This repository has been archived by the owner on Aug 1, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
70 lines (64 loc) · 2.31 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
// Copyright (C) 2019 The aws-exec-cmd Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.
// Command aws-exec-cmd acquires AWS credentials and runs an arbitrary command, providing it credentials through environment variables. It acquires credentials from the environment, IAM roles (with AssumeRole chaining), or Cognito identity pools.
//
// Environment variables:
//
// AWS_ACCESS_KEY_ID
// AWS_SECRET_ACCESS_KEY
// AWS_SESSION_TOKEN
//
// Usage:
//
// aws-exec-cmd --help
// aws-exec-cmd role --help
// aws-exec-cmd idp --help
//
// Use the IAM role, attached to an EC2 instance, to run "env | grep AWS_":
//
// aws-exec-cmd role --chain instance -- env | grep AWS_
//
// Perform the same command but with credentials from role "backup" assumed from an EC2 instance role:
//
// aws-exec-cmd role --chain instance,arn:aws:iam::123456789012:role/backup -- env | grep AWS_
//
// Perform the same command but with credentials from role "backup" assumed from enviroment credentials:
//
// aws-exec-cmd role --chain env-triple,arn:aws:iam::123456789012:role/backup -- env | grep AWS_
//
// Perform the same command with credentials from Cognito identity pool, using federated Google auth:
//
// aws-exec-cmd idp \
// --name accounts.google.com \
// --pool-id <pool ID> \
// --refresh <Google OAuth refresh token> \
// --client-id <Google OAuth client ID> \
// --client-secret <Google OAuth client secret>
//
// Supported AssumeRole chaining:
//
// environment variable credentials -> AssumeRole [-> AssumeRole ...]
// role (temporary credentials from STS) -> AssumeRole [-> AssumeRole ...]
package main
import (
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/codeactual/aws-exec-cmd/idp"
"github.com/codeactual/aws-exec-cmd/internal/cage/cli/handler"
"github.com/codeactual/aws-exec-cmd/role"
)
func main() {
rootCmd := &cobra.Command{
Use: "aws-exec-cmd",
Short: "Run a local command with AWS credentials set in the environment",
}
rootCmd.Version = handler.Version()
rootCmd.AddCommand(role.NewCommand())
rootCmd.AddCommand(idp.NewCommand())
if err := rootCmd.Execute(); err != nil {
panic(errors.WithStack(err))
}
}