Skip to content
sudo for AWS roles
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.coveragerc
.gitignore
.pylintrc Add Makefile to automate code quality checks Aug 3, 2016
.travis.yml
CHANGELOG.rst
LICENSE Add license Aug 3, 2016
Makefile
README.rst
awsudo.py awsudo 0.2.0: use AWS_SESSION_TOKEN Aug 4, 2016
requirements-dev.txt Integrate with tox for testing Aug 3, 2016
setup.cfg Add Makefile to automate code quality checks Aug 3, 2016
setup.py Add license Aug 3, 2016
test_awsudo.py awsudo 0.2.0: use AWS_SESSION_TOKEN Aug 4, 2016
tox.ini

README.rst

awsudo

awsudo is a command-line tool that requests temporary credentials from STS to use an IAM role.

If MFA is enabled, you'll be prompted for the token code.

Usage

First, you need to define your credentials in ~/.aws/credentials:

[default]
aws_access_key_id = AKIAIJFLKDSJFKLDSZ2Q
aws_secret_access_key = Eoz3FDKJLSfdsJLKFDjflsFDjklJFDjfdFDjdOKa

Then define your profiles in ~/.aws/config:

[profile administrator@development]
role_arn = arn:aws:iam::00000000002:role/administrator
source_profile = default
mfa_serial = arn:aws:iam::00000000001:mfa/pmuller

[profile administrator@staging]
role_arn = arn:aws:iam::00000000003:role/administrator
source_profile = default
mfa_serial = arn:aws:iam::00000000001:mfa/pmuller

[profile administrator@production]
role_arn = arn:aws:iam::00000000004:role/administrator
source_profile = default
mfa_serial = arn:aws:iam::00000000001:mfa/pmuller

You can use awsudo either to get temporary credentials as ready-to-use environment variables:

$ awsudo administrator@staging
Enter MFA code:
AWS_ACCESS_KEY_ID=ASIAJFSDLKJFS3VLA
AWS_SECRET_ACCESS_KEY=UKvIegRLKJSFLKJFDSLKFJSDLKJ
AWS_SESSION_TOKEN=FQoDYXdzEHIaDONIt4M0O10zRms0ac2.....

Or to directly run another executable with credentials defined in its environment:

$ awsudo administrator@development aws iam list-groups
Enter MFA code:
{
    "Groups": [
        {
            "Path": "/",
            "CreateDate": "2016-08-01T02:13:52Z",
            "GroupId": "AGPAILKJFSDLFKJSDLFS2",
            "Arn": "arn:aws:iam::1234567890:group/administrators",
            "GroupName": "administrators"
        },
        {
            "Path": "/",
            "CreateDate": "2016-08-01T02:24:05Z",
            "GroupId": "AGPAFSJDKLJFDSLKJFST6",
            "Arn": "arn:aws:iam::1234567890:group/users",
            "GroupName": "users"
        }
    ]
}

Development

Run tests:

$ make check
You can’t perform that action at this time.