AWS credentials loader
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

awsecrets Gem Travis

AWS credentials loader

awsecrets config precedence

  1. Command Line Options (Awscreds#load method args OR self optparse)
  2. Environment Variables
  3. YAML file (secrets.yml)
  4. The AWS credentials file
  5. The CLI configuration file
  6. Instance profile credentials

(See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#config-settings-and-precedence)

Installation

Add this line to your application's Gemfile:

gem 'awsecrets'

And then execute:

$ bundle

Or install it yourself as:

$ gem install awsecrets

Usage example

Create command line tool ec2sample like following code

#!/usr/bin/env ruby
require 'awsecrets'
Awsecrets.load
ec2_client = Aws::EC2::Client.new
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first

And execute

$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1

or

$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa

or

$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
$ ec2sample i-1aa1aaaa

Use AssumeRole

Support role_arn role_session_name source_profile external_id.

1. .aws/config and .aws/credentials

see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html

# .aws/config
[profile assumed]
role_arn = arn:aws:iam::123456780912:role/assumed-role
external_id = myfoo_id
source_profile = assume_test
# .aws/credentials
[assume_test]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

And execute

$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1

2. secrets.yml

$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
role_arn = arn:aws:iam::123456780912:role/assumed-role

And execute

$ ec2sample i-1aa1aaaa

Disable load YAML(secrets.yml)

Awsecrets.load(disable_load_secrets:true)

or

Awsecrets.load(secrets_path:false)

Contributing

  1. Fork it ( https://github.com/k1LoW/awsecrets/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request