awsswitch

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

README

awsswitch CircleCI

This is a command to export the credentials variables to switch a role with MFA.

Key features:

  • Single binary
  • Interoperable config with AWS CLI (~/.aws/config)
  • Interoperable token cache with AWS CLI (~/.aws/cli/cache)

Getting Started

Install awsswitch.

# Homebrew (macOS)
brew install int128/awsswitch/awsswitch

# GitHub Releases
curl -LO https://github.com/int128/awsswitch/releases/download/v0.1.0/awsswitch_linux_amd64.zip
unzip awsswitch_linux_amd64.zip

# Go
go get github.com/int128/awsswitch

Set up your .aws/config for the switch role. For example,

[profile USERNAME]

[profile USERNAME_administrator]
mfa_serial = arn:aws:iam::1234567890:mfa/USERNAME
role_arn = arn:aws:iam::1234567890:role/AdministratorMFA
source_profile = USERNAME
duration_seconds = 43200

Run the command in your terminal.

% eval $(awsswitch --profile=USERNAME_administrator)
Enter MFA code:
you got a valid token until 2020-04-19 21:43:38 +0000 UTC

It will export AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN. Now you can run tools such as AWS CLI and Terraform.

% aws s3 ls

% terraform apply

It attempts to read the token cache in ~/.aws/cli/cache. You do not need to enter a MFA code if the token is valid. This behavior is interoperable with AWS CLI.

How to set up the switch role

1. Set up a role

Create an IAM role to switch to. You need to set up a trusted relationship to an AWS account or IAM user.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::1234567890:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
        }
      }
    }
  ]
}
2. Set up a user

Create an IAM user.

You need to set up an assume role. See document for more.

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "sts:AssumeRole",
    "Resource": "arn:aws:iam::1234567890:role/AdministratorMFA"
  }
}

Set your credentials to ~/.aws/credentials.

% aws configure --profile=USERNAME

Add a profile to .aws/config to switch to the role.

[profile USERNAME]

[profile USERNAME_administrator]
mfa_serial = arn:aws:iam::1234567890:mfa/USERNAME
role_arn = arn:aws:iam::1234567890:role/AdministratorMFA
source_profile = USERNAME
duration_seconds = 43200

Contributions

This is an open source software. Feel free to open issues and pull requests.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
cmd
Package cmd provides the command line interface.
 Package cmd provides the command line interface.
prompt
Package prompt provides the user interaction features.
 Package prompt provides the user interaction features.
tokencache
Package tokencache provides access to the token cache in ~/.aws/cli/cache.
 Package tokencache provides access to the token cache in ~/.aws/cli/cache.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.