forked from mlrobinson/aws-profile
-
Notifications
You must be signed in to change notification settings - Fork 5
/
aws-profile
executable file
·77 lines (65 loc) · 2.76 KB
/
aws-profile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/env python
# There is a standard way to configure clients to assume role for a profile. See:
# http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles
# However, not all AWS SDKs support this AssumeRole configuration (yet).
#
# This script processes the configuration using boto (which supports this) and exports
# environment variables which are standardised for use with less current SDKs
#
import json
import os
import sys
import botocore.session
from awscli.utils import json_encoder
from awscli.customizations.assumerole import JSONFileCache
# JSONFileCache from awscli does not serialize datetime, add json_encoder support
class FixedJSONFileCache(JSONFileCache):
def __setitem__(self, cache_key, value):
full_key = self._convert_cache_key(cache_key)
try:
file_content = json.dumps(value, default=json_encoder)
except (TypeError, ValueError):
raise ValueError("Value cannot be cached, must be "
"JSON serializable: %s" % value)
if not os.path.isdir(self._working_dir):
os.makedirs(self._working_dir)
with os.fdopen(os.open(full_key,
os.O_WRONLY | os.O_CREAT, 0o600), 'w') as f:
f.truncate()
f.write(file_content)
def configure_cache(session):
""" Injects caching to the session's credential provider """
cred_chain = session.get_component('credential_provider')
provider = cred_chain.get_provider('assume-role')
provider.cache = FixedJSONFileCache()
def parse_args(argv=sys.argv):
profile = os.getenv('AWS_DEFAULT_PROFILE')
if not profile: profile = os.getenv('AWS_PROFILE')
if not profile or len(argv) < 2:
print("Usage: AWS_DEFAULT_PROFILE=profile %s command [args]" % os.path.basename(argv[0]))
quit(1)
command = " ".join(argv[1:])
return (profile, command)
if __name__ == '__main__':
profile, command = parse_args()
session = botocore.session.Session(profile=profile)
configure_cache(session)
config = session.get_scoped_config()
creds = session.get_credentials()
# Unset variables for sanity sake
os.unsetenv('AWS_ACCESS_KEY_ID')
os.unsetenv('AWS_SECRET_ACCESS_KEY')
os.unsetenv('AWS_SESSION_TOKEN')
os.unsetenv('AWS_DEFAULT_PROFILE')
os.unsetenv('AWS_PROFILE')
region = config.get('region', None)
if region:
os.putenv('AWS_DEFAULT_REGION', region)
os.putenv('AWS_REGION', region)
os.putenv('AWS_ACCESS_KEY_ID', creds.access_key)
os.putenv('AWS_SECRET_ACCESS_KEY', creds.secret_key)
if creds.token:
os.putenv('AWS_SESSION_TOKEN', creds.token)
my_env = os.environ.copy()
command_status = os.system(command)
exit(os.WEXITSTATUS(command_status))