README
¶
gcp2aws
AWS credential helper for GCP.
Call AWS API using GCP credentials.
Requirements
- GCP
- Authenticate with
gcloud auth application-default login - Service Accounts that allow you to impersonate(
roles/iam.serviceAccountTokenCreator)
- Authenticate with
- AWS
- IAM Roles that allow service accounts to
sts:AssumeRoleWithWebIdentity
- IAM Roles that allow service accounts to
Installation
Using go install
go install github.com/porkbeans/gcp2aws@latest
Using GitHub Releases
For locally (e.g. ~/.local/bin)
curl -sSL '<TAR_GZ_URL>' | tar -xz -C ~/.local/bin gcp2aws
For globally (e.g. /usr/local/bin)
curl -sSL '<TAR_GZ_URL>' | sudo tar -xz --no-same-owner -C /usr/local/bin gcp2aws
Usage
SYNOPSIS
gcp2aws -i <SERVICE ACCOUNT EMAIL> -r <ROLE ARN> [-d <DURATION>]
OPTIONS
-i <SERVICE ACCOUNT EMAIL>
Service account email to impersonate.
-r <ROLE ARN>
Role ARN to AssumeRoleWithWebIdentity.
-d <DURATION>
Credential duration. Accept format for Go time.ParseDuration.
See https://pkg.go.dev/time#ParseDuration
Examples
See Terraform Example to set up GCP Service Account and AWS IAM Role.
AssumeRole with impersonated GCP service account identity.
~/.aws/config
[profile example]
credential_process = /path/to/gcp2aws -r <ROLE ARN> -i <SERVICE ACCOUNT EMAIL>
region = <YOUR REGION>
Development
Required tools
- go for compiling and testing
- GNU make for task runner
- direnv for loading environment variables for tests
- gibo for updating .gitignore boilerplate
Preparing
cp example.env secret.envand edit each values insecret.envfor your test environment.direnv allowmake testto confirm that you can run tests
Similar projects
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.