Skip to content

fujiwara/aswrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

aswrap

aswrap

 
 

aswrap.pl

aswrap.pl

 
 

cpanfile

cpanfile

 
 

Repository files navigation

aswrap

AWS assume role credential wrapper.

Description

aswrap is useful for some commands which couldn't resolve an assume role credentials in ~/.aws/credentials and IAM Identity Center credentials cache.

For example,

Install

Place a aswrap command to your PATH and set an executable flag.

$ curl -Lso path/to/aswrap https://github.com/fujiwara/aswrap/releases/download/v0.0.3/aswrap && chmod +x path/to/aswrap

Or use Homebrew.

$ brew install fujiwara/tap/aswrap

Usage

for Assume Role.

# ~/.aws/credentials

[my-profile]
aws_access_key_id=XXX
aws_secret_access_key=YYY

[foo]
region=ap-northeast-1
source_profile=my-profile
role_arn=arn:aws:iam::999999999999:role/MyRole

for IAM Identity Center.

# ~/.aws/config

[profile foo]
sso_start_url = https://example.awsapps.com/start
sso_region = ap-northeast-1
sso_account_id = 123456789012
sso_role_name = myrole
region = ap-northeast-1

As command wrapper

$ AWS_PROFILE=foo aswrap some_command [arg1 arg2...]

aswrap works as below.

  1. Find AWS_PROFILE section in ~/.aws/credentials and ~/.aws/config .
    • (For assume role) Call aws sts assume-role to a get temporary credentials.
    • (For IAM Identity Center) Call aws sso get-role-credentials to a get temporary credentials.
  3. Set the credentilas to environment variables.
    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • AWS_SESSION_TOKEN
    • AWS_REGION if available in the section.
  4. Execute some_command with args.

As env exporter

When aswrap is executed with no arguments, aswrap outputs shell script to export AWS credentials environment variables.

$ export AWS_PROFILE=foo
$ aswrap
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=eW8JjiLZk+mzNmEQJyORdzk....
export AWS_SESSION_TOKEN=2b0gN9qucmINvL8D4sgpLbzvJ31Es5/VBy9gYFpxKFWBrODYMBqcq5WksJGp9RW.....
export AWS_REGION=ap-northeast-1

You can set the credentials in current shell by eval.

$ eval "$(aswrap)"

Temporary credentials has expiration time (about 1 hour).

Requirements

  • Perl (>= 5.14.0)
    • required JSON::PP
  • aws-cli

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Author

Copyright (c) 2017 FUJIWARA Shunichiro

About

AWS assume role credential wrapper

Topics

aws perl

Resources

Readme

License

View license
Activity

Stars

21 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 5

v0.1.0 Latest
Oct 30, 2023
+ 4 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

  •  
  •  

Languages