aws-annoying 0.1.0__tar.gz → 0.2.1__tar.gz

aws_annoying-0.2.1/.devcontainer/.env.example

@@ -0,0 +1,4 @@
+# https://docs.docker.com/compose/how-tos/environment-variables/envvars/
+COMPOSE_PROFILES=localstack
+
+# See Docker Compose files for supported environment variables & profiles.

aws_annoying-0.2.1/.devcontainer/Dockerfile

@@ -0,0 +1,3 @@
+FROM mcr.microsoft.com/devcontainers/python:1-3.9-bookworm
+
+RUN pipx install uv

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/.devcontainer/devcontainer.json

@@ -1,8 +1,14 @@
 {
   "name": "lasuillard/aws-annoying",
-  "image": "mcr.microsoft.com/devcontainers/python:1-3.9-bookworm",
+  "dockerComposeFile": [
+    "./docker-compose.devcontainer.yaml"
+  ],
+  "service": "workspace",
+  "overrideCommand": true,
+  "workspaceFolder": "/workspaces/aws-annoying",
   "features": {
     "ghcr.io/devcontainers-contrib/features/pre-commit:2": {},
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     "ghcr.io/devcontainers/features/aws-cli:1": {},
     "ghcr.io/lasuillard/devcontainer-features/aws-ssm-session-manager-plugin:0.1": {}
   },

aws_annoying-0.2.1/.devcontainer/docker-compose.devcontainer.yaml

@@ -0,0 +1,30 @@
+services:
+  workspace:
+    build:
+      context: .
+    volumes:
+      - ..:/workspaces/aws-annoying
+      - op:/home/vscode/.config/op
+      - aws:/home/vscode/.aws
+      - cache:/home/vscode/.cache:delegated
+    environment:
+      AWS_ENDPOINT_URL: http://localstack:4566
+    healthcheck:
+      disable: true
+
+  localstack:
+    image: localstack/localstack:4
+    profiles:
+      - localstack
+    ports:
+      - ${LOCALSTACK_GATEWAY_HOST:-127.0.0.1}:${LOCALSTACK_GATEWAY_PORT:-4566}:4566
+      - ${LOCALSTACK_EXTERNAL_SERVICES_HOST:-127.0.0.1}:${LOCALSTACK_EXTERNAL_SERVICES_PORT_RANGE:-4510-4559}:4510-4559
+    volumes:
+      - localstack:/var/lib/localstack
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  op:
+  aws:
+  cache:
+  localstack:

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/.devcontainer/onCreateCommand.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-pipx install uv
+make install

aws_annoying-0.2.1/.devcontainer/postAttachCommand.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# Shortcuts for development
+echo 'alias aa="uv run aws-annoying"' >> ~/.bashrc
+
+sudo chown --recursive "$(id --user):$(id --group)" ~
+sudo chmod --recursive 600 ~/.config/op ~/.aws
+sudo chmod --recursive u=rwX,g=,o= ~/.config/op ~/.aws

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/.pre-commit-config.yaml

@@ -1,5 +1,6 @@
 default_stages: [pre-commit]
 fail_fast: true
+exclude: tests/.*/?snapshots/.*
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
@@ -19,6 +20,8 @@ repos:
           - utils/debugger.py
           - --extend-exclude
           - main.py
+          - --extend-exclude
+          - "**/_*.py"
       - id: test-matching-source
         args:
           - --target
@@ -57,4 +60,4 @@ repos:
         language: system
         types: [python]
         pass_filenames: false
-        entry: uv run pytest
+        entry: uv run pytest -m unit

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/.vscode/settings.json

@@ -7,7 +7,10 @@
     "editor.formatOnSave": true
   },
   "autoDocstring.docstringFormat": "google-notypes",
-  "cSpell.words": [],
+  "cSpell.words": [
+    "localstack",
+    "Tampermonkey"
+  ],
   "editor.formatOnSave": true,
   "files.eol": "\n",
   "files.exclude": {
@@ -26,6 +29,7 @@
   "python.testing.pytestArgs": [
     "--no-cov", // https://code.visualstudio.com/docs/python/testing#_pytest-configuration-settings
     "-vv",
+    "--snapshot-update"
   ],
   "python.testing.pytestEnabled": true,
   "python.testing.unittestEnabled": false,

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/Makefile

@@ -46,7 +46,7 @@ lint:  ## Run all linters
 .PHONY: lint
 
 test:  ## Run tests
-	uv run pytest
+	uv run pytest --snapshot-update
 .PHONY: test
 
 build:  ## Build application

aws_annoying-0.2.1/PKG-INFO

@@ -0,0 +1,38 @@
+Metadata-Version: 2.4
+Name: aws-annoying
+Version: 0.2.1
+Summary: Utils to handle some annoying AWS tasks.
+Project-URL: Homepage, https://github.com/lasuillard/aws-annoying
+Project-URL: Repository, https://github.com/lasuillard/aws-annoying.git
+Project-URL: Issues, https://github.com/lasuillard/aws-annoying/issues
+Author-email: Yuchan Lee <lasuillard@gmail.com>
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: <4.0,>=3.9
+Requires-Dist: boto3>=1.37.1
+Requires-Dist: pydantic>=2.10.6
+Requires-Dist: typer>=0.15.1
+Provides-Extra: dev
+Requires-Dist: boto3-stubs[ecs,secretsmanager,ssm,sts]>=1.37.1; extra == 'dev'
+Requires-Dist: mypy~=1.15.0; extra == 'dev'
+Requires-Dist: ruff<0.12.0,>=0.9.9; extra == 'dev'
+Provides-Extra: test
+Requires-Dist: coverage<7.9,>=7.6; extra == 'test'
+Requires-Dist: moto[ecs,secretsmanager,server,ssm]~=5.1.1; extra == 'test'
+Requires-Dist: pytest-cov~=6.0.0; extra == 'test'
+Requires-Dist: pytest-env~=1.1.1; extra == 'test'
+Requires-Dist: pytest-snapshot>=0.9.0; extra == 'test'
+Requires-Dist: pytest-sugar~=1.0.0; extra == 'test'
+Requires-Dist: pytest-xdist>=3.6.1; extra == 'test'
+Requires-Dist: pytest~=8.3.2; extra == 'test'
+Requires-Dist: testcontainers[localstack]>=4.9.2; extra == 'test'
+Description-Content-Type: text/markdown
+
+# aws-annoying
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![CI](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml/badge.svg)](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml)
+[![codecov](https://codecov.io/gh/lasuillard/aws-annoying/graph/badge.svg?token=gbcHMVVz2k)](https://codecov.io/gh/lasuillard/aws-annoying)
+![PyPI - Version](https://img.shields.io/pypi/v/aws-annoying)
+
+Utils to handle some annoying AWS tasks.

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/README.md

@@ -3,6 +3,6 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![CI](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml/badge.svg)](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml)
 [![codecov](https://codecov.io/gh/lasuillard/aws-annoying/graph/badge.svg?token=gbcHMVVz2k)](https://codecov.io/gh/lasuillard/aws-annoying)
-![GitHub Release](https://img.shields.io/github/v/release/lasuillard/aws-annoying)
+![PyPI - Version](https://img.shields.io/pypi/v/aws-annoying)
 
 Utils to handle some annoying AWS tasks.

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/aws_annoying/app.py

@@ -6,4 +6,5 @@ app = typer.Typer(
     pretty_exceptions_short=True,
     pretty_exceptions_show_locals=False,
     rich_markup_mode="rich",
+    no_args_is_help=True,
 )

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/aws_annoying/ecs_task_definition_lifecycle.py

@@ -28,6 +28,9 @@ def ecs_task_definition_lifecycle(
     ),
 ) -> None:
     """Execute ECS task definition lifecycle."""
+    if dry_run:
+        print("⚠️ Dry run mode enabled. Will not perform any actual changes.")
+
     ecs = boto3.client("ecs")
 
     # Get all task definitions for the family

aws_annoying-0.2.1/aws_annoying/load_variables.py

@@ -0,0 +1,254 @@
+# flake8: noqa: B008
+from __future__ import annotations
+
+import json
+import os
+import subprocess
+from typing import Any, NoReturn, Optional
+
+import boto3
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from .app import app
+
+
+@app.command(
+    context_settings={
+        # Allow extra arguments for user provided command
+        "allow_extra_args": True,
+        "ignore_unknown_options": True,
+    },
+)
+def load_variables(  # noqa: PLR0913
+    *,
+    ctx: typer.Context,
+    arns: list[str] = typer.Option(
+        [],
+        metavar="ARN",
+        help=(
+            "ARNs of the secret or parameter to load."
+            " The variables are loaded in the order of the ARNs,"
+            " overwriting the variables with the same name in the order of the ARNs."
+        ),
+    ),
+    env_prefix: Optional[str] = typer.Option(
+        None,
+        help="Prefix of the environment variables to load the ARNs from.",
+        show_default=False,
+    ),
+    overwrite_env: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Overwrite the existing environment variables with the same name.",
+    ),
+    quiet: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Suppress all outputs from this command.",
+    ),
+    dry_run: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Print the progress only. Neither load variables nor run the command.",
+    ),
+    replace: bool = typer.Option(
+        True,  # noqa: FBT003
+        help=(
+            "Replace the current process (`os.execvpe`) with the command."
+            " If disabled, run the command as a `subprocess`."
+        ),
+    ),
+) -> NoReturn:
+    """Wrapper command to run command with variables from AWS resources injected as environment variables.
+
+    This script is intended to be used in the ECS environment, where currently AWS does not support
+    injecting whole JSON dictionary of secrets or parameters as environment variables directly.
+
+    It first loads the variables from the AWS sources then runs the command with the variables injected as environment variables.
+
+    In addition to `--arns` option, you can provide ARNs as the environment variables by providing `--env-prefix`.
+    For example, if you have the following environment variables:
+
+    ```shell
+    export LOAD_AWS_CONFIG__001_app_config=arn:aws:secretsmanager:...
+    export LOAD_AWS_CONFIG__002_db_config=arn:aws:ssm:...
+    ```
+
+    You can run the following command:
+
+    ```shell
+    aws-annoying load-variables --env-prefix LOAD_AWS_CONFIG__ -- ...
+    ```
+
+    The variables are loaded in the order of option provided, overwriting the variables with the same name in the order of the ARNs.
+    Existing environment variables are preserved by default, unless `--overwrite-env` is provided.
+    """  # noqa: E501
+    console = Console(quiet=quiet, emoji=False)
+
+    command = ctx.args
+    if not command:
+        console.print("⚠️ No command provided. Exiting...")
+        raise typer.Exit(0)
+
+    # Mapping of the ARNs by index (index used for ordering)
+    map_arns_by_index = {str(idx): arn for idx, arn in enumerate(arns)}
+    if env_prefix:
+        console.print(f"🔍 Loading ARNs from environment variables with prefix: {env_prefix!r}")
+        arns_env = {
+            key.removeprefix(env_prefix): value for key, value in os.environ.items() if key.startswith(env_prefix)
+        }
+        console.print(f"🔍 Found {len(arns_env)} sources from environment variables.")
+        map_arns_by_index = arns_env | map_arns_by_index
+
+    # Briefly show the ARNs
+    table = Table("Index", "ARN")
+    for idx, arn in sorted(map_arns_by_index.items()):
+        table.add_row(idx, arn)
+
+    console.print(table)
+
+    # Retrieve the variables
+    loader = VariableLoader(dry_run=dry_run, console=console)
+    try:
+        variables = loader.load(map_arns_by_index)
+    except Exception as exc:  # noqa: BLE001
+        console.print(f"❌ Failed to load the variables: {exc!s}")
+        raise typer.Exit(1) from None
+
+    # Prepare the environment variables
+    env = os.environ.copy()
+    if overwrite_env:
+        env.update(variables)
+    else:
+        # Update variables, preserving the existing ones
+        for key, value in variables.items():
+            env.setdefault(key, str(value))
+
+    # Run the command with the variables injected as environment variables, replacing current process
+    console.print(f"🚀 Running the command: [bold orchid]{' '.join(command)}[/bold orchid]")
+    if replace:  # pragma: no cover (not coverable)
+        os.execvpe(command[0], command, env=env)  # noqa: S606
+        # The above line should never return
+
+    result = subprocess.run(command, env=env, check=False)  # noqa: S603
+    raise typer.Exit(result.returncode)
+
+
+# Type aliases for readability
+_ARN = str
+_Variables = dict[str, Any]
+
+
+class VariableLoader:  # noqa: D101
+    def __init__(self, *, console: Console | None = None, dry_run: bool) -> None:
+        """Initialize the VariableLoader.
+
+        Args:
+            dry_run: Whether to run in dry-run mode.
+            console: Rich console instance.
+        """
+        self.console = console or Console(quiet=True)
+        self.dry_run = dry_run
+
+    # TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
+    #                   ; consider adding it if needed
+    def load(self, map_arns: dict[str, _ARN]) -> dict[str, Any]:
+        """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
+
+        Each secret or parameter should be a valid dictionary, where the keys are the variable names
+        and the values are the variable values.
+
+        The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
+        in the order of the keys.
+        """
+        self.console.print("🔍 Retrieving variables from AWS resources...")
+        if self.dry_run:
+            self.console.print("⚠️ Dry run mode enabled. Variables won't be loaded from AWS.")
+
+        # Split the ARNs by resource types
+        secrets_map, parameters_map = {}, {}
+        for idx, arn in map_arns.items():
+            if arn.startswith("arn:aws:secretsmanager:"):
+                secrets_map[idx] = arn
+            elif arn.startswith("arn:aws:ssm:"):
+                parameters_map[idx] = arn
+            else:
+                msg = f"Unsupported resource: {arn!r}"
+                raise ValueError(msg)
+
+        # Retrieve variables from AWS resources
+        secrets: dict[str, _Variables]
+        parameters: dict[str, _Variables]
+        if self.dry_run:
+            secrets = {idx: {} for idx, _ in secrets_map.items()}
+            parameters = {idx: {} for idx, _ in parameters_map.items()}
+        else:
+            secrets = self._retrieve_secrets(secrets_map)
+            parameters = self._retrieve_parameters(parameters_map)
+
+        self.console.print(f"✅ Retrieved {len(secrets)} secrets and {len(parameters)} parameters.")
+
+        # Merge the variables in order
+        full_variables = secrets | parameters  # Keys MUST NOT conflict
+        merged_in_order = {}
+        for _, variables in sorted(full_variables.items()):
+            merged_in_order.update(variables)
+
+        return merged_in_order
+
+    def _retrieve_secrets(self, secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the secrets from AWS Secrets Manager."""
+        if not secrets_map:
+            return {}
+
+        secretsmanager = boto3.client("secretsmanager")
+
+        # Retrieve the secrets
+        arns = list(secrets_map.values())
+        response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
+        if errors := response["Errors"]:
+            msg = f"Failed to retrieve secrets: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the secrets
+        secrets = response["SecretValues"]
+        result = {}
+        for secret in secrets:
+            arn = secret["ARN"]
+            order_key = next(key for key, value in secrets_map.items() if value == arn)
+            data = json.loads(secret["SecretString"])
+            if not isinstance(data, dict):
+                msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result
+
+    def _retrieve_parameters(self, parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the parameters from AWS SSM Parameter Store."""
+        if not parameters_map:
+            return {}
+
+        ssm = boto3.client("ssm")
+
+        # Retrieve the parameters
+        parameter_names = list(parameters_map.values())
+        response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
+        if errors := response["InvalidParameters"]:
+            msg = f"Failed to retrieve parameters: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the parameters
+        parameters = response["Parameters"]
+        result = {}
+        for parameter in parameters:
+            arn = parameter["ARN"]
+            order_key = next(key for key, value in parameters_map.items() if value == arn)
+            data = json.loads(parameter["Value"])
+            if not isinstance(data, dict):
+                msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result

{aws_annoying-0.1.0 → aws_annoying-0.2.1}/aws_annoying/main.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 
 import aws_annoying.ecs_task_definition_lifecycle
 import aws_annoying.load_variables
+import aws_annoying.mfa
 from aws_annoying.utils.debugger import input_as_args
 
 # App with all commands registered

aws_annoying-0.2.1/aws_annoying/mfa/__init__.py

@@ -0,0 +1,3 @@
+from . import configure
+
+__all__ = ("configure",)

aws_annoying-0.2.1/aws_annoying/mfa/_app.py

@@ -0,0 +1,9 @@
+import typer
+
+from aws_annoying.app import app
+
+mfa_app = typer.Typer(
+    no_args_is_help=True,
+    help="Commands to manage MFA authentication.",
+)
+app.add_typer(mfa_app, name="mfa")

aws_annoying-0.2.1/aws_annoying/mfa/configure.py

@@ -0,0 +1,157 @@
+from __future__ import annotations
+
+import configparser
+from pathlib import Path  # noqa: TC003
+from typing import Optional
+
+import boto3
+import typer
+from pydantic import BaseModel, ConfigDict
+from rich import print  # noqa: A004
+from rich.prompt import Prompt
+
+from ._app import mfa_app
+
+_CONFIG_INI_SECTION = "aws-annoying:mfa"
+
+
+@mfa_app.command()
+def configure(  # noqa: PLR0913
+    *,
+    mfa_profile: Optional[str] = typer.Option(
+        None,
+        help="The MFA profile to configure.",
+    ),
+    mfa_source_profile: Optional[str] = typer.Option(
+        None,
+        help="The AWS profile to use to retrieve MFA credentials.",
+    ),
+    mfa_serial_number: Optional[str] = typer.Option(
+        None,
+        help="The MFA device serial number. It is required if not persisted in configuration.",
+        show_default=False,
+    ),
+    mfa_token_code: Optional[str] = typer.Option(
+        None,
+        help="The MFA token code.",
+        show_default=False,
+    ),
+    aws_credentials: Path = typer.Option(  # noqa: B008
+        "~/.aws/credentials",
+        help="The path to the AWS credentials file.",
+    ),
+    aws_config: Path = typer.Option(  # noqa: B008
+        "~/.aws/config",
+        help="The path to the AWS config file. Used to persist the MFA configuration.",
+    ),
+    persist: bool = typer.Option(
+        True,  # noqa: FBT003
+        help="Persist the MFA configuration.",
+    ),
+) -> None:
+    """Configure AWS profile for MFA."""
+    # Expand user home directory
+    aws_credentials = aws_credentials.expanduser()
+    aws_config = aws_config.expanduser()
+
+    # Load configuration
+    mfa_config, exists = _MfaConfig.from_ini_file(aws_config, _CONFIG_INI_SECTION)
+    if exists:
+        print(f"⚙️ Loaded MFA configuration from AWS config ({aws_config}).")
+
+    mfa_profile = (
+        mfa_profile
+        or mfa_config.mfa_profile
+        # _
+        or Prompt.ask("👤 Enter name of MFA profile to configure", default="mfa")
+    )
+    mfa_source_profile = (
+        mfa_source_profile
+        or mfa_config.mfa_source_profile
+        or Prompt.ask("👤 Enter AWS profile to use to retrieve MFA credentials", default="default")
+    )
+    mfa_serial_number = (
+        mfa_serial_number
+        or mfa_config.mfa_serial_number
+        # _
+        or Prompt.ask("🔒 Enter MFA serial number")
+    )
+    mfa_token_code = (
+        mfa_token_code
+        # _
+        or Prompt.ask("🔑 Enter MFA token code")
+    )
+
+    # Get credentials
+    print(f"💬 Retrieving MFA credentials using profile [bold]{mfa_source_profile}[/bold]")
+    session = boto3.session.Session(profile_name=mfa_source_profile)
+    sts = session.client("sts")
+    response = sts.get_session_token(
+        SerialNumber=mfa_serial_number,
+        TokenCode=mfa_token_code,
+    )
+    credentials = response["Credentials"]
+
+    # Update MFA profile in AWS credentials
+    print(f"✅ Updating MFA profile ([bold]{mfa_profile}[/bold]) to AWS credentials ({aws_credentials})")
+    _update_credentials(
+        aws_credentials,
+        mfa_profile,  # type: ignore[arg-type]
+        access_key=credentials["AccessKeyId"],
+        secret_key=credentials["SecretAccessKey"],
+        session_token=credentials["SessionToken"],
+    )
+
+    # Persist MFA configuration
+    if persist:
+        print(
+            f"✅ Persisting MFA configuration in AWS config ({aws_config}),"
+            f" in [bold]{_CONFIG_INI_SECTION}[/bold] section.",
+        )
+        mfa_config.mfa_profile = mfa_profile
+        mfa_config.mfa_source_profile = mfa_source_profile
+        mfa_config.mfa_serial_number = mfa_serial_number
+        mfa_config.save_ini_file(aws_config, _CONFIG_INI_SECTION)
+    else:
+        print("⚠️ MFA configuration not persisted.")
+
+
+class _MfaConfig(BaseModel):
+    model_config = ConfigDict(extra="ignore")
+
+    mfa_profile: Optional[str] = None
+    mfa_source_profile: Optional[str] = None
+    mfa_serial_number: Optional[str] = None
+
+    def save_ini_file(self, path: Path, section_key: str) -> None:
+        """Save configuration to an AWS config file."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        config_ini.setdefault(section_key, {})
+        for k, v in self.model_dump(exclude_none=True).items():
+            config_ini[section_key][k] = v
+
+        with path.open("w") as f:
+            config_ini.write(f)
+
+    @classmethod
+    def from_ini_file(cls, path: Path, section_key: str) -> tuple[_MfaConfig, bool]:
+        """Load configuration from an AWS config file, with boolean indicating if the config already exists."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        if config_ini.has_section(section_key):
+            section = dict(config_ini.items(section_key))
+            return cls.model_validate(section), True
+
+        return cls(), False
+
+
+def _update_credentials(path: Path, profile: str, *, access_key: str, secret_key: str, session_token: str) -> None:
+    credentials_ini = configparser.ConfigParser()
+    credentials_ini.read(path)
+    credentials_ini.setdefault(profile, {})
+    credentials_ini[profile]["aws_access_key_id"] = access_key
+    credentials_ini[profile]["aws_secret_access_key"] = secret_key
+    credentials_ini[profile]["aws_session_token"] = session_token
+    with path.open("w") as f:
+        credentials_ini.write(f)

aws_annoying-0.2.1/console/ecs-exec/README.md

@@ -0,0 +1,15 @@
+# ECS Exec
+
+This [Tampermonkey](https://www.tampermonkey.net/) user script adds a shortcut to the Session Manager.
+
+Currently, AWS does not support accessing containers from the web console like EC2. However, you can access a container via the Session Manager:
+
+![Session Manager](session-manager.png)
+
+Because the `aws ssm start-session` command's `--target` parameter [can also take a value in the format `ecs:<cluster-name>_<task-id>_<container-runtime-id>`](https://stackoverflow.com/a/67641633), we can use it to access containers from the web.
+
+This script attaches a link to the Session Manager in the **Container name** column.
+
+![ECS Console](ecs-console.png)
+
+To access the container, ECS Exec should be configured. If it is not configured, please refer to [the official documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html).