GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → remind101 → Assume Role

remind101 / Assume Role

Licence: bsd-2-clause
Easily assume AWS roles in your terminal.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

aws

Projects that are alternatives of or similar to Assume Role

Pipeline Aws Plugin
Jenkins Pipeline Step Plugin for AWS
Stars: ✭ 389 (-12.98%)
Mutual labels:  aws
Devops Python Tools
80+ DevOps & Data CLI Tools - AWS, GCP, GCF Python Cloud Function, Log Anonymizer, Spark, Hadoop, HBase, Hive, Impala, Linux, Docker, Spark Data Converters & Validators (Avro/Parquet/JSON/CSV/INI/XML/YAML), Travis CI, AWS CloudFormation, Elasticsearch, Solr etc.
Stars: ✭ 406 (-9.17%)
Mutual labels:  aws
Inframap
Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
Stars: ✭ 430 (-3.8%)
Mutual labels:  aws
Bash Lambda Layer
Run Bash scripts in AWS Lambda via Layers
Stars: ✭ 390 (-12.75%)
Mutual labels:  aws
Bastillion Ec2
A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).
Stars: ✭ 410 (-8.28%)
Mutual labels:  aws
Midway
🍔 A Node.js Serverless Framework for front-end/full-stack developers. Build the application for next decade. Works on AWS, Alibaba Cloud, Tencent Cloud and traditional VM/Container. Super easy integrate with React and Vue. 🌈
Stars: ✭ 5,080 (+1036.47%)
Mutual labels:  aws
Terratag
Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (-13.87%)
Mutual labels:  aws
Serverlessui
A command-line utility for deploying serverless applications to AWS. Complete with custom domains, deploy previews, TypeScript support, and more.
Stars: ✭ 434 (-2.91%)
Mutual labels:  aws
Terraforming
Export existing AWS resources to Terraform style (tf, tfstate) / No longer actively maintained
Stars: ✭ 4,232 (+846.76%)
Mutual labels:  aws
Vercel Php
▲ Vercel PHP runtime • vercel-php • now-php • 🐘+ λ = ❤
Stars: ✭ 429 (-4.03%)
Mutual labels:  aws
Howtheyaws
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world use Amazon Web Services (AWS)
Stars: ✭ 389 (-12.98%)
Mutual labels:  aws
External Dns
Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Stars: ✭ 4,749 (+962.42%)
Mutual labels:  aws
Serverless Plugin Aws Alerts
A Serverless Framework plugin that creates CloudWatch alarms for functions.
Stars: ✭ 419 (-6.26%)
Mutual labels:  aws
Punchcard
Type-safe AWS infrastructure.
Stars: ✭ 387 (-13.42%)
Mutual labels:  aws
Terraform Aws Rds
Terraform module which creates RDS resources on AWS
Stars: ✭ 430 (-3.8%)
Mutual labels:  aws
Serverless Rust
⚡ 🦀 a serverless framework plugin for rustlang applications
Stars: ✭ 386 (-13.65%)
Mutual labels:  aws
Awslimitchecker
A script and python package to check your AWS service limits and usage via boto3.
Stars: ✭ 417 (-6.71%)
Mutual labels:  aws
Security monkey
Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Stars: ✭ 4,244 (+849.44%)
Mutual labels:  aws
Docker Curriculum
🐬 A comprehensive tutorial on getting started with Docker!
Stars: ✭ 4,523 (+911.86%)
Mutual labels:  aws
Aws Google Auth
Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
Stars: ✭ 428 (-4.25%)
Mutual labels:  aws
View All Similar Projects ➔

This tool will request and set temporary credentials in your shell environment variables for a given role.

Installation

On OS X, the best way to get it is to use homebrew:

brew install remind101/formulae/assume-role

If you have a working Go 1.6/1.7 environment:

$ go get -u github.com/remind101/assume-role

On Windows with PowerShell, you can use scoop.sh

$ scoop bucket add extras
$ scoop install assume-role

Configuration

Setup a profile for each role you would like to assume in ~/.aws/config.

For example:

~/.aws/config:

[profile usermgt]
region = us-east-1

[profile stage]
# Stage AWS Account.
region = us-east-1
role_arn = arn:aws:iam:🔢role/SuperUser
source_profile = usermgt

[profile prod]
# Production AWS Account.
region = us-east-1
role_arn = arn:aws:iam::9012:role/SuperUser
mfa_serial = arn:aws:iam::5678:mfa/eric-holmes
source_profile = usermgt

~/.aws/credentials:

[usermgt]
aws_access_key_id = AKIMYFAKEEXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/MYxFAKEYEXAMPLEKEY

Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html

In this example, we have three AWS Account profiles:

  • usermgt
  • stage
  • prod

Each member of the org has their own IAM user and access/secret key for the usermgt AWS Account. The keys are stored in the ~/.aws/credentials file.

The stage and prod AWS Accounts have an IAM role named SuperUser. The assume-role tool helps a user authenticate (using their keys) and then assume the privilege of the SuperUser role, even across AWS accounts!

Usage

Perform an action as the given IAM role:

$ assume-role stage aws iam get-user

The assume-role tool sets AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables and then executes the command provided.

If the role requires MFA, you will be asked for the token first:

$ assume-role prod aws iam get-user
MFA code: 123456

If no command is provided, assume-role will output the temporary security credentials:

$ assume-role prod
export AWS_ACCESS_KEY_ID="ASIAI....UOCA"
export AWS_SECRET_ACCESS_KEY="DuH...G1d"
export AWS_SESSION_TOKEN="AQ...1BQ=="
export AWS_SECURITY_TOKEN="AQ...1BQ=="
export ASSUMED_ROLE="prod"
# Run this to configure your shell:
# eval $(assume-role prod)

Or windows PowerShell:

$env:AWS_ACCESS_KEY_ID="ASIAI....UOCA"
$env:AWS_SECRET_ACCESS_KEY="DuH...G1d"
$env:AWS_SESSION_TOKEN="AQ...1BQ=="
$env:AWS_SECURITY_TOKEN="AQ...1BQ=="
$env:ASSUMED_ROLE="prod"
# Run this to configure your shell:
# assume-role.exe prod | Invoke-Expression

If you use eval $(assume-role) frequently, you may want to create a alias for it:

  • zsh
alias assume-role='function(){eval $(command assume-role [email protected]);}'
  • bash
function assume-role { eval $( $(which assume-role) [email protected]); }

TODO

  • [ ] Cache credentials.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].