile], mfa_code: mfa_code, no_role: opts[:no_role])
+      @main = AwsRunAs::Main.new(path: opts[:path], profile: opts[:profile], mfa_code: mfa_code, no_role: opts[:no_role], duration_seconds: opts[:duration])
       @main.assume_role
       command = ARGV.shift
       @main.handoff(command: command, argv: ARGV, skip_prompt: opts[:skip_prompt])

data/lib/aws_runas/main.rb

@@ -26,7 +26,7 @@ module AwsRunAs
   # and hands off environment to called process.
   class Main
     # Instantiate the object and set up the path, profile, and populate MFA
-    def initialize(path: nil, profile: default, mfa_code: nil, no_role: nil)
+    def initialize(path: nil, profile: default, mfa_code: nil, no_role: nil, duration_seconds: 3600)
       cfg_path = if path
                    path
                  else
@@ -35,6 +35,7 @@ module AwsRunAs
       @cfg = AwsRunAs::Config.new(path: cfg_path, profile: profile)
       @mfa_code = mfa_code
       @no_role = no_role
+      @duration_seconds = duration_seconds
     end
 
     def sts_client
@@ -46,16 +47,23 @@ module AwsRunAs
       )
     end
 
+    def session_id
+      caller_identity = sts_client.get_caller_identity
+      "aws-runas-session_#{caller_identity.account}_#{caller_identity.arn.split('/')[-1]}_#{Time.now.to_i}"
+    rescue Aws::STS::Errors::AccessDeniedException
+      "aws-runas-session_#{Time.now.to_i}"
+    end
+
     def assume_role
-      session_id = "aws-runas-session_#{Time.now.to_i}"
+      @role_session_name = session_id
       role_arn = @cfg.load_config_value(key: 'role_arn')
       mfa_serial = @cfg.load_config_value(key: 'mfa_serial') unless ENV.include?('AWS_SESSION_TOKEN')
       if @no_role
         raise 'No mfa_serial in selected profile, session will be useless' if mfa_serial.nil?
         @session = sts_client.get_session_token(
-          duration_seconds: 3600,
           serial_number: mfa_serial,
-          token_code: @mfa_code
+          token_code: @mfa_code,
+          duration_seconds: @duration_seconds
         )
       else
         @session = Aws::AssumeRoleCredentials.new(
@@ -63,7 +71,8 @@ module AwsRunAs
           role_arn: role_arn,
           serial_number: mfa_serial,
           token_code: @mfa_code,
-          role_session_name: session_id
+          role_session_name: @role_session_name,
+          duration_seconds: @duration_seconds
         )
       end
     end
@@ -89,6 +98,7 @@ module AwsRunAs
         env['AWS_SESSION_EXPIRATION'] = @session.expiration.to_s
         env['AWS_SESSION_EXPIRATION_UNIX'] = DateTime.parse(@session.expiration.to_s).strftime('%s')
         env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn')
+        env['AWS_ROLE_SESSION_NAME'] = @role_session_name
       end
       env
     end

data/lib/aws_runas/utils.rb

@@ -37,7 +37,7 @@ module AwsRunAs
       rc_file.write("#{rc_data}\n") unless rc_data.nil?
       rc_file.write(IO.read("#{shell_profiles_dir}/sh.profile"))
       unless skip_prompt
-        rc_file.write("PS1=\"\\[\\e[\\$(aws_session_status_color)m\\](#{message})\\[\\e[0m\\] $PS1\"\n")
+        rc_file.write("PS1=\"\\[\\e[\\$(aws_session_status_color \"bash\")m\\](#{message})\\[\\e[0m\\] $PS1\"\n")
       end
       rc_file.close
       system(env, path, '--rcfile', rc_file.path)
@@ -56,8 +56,8 @@ module AwsRunAs
       rc_file.write(IO.read("#{shell_profiles_dir}/sh.profile"))
       unless skip_prompt
         rc_file.write("setopt PROMPT_SUBST\n")
-        rc_file.write("export OLDPROMPT=\"${PROMPT}\"\n")
-        rc_file.write("PROMPT=$'%{\\e[\\%}$(aws_session_status_color)m(#{message})%{\\e[0m%} $OLDPROMPT'\n")
+        rc_file.write("OLDPROMPT=\"$PROMPT\"\n")
+        rc_file.write("PROMPT=\"%F{$(aws_session_status_color \"zsh\")}(#{message})%f $OLDPROMPT\"\n")
       end
       rc_file.close
       env.store('ZDOTDIR', rc_dir)

data/lib/aws_runas/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 
 module AwsRunAs
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'
 end

data/shell_profiles/sh.profile

@@ -10,14 +10,21 @@ aws_session_expired() {
   return 1
 }
 
-# aws_session_status_color returns an ANSI color number for the specific status
+# aws_session_status_color returns either an ANSI color number (for bash)
+# or a human readable color name (for zsh) for the specific status
 # of the session. Note that if session_expired is not correctly functioning,
 # this will always be yellow. Red is shown when it's verified that the session
 # has expired.
 aws_session_status_color() {
   if aws_session_expired; then
-    echo "31"
+    if [[ "$1" == zsh ]]; then
+      echo "red"
+    fi
+      echo "31"
   else
-    echo "33"
+    if [[ "$1" == zsh ]]; then
+      echo "yellow"
+    fi
+      echo "33"
   fi
 }

data/spec/aws_runas/main_spec.rb

@@ -35,12 +35,50 @@ describe AwsRunAs::Main do
     end
   end
 
+  describe '#session_id' do
+    it 'returns a properly formatted AWS session name for assuming roles' do
+      allow_any_instance_of(Aws::STS::Client).to receive(:get_caller_identity) do |obj|
+        obj.stub_data(
+          :get_caller_identity,
+          {
+            account: '123456789012',
+            arn: 'arn:aws:iam::123456789012:user/Alice',
+            user_id: 'AKIAI44QH8DHBEXAMPLE'
+          }
+        )
+      end
+      expect(@main.session_id).to eq("aws-runas-session_123456789012_Alice_#{Time.now.to_i}")
+    end
+
+    it 'returns a basic session ID when caller has no access to get_caller_identity' do
+      allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
+        Aws::STS::Client.new(
+          stub_responses: {
+            get_caller_identity: 'AccessDeniedException'
+          }
+        )
+      )
+      expect(@main.session_id).to eq("aws-runas-session_#{Time.now.to_i}")
+    end
+  end
+
   describe '#assume_role' do
     it 'calls out to Aws::AssumeRoleCredentials.new' do
       expect(Aws::AssumeRoleCredentials).to receive(:new).and_call_original
       @main.assume_role
     end
 
+    it 'calls out to Aws::AssumeRoleCredentials.new with a correct session expiration when not default' do
+      expect(Aws::AssumeRoleCredentials).to receive(:new).with(hash_including(duration_seconds: 43200)).and_call_original
+      @main = AwsRunAs::Main.new(
+        path: MOCK_AWS_CONFIGPATH,
+        profile: 'test-profile',
+        mfa_code: '123456',
+        duration_seconds: 43200
+      )
+      @main.assume_role
+    end
+
     it 'calls out to Aws::STS::Client.get_session_token when no_role is set' do
       expect_any_instance_of(Aws::STS::Client).to receive(:get_session_token).and_call_original
       ENV.delete('AWS_SESSION_TOKEN')
@@ -53,6 +91,23 @@ describe AwsRunAs::Main do
       @main.assume_role
     end
 
+    it 'calls out to Aws::STS::Client.get_session_token correct session expiration when not default' do
+      expect_any_instance_of(Aws::STS::Client).to receive(
+        :get_session_token
+      ).with(
+        hash_including(duration_seconds: 43200)
+      ).and_call_original
+      ENV.delete('AWS_SESSION_TOKEN')
+      @main = AwsRunAs::Main.new(
+        path: MOCK_AWS_CONFIGPATH,
+        profile: 'test-profile',
+        mfa_code: '123456',
+        no_role: true,
+        duration_seconds: 43200
+      )
+      @main.assume_role
+    end
+
     it 'raises exception when no_role is set and there is no mfa_serial' do
       expect do
         ENV.delete('AWS_SESSION_TOKEN')
@@ -80,6 +135,16 @@ describe AwsRunAs::Main do
         allow(File).to receive(:exist?).with(AWS_DEFAULT_CREDENTIALS_PATH).and_return false
         allow(File).to receive(:read).with(AWS_DEFAULT_CFG_PATH).and_return File.read(MOCK_AWS_NO_SOURCE_PATH)
         allow(IniFile).to receive(:load).with(AWS_DEFAULT_CFG_PATH).and_return IniFile.load(MOCK_AWS_NO_SOURCE_PATH)
+        allow_any_instance_of(Aws::STS::Client).to receive(:get_caller_identity) do |obj|
+          obj.stub_data(
+            :get_caller_identity,
+            {
+              account: '123456789012',
+              arn: 'arn:aws:iam::123456789012:user/Alice',
+              user_id: 'AKIAI44QH8DHBEXAMPLE'
+            }
+          )
+        end
         allow(Aws::AssumeRoleCredentials).to receive(:new).and_return(
           Aws::AssumeRoleCredentials.new(
             role_arn: 'roleARN',
@@ -160,6 +225,9 @@ describe AwsRunAs::Main do
       it 'has AWS_DEFAULT_REGION set in env' do
         expect(env['AWS_DEFAULT_REGION']).to eq('us-west-1')
       end
+      it 'has AWS_ROLE_SESSION_NAME set in env' do
+        expect(env['AWS_ROLE_SESSION_NAME']).to eq("aws-runas-session_accountType_arnType_#{Time.now.to_i}")
+      end
     end
 
     context 'with no role assumed' do

data/spec/helpers/utils_spec.rb

@@ -11,10 +11,10 @@ ZSHRC_FILE_CONTENTS = <<EOS.freeze
 bazqux
 EOS
 
-BASHRC_EXPECTED_PROMPT   = "PS1=\"\\[\\e[\\$(aws_session_status_color)m\\](AWS:rspec)\\[\\e[0m\\] $PS1\"\n".freeze
-ZSHRC_EXPECTED_PROMPT    = "PROMPT=$'%{\\e[\\%}$(aws_session_status_color)m(AWS:rspec)%{\\e[0m%} $OLDPROMPT'\n".freeze
+BASHRC_EXPECTED_PROMPT   = "PS1=\"\\[\\e[\\$(aws_session_status_color \"bash\")m\\](AWS:rspec)\\[\\e[0m\\] $PS1\"\n".freeze
+ZSHRC_EXPECTED_PROMPT    = "PROMPT=\"%F{$(aws_session_status_color \"zsh\")}(AWS:rspec)%f $OLDPROMPT\"\n".freeze
 ZSHRC_EXPECTED_SETSUBST  = "setopt PROMPT_SUBST\n".freeze
-ZSHRC_EXPECTED_OLDPROMPT = "export OLDPROMPT=\"${PROMPT}\"\n".freeze
+ZSHRC_EXPECTED_OLDPROMPT = "OLDPROMPT=\"$PROMPT\"\n".freeze
 ZSH_MOCK_TMPDIR          = "#{Dir.tmpdir}/aws_runas_zsh_rspec".freeze
 
 EXPECTED_ENV = {

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_runas
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Chris Marchesi
@@ -12,7 +12,7 @@ cert_chain:
   -----BEGIN CERTIFICATE-----
   MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQ8wDQYDVQQDDAZjaHJp
   c20xHjAcBgoJkiaJk/IsZAEZFg52YW5jbHVldmVydGVjaDETMBEGCgmSJomT8ixk
-  ARkWA2NvbTAeFw0xNzAzMTYxNjM0MTZaFw0xODAzMTYxNjM0MTZaMEYxDzANBgNV
+  ARkWA2NvbTAeFw0xODA0MTcwNTExMDdaFw0yMTA0MTYwNTExMDdaMEYxDzANBgNV
   BAMMBmNocmlzbTEeMBwGCgmSJomT8ixkARkWDnZhbmNsdWV2ZXJ0ZWNoMRMwEQYK
   CZImiZPyLGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
   3i76LgHtAqSINqsk+1joj4bx4Mwk2Dgc5HMSe2MUAUzBxCXMDdlSSSJMBB8ZTXbf
@@ -23,15 +23,15 @@ cert_chain:
   BDYULea2Iv+fpGU2SkhrSwIDAQABo4GGMIGDMAkGA1UdEwQCMAAwCwYDVR0PBAQD
   AgSwMB0GA1UdDgQWBBRJbzaO73nDGmYlgYL+7tEDhL6+FjAkBgNVHREEHTAbgRlj
   aHJpc21AdmFuY2x1ZXZlcnRlY2guY29tMCQGA1UdEgQdMBuBGWNocmlzbUB2YW5j
-  bHVldmVydGVjaC5jb20wDQYJKoZIhvcNAQEFBQADggEBALVY07yDy4um9cYp0ku9
-  WMZLWUwsxXsqmhnKcKa552NWhrdnjy/jCdc1fWcsyF60X5FZ4OEIHB2WubTa8/Ty
-  fWW/FNQMxAYNUzO8XBZGuE/5m8V3dJL8AlUiuiDLfZoeQAVe6zeaeBWYJenxNBRS
-  8oLbWQukwSlOP62gMme5mVXM0NKc/MeO2wQSRJXjYoGdDCfqgaIImPg7ExME6Fw+
-  g09hCEeualN7su6OZYCUknxeGDmCvfO5fQlGmTzAVewWgGApG7XUvM0gJXV8ks0+
-  80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
-  2zQ=
+  bHVldmVydGVjaC5jb20wDQYJKoZIhvcNAQEFBQADggEBAHNOOr9CLdo03I/jJ1R0
+  lKVglJZFWceZkLzbxyPM/nXHK6Gvzt61d1HEZKCXV3cGrVgQjB5hUjCnp/kI1Ew4
+  5VFSgtIzrSoFYyPpGNq6zvowUHWth48cLRXTOPMQlx1vB/YyAAbKY6yRJq5ymi0V
+  VYNEyNVO9No8VVCEVuTEe+Xs6L9ia4IaVxhPRwncGjglM5D8yqyU/i8e+P/wTIrL
+  HyhqrYDJXlQSVs5Lvkw26PIcesIYxV4BE9dE9/JBgNKNUwqEIacxZnISop1fPTHO
+  /CMDeSP9Z1l0CVvcRsZvmOu3NllZcezFyYi78K+tlmRajCeAV4pWXdcJg26w+u7I
+  uK4=
   -----END CERTIFICATE-----
-date: 2017-07-16 00:00:00.000000000 Z
+date: 2018-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -39,14 +39,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.11'
 - !ruby/object:Gem::Dependency
   name: inifile
   requirement: !ruby/object:Gem::Requirement
@@ -188,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.14.1
 signing_key: 
 specification_version: 4
 summary: Run a command or shell under an assumed AWS IAM role