GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → otm → Limes

otm / Limes

Licence: mit
Limes provides an easy work flow with MFA protected access keys, temporary credentials and access to multiple roles/accounts.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

awsaws-sdkaws-cli

Projects that are alternatives of or similar to Limes

Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+14668.66%)
Mutual labels:  aws, aws-sdk, aws-cli
Awsconsolerecorder
Records actions made in the AWS Management Console and outputs the equivalent CLI/SDK commands and CloudFormation/Terraform templates.
Stars: ✭ 1,152 (+1619.4%)
Mutual labels:  aws, aws-sdk, aws-cli
Bash My Aws
Bash-my-AWS provides simple but powerful CLI commands for managing AWS resources
Stars: ✭ 782 (+1067.16%)
Mutual labels:  aws, aws-cli
Aws Sdk Js
AWS SDK for JavaScript in the browser and Node.js
Stars: ✭ 6,857 (+10134.33%)
Mutual labels:  aws, aws-sdk
Workshop Donkeytracker
Workshop to build a serverless tracking application for your mobile device with an AWS backend
Stars: ✭ 27 (-59.7%)
Mutual labels:  aws, aws-cli
Aiobotocore
asyncio support for botocore library using aiohttp
Stars: ✭ 630 (+840.3%)
Mutual labels:  aws, aws-sdk
Aws Shell
An integrated shell for working with the AWS CLI.
Stars: ✭ 6,359 (+9391.04%)
Mutual labels:  aws, aws-cli
Aws Sdk Go
AWS SDK for the Go programming language.
Stars: ✭ 7,270 (+10750.75%)
Mutual labels:  aws, aws-sdk
Saws
A supercharged AWS command line interface (CLI).
Stars: ✭ 4,886 (+7192.54%)
Mutual labels:  aws, aws-cli
Angular Aws Amplify
Sample implementation for AWS Amplify in Angular project
Stars: ✭ 40 (-40.3%)
Mutual labels:  aws, aws-sdk
Amazon Cognito Identity Js
Amazon Cognito Identity SDK for JavaScript
Stars: ✭ 965 (+1340.3%)
Mutual labels:  aws, aws-sdk
Go Sqs Poller
An AWS SQS Poller
Stars: ✭ 50 (-25.37%)
Mutual labels:  aws, aws-sdk
Soto
Swift SDK for AWS that works on Linux, macOS and iOS
Stars: ✭ 579 (+764.18%)
Mutual labels:  aws, aws-sdk
Ecs Deploy
Powerful CLI tool to simplify Amazon ECS deployments, rollbacks & scaling
Stars: ✭ 541 (+707.46%)
Mutual labels:  aws, aws-cli
Boto3
AWS SDK for Python
Stars: ✭ 6,894 (+10189.55%)
Mutual labels:  aws, aws-sdk
Awless
A Mighty CLI for AWS
Stars: ✭ 4,821 (+7095.52%)
Mutual labels:  aws, aws-cli
Homebrew Aws Session Manager Plugin
Install the AWS session manager plugin with Homebrew
Stars: ✭ 27 (-59.7%)
Mutual labels:  aws, aws-cli
Aws Sdk Java V2
The official AWS SDK for Java - Version 2
Stars: ✭ 1,083 (+1516.42%)
Mutual labels:  aws, aws-sdk
Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (+635.82%)
Mutual labels:  aws, aws-cli
Aws Security Viz
Visualize your aws security groups.
Stars: ✭ 511 (+662.69%)
Mutual labels:  aws, aws-cli
View All Similar Projects ➔

Limes

Limes provides an easy work flow with MFA protected access keys, temporary credentials and access to multiple roles/accounts.

Limes is the Local Instance MEtadata Service and emulates parts of the AWS Instance Metadata Service running on Amazon Linux. The AWS SDK and AWS CLI can therefor utilize this service to authenticate.

Warning

The AWS SDK refreshes credentials automatically when using limes. So all services will change profile if the profile is changed in limes.

Installation

  1. Download binary for your architecture from https://github.com/otm/limes/releases/latest
  2. Copy the file to /usr/local/bin or appropriate location in PATH
  3. Make it executable: chmod +x /usr/local/bin/limes
  4. Linux: Allow limes to bind to privileged ports setcap 'cap_net_bind_service=+ep' /usr/local/bin/limes

Note: On Mac OS limes server is needed to run as root for the time being.

Configuring the Loop Back Device

The configuration below adds the necessary IP configuration on the loop back device. Without this configuration the service can not start.

Note: This configuration is not persistent between reboots.

Linux

sudo ip addr add 169.254.169.254/24 broadcast 169.254.169.255 dev lo:metadata
sudo ip link set dev lo:metadata up

Mac

sudo /sbin/ifconfig lo0 alias 169.254.169.254

Bash Completion

Linux:
wget -O /etc/bash_completion.d/limes https://raw.githubusercontent.com/otm/limes/master/assets/limes
Mac
wget -O $(brew --prefix)/etc/bash_completion.d/limes https://raw.githubusercontent.com/otm/limes/master/assets/limes
Fixing Completion for AWS CLI

There is currently a bug in the completer for the AWS CLI that makes it misbehave when used with _command_offset. This can be solved by adding a secondary completion entry for the AWS CLI. To make this persistent add it to your bash configuration.

Linux

complete -C '/usr/local/bin/aws_completer' limes run aws

Mac (Brew)

complete -C "$(brew --prefix)/bin/aws_completer" limes run aws

Configuring IAM (Identity and Access Management)

To be done

Configuring IMS (Instance Meta-data Service)

There is an example configuration file. The configuration file is documented. Make a copy of the file and place it in ~/.limes/config.

mkdir -p ~/.limes
wget -O ~/.limes/config https://raw.githubusercontent.com/otm/limes/master/config.example

Use your favorite text editor to update ~/.limes/config

Usage

Running limes in your terminal prints usage information.

Starting the Service

The service is started with limes start.

Assuming Profiles

A profile is assumed with limes assume <profile-name>, where profile-name is a configured profile. Please note that this does not refer to AWS profiles but profiles configured in limes.

Running Applications with Alternate Profile

If you have assumed a role on limes you might want to run an application once with an alternate profile. This is possible without assuming the profile with the run subcommand.

limes --profile <name> run <application> [args...]

Tip With limes --profile <name> run bash it is possible to quickly start a shell with exported environment variables that is valid for an hour.

Protected Profiles

By adding protected: true to your profile it will not be possible to assume that role. It will only be possible to utilize the subcommands run and env.

Service Status

By running limes status it is possible to see the current status, and also it can detect common problems and misconfiguration.

Known Problems

If AWS environment variables, .aws/credentials or .aws/config are present there is a chance that the limes does not work. This can be checked with limes status.

Security

The service should be configured on the loop back device, and only accessible from the host it is running on.

Note: It is important not to run any service that could forwards request on the host running Limes as this would be a security risk. However, this is no difference from the setup on an Amazon Linux instance in AWS. If an attacker could forward requests to 169.254.169.254/24 your credentials could be compromised. Please note that an attacker could utilize a DNS to resolve to this address, so always be aware where you forward requests to.

Roadmap

  • Windows support (If I get someone to test it)

Build

To build you need a Go compiler and environment setup. See https://golang.org/ for more information regarding setting up and configuring Go.

go get github.com/otm/limes
go build

If protobuf definitions are updated protoc is needed on the system. Installation instructions are available at https://github.com/google/protobuf. Ẅhen protoc is installed run go generate. Currently build with libprotoc 3.1.0.

go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
go generate
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].