Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Michael Barney
authored and
Michael Barney
committed
Jul 6, 2019
1 parent
2402f08
commit 8094f85
Showing
52 changed files
with
1,879 additions
and
3,976 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
include package.json | ||
include readme.md | ||
include fastentrypoints.py | ||
include autocomplete.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,22 @@ | ||
[[source]] | ||
url = "https://pypi.python.org/simple" | ||
verify_ssl = true | ||
name = "pypi" | ||
url = "https://pypi.org/simple" | ||
verify_ssl = true | ||
|
||
[dev-packages] | ||
twine = "*" | ||
pylint = "*" | ||
botostubs = "*" | ||
|
||
[packages] | ||
pytest = "*" | ||
pytest-cov = "*" | ||
mock = "*" | ||
python-dateutil = "*" | ||
"boto3" = "*" | ||
pluggy = "*" | ||
boto3 = "*" | ||
awsume = {editable = true,path = "."} | ||
psutil = "*" | ||
yapsy = "*" | ||
future = "*" | ||
pylint = "*" | ||
colorama = "*" | ||
awsume = {editable = true,path = "."} | ||
|
||
[scripts] | ||
test = "pytest" | ||
build = "python setup.py sdist" | ||
deploy-test = "twine upload -r test dist/*" | ||
deploy-pypi = "twine upload -r pypi dist/*" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,131 +1,3 @@ | ||
# AWSume: AWS Assume Made Awesome | ||
|
||
Utility for easily assuming AWS IAM roles from the command line, now in Python! | ||
|
||
## What is AWSume? | ||
|
||
AWSume is a cross-platform (Mac, Linux, Windows) command-line tool that makes assuming AWS roles and setting user credentials from the AWS CLI easy! It works by scanning your `.aws/config` and `.aws/credentials` files for the profile you give it, making AWS calls to get that profile's credentials, and exporting those credentials to your shell's environment variables. Then, any AWS CLI calls you make in that shell will be under the profile you gave AWSume. | ||
|
||
## Installation | ||
|
||
### Pip Installation | ||
|
||
AWSume has been conveniently wrapped into a Python package and installable with just one simple command: | ||
|
||
``` bash | ||
pip install awsume | ||
``` | ||
|
||
The installer places the python and shell scripts into your python directory. If you're using `Bash` or `Zsh`, the installer will add an alias definition (sources awsume when it's called) to their resource control file, either `.bash_alias`, `.bashrc`, `.bash_profile`, or `.zshrc`. When uninstalling AWSume, the alias definition will not be removed. | ||
|
||
Once you have AWSume installed, you're ready to set up AWSume! | ||
|
||
#### Console Plugin installation | ||
|
||
Once you've installed AWSume, you can install the console plugin with: | ||
|
||
``` bash | ||
awsume --install-plugin https://raw.githubusercontent.com/trek10inc/awsume/master/examplePlugin/console.py https://raw.githubusercontent.com/trek10inc/awsume/master/examplePlugin/console.yapsy-plugin | ||
``` | ||
|
||
## Setup | ||
|
||
### Configuring Using The AWS CLI | ||
|
||
`aws configure set <key> <value> --profile <profile_name>` | ||
|
||
Where: | ||
|
||
- `key` is what you would like to set within the `config`/`credentials` file, such as: | ||
- `aws_access_key_id`, `aws_secret_access_key`, `region`, `output`, `mfa_serial`, `role_arn`, or `source_profile` | ||
- `value` is the value you'd like to set the `key` to | ||
- `profile_name` is the name of the profile you are creating | ||
- `profile_name` is what you will pass into AWSume | ||
|
||
### Configuring Manually | ||
|
||
Add profiles to | ||
|
||
`~/.aws/config` (for macOS / Linux) | ||
|
||
`%userprofile%\.aws\config` (for Windows) | ||
|
||
#### ~/.aws/config | ||
|
||
``` ini | ||
[default] | ||
region = us-east-1 | ||
[profile internal-admin] | ||
role_arn = arn:aws:iam::<your aws account id>:role/admin-role | ||
source_profile = joel | ||
region = us-east-1 | ||
[profile client1-admin] | ||
role_arn = arn:aws:iam::<client #1 account id>:role/admin-role | ||
mfa_serial = arn:aws:iam::<your aws account id>:mfa/joel | ||
source_profile = joel | ||
region = us-west-2 | ||
[profile client2-admin] | ||
role_arn = arn:aws:iam::<client #2 account id>:role/admin-role | ||
mfa_serial = arn:aws:iam::<your aws account id>:mfa/joel | ||
source_profile = joel | ||
region = us-east-1 | ||
``` | ||
|
||
Add credentials to | ||
|
||
`~/.aws/credentials` (for macOS / Linux) | ||
|
||
`%userprofile%\.aws\credentials` (for Windows) | ||
|
||
#### ~/.aws/credentials | ||
|
||
``` ini | ||
[default] | ||
aws_access_key_id = AKIAIOIEUFSN9EXAMPLE | ||
aws_secret_access_key = wJalrXIneUATF/K7MDENG/jeuFHEnfEXAMPLEKEY | ||
[joel] | ||
aws_access_key_id = AKIAIOSFODNN7EXAMPLE | ||
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY | ||
``` | ||
|
||
### Plugins | ||
|
||
AWSume is now extensible. It now comes with a built-in plugin manager! To get started developing plugins, check out our [plugin documentation](https://github.com/trek10inc/awsume/wiki/Plugins). | ||
|
||
#### AWSume Console Plugin | ||
|
||
To demonstrate the plugin manager, we've extended the functionality of AWSume through the AWSume Console plugin. This plugin will open the AWS console to the assumed role. Read about it [here](https://github.com/trek10inc/awsume/blob/master/examplePlugin/console.md) | ||
|
||
### Example Usages | ||
|
||
`awsume client1-source-profile` | ||
Exports `client1-source-profile` credentials into current shell, will ask for MFA if needed | ||
|
||
`awsume client1-source-profile -n` | ||
Exports `client1-source-profile` credentials into current shell, will usually not ask for MFA, but it will if `client1-source-profile` is a role profile instead of a source profile, and requires MFA | ||
|
||
`awsume client1-admin` | ||
Exports `client1-admin` credentials into current shell, will ask for MFA if needed | ||
|
||
`awsume` | ||
Exports the default profile's credentials into current shell, will ask for MFA if needed | ||
|
||
`awsume -d` | ||
Exports the default profile's credentials into current shell, will ask for MFA if needed | ||
|
||
`awsume client1-admin -s` | ||
Outputs export commands to shell, useful if you want to copy / paste into some other shell, will ask for MFA if needed | ||
|
||
`awsume client1-admin -r` | ||
Delete cached credentials and refresh, will always prompt for MFA. | ||
|
||
`awsume client1-admin -a` | ||
Exports auto-refresh profile to shell's `AWS_DEFAULT_PROFILE` and `AWS_PROFILE` environment variables, creates a profile in the `.aws/credentials` file called `auto-refresh-client1-admin` that contains profile's role credentials, and spawns a background process to auto-refresh those role credentials when they expire, for as long as the role's source profile is valid. | ||
|
||
`awsume client1-admin -k` | ||
Removes the `auto-refresh-client1-admin` profile from the `.aws/credentials` file. If no more `auto-refresh-` profiles are left in the `.aws/credentials` file, the auto-refreshing background process will be killed. | ||
|
||
`awsume -k` | ||
Removes all `auto-refresh-` profiles from the `.aws/credentials` file, and kills the auto-refreshing background process. | ||
|
||
See our blog posts [AWSume](https://www.trek10.com/blog/awsume-aws-assume-made-awesome/) and [AWSume - Now in Python](https://www.trek10.com/blog/awsume-now-in-python/) for more details. | ||
Awsume v4 is a work in progress. |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
version = '0.0.3' | ||
|
||
name = 'awsume' | ||
author = 'Trek10, Inc' | ||
author_email = 'package-management@trek10.com' | ||
description = 'Awsume - A cli that makes using AWS IAM credentials easy' | ||
license = 'MIT' | ||
homepage = 'https://github.com/trek10inc/awsume' | ||
|
||
message = 'Thank you for using AWSume! Check us out at https://trek10.com' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
from . import * | ||
from . import __data__ | ||
from . awsumepy import safe_print | ||
|
||
__VERSION__ = __data__.version | ||
__NAME__ = __data__.name | ||
__AUTHOR__ = __data__.author | ||
__AUTHOR_EMAIL__ = __data__.author_email | ||
__DESCRIPTION__ = __data__.description | ||
__LICENSE__ = __data__.license | ||
__HOMEPAGE__ = __data__.homepage | ||
__MESSAGE__ = __data__.message |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
from . import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
import json | ||
import subprocess | ||
import configparser | ||
import time | ||
from datetime import datetime, timedelta | ||
|
||
from ..awsumepy.main import run_awsume | ||
from ..awsumepy.lib.aws_files import get_aws_files, delete_section | ||
|
||
|
||
def main(): | ||
_, credentials_file = get_aws_files(None, None) | ||
while True: | ||
credentials = configparser.ConfigParser() | ||
credentials.read(credentials_file) | ||
auto_profiles = {k: dict(v) for k, v in credentials._sections.items() if k.startswith('autoawsume-')} | ||
|
||
expirations = [] | ||
for auto_profile_name, auto_profile in auto_profiles.items(): | ||
expiration = datetime.strptime(auto_profile['expiration'], '%Y-%m-%d %H:%M:%S') | ||
source_expiration = datetime.strptime(auto_profile['source_expiration'], '%Y-%m-%d %H:%M:%S') | ||
|
||
if expiration < datetime.now() and source_expiration < datetime.now(): | ||
print('Source credentials are expired, removing autoawsume profile') | ||
delete_section(auto_profile_name, credentials_file) | ||
continue | ||
|
||
if expiration < datetime.now() + timedelta(minutes=5): | ||
print('Refreshing {}'.format(auto_profile_name)) | ||
subprocess.run(auto_profile.get('awsumepy_command').split(' '), stdout=subprocess.PIPE, stderr=subprocess.PIPE) | ||
expirations.append(datetime.now() + timedelta(hours=1)) | ||
else: | ||
expirations.append(expiration) | ||
|
||
if not expirations: | ||
break | ||
|
||
earliest_expiration = min(expirations) | ||
time_to_sleep = (earliest_expiration - datetime.now().replace(tzinfo=earliest_expiration.tzinfo)).total_seconds() | ||
|
||
print('sleeping for {}'.format(time_to_sleep)) | ||
time.sleep(time_to_sleep) |
Oops, something went wrong.