credentor

package module

v0.0.0-...-2c86fd9 Latest Latest Go to latest Published: Aug 31, 2018 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/youyo/credentor

Links

Open Source Insights

README ¶

credentor

AWS assume role credential wrapper.

Description

credentor is useful for some commands which couldn't resolve an assume role credentials in ~/.aws/credentials.

For example,

Install

Place a credentor command to your PATH and set an executable flag.
Download the latest release from github. https://github.com/youyo/credentor/releases/latest

# darwin/amd64
$ curl -s https://api.github.com/repos/youyo/credentor/releases/latest \
	| grep "browser_download_url.*darwin" \
	| cut -d : -f 2,3 \
	| tr -d \" \
	| wget -qi -

# linux/amd64
$ curl -s https://api.github.com/repos/youyo/credentor/releases/latest \
	| grep "browser_download_url.*linux" \
	| cut -d : -f 2,3 \
	| tr -d \" \
	| wget -qi -

Usage

# ~/.aws/credentials

[my-profile]
aws_access_key_id=XXX
aws_secret_access_key=YYY

# ~/.aws/config

[profile foo]
role_arn=arn:aws:iam::999999999999:role/MyRole
source_profile=my-profile

As command wrapper

$ AWS_PROFILE=foo credentor -- some_command [arg1 arg2...]

credentor works as below.

Find AWS_PROFILE section in ~/.aws/credentials and ~/.aws/config .
Call aws sts assume-role to a get temporary credentials.
Set the credentilas to environment variables.
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
Execute some_command with args.

As env exporter

When credentor is executed with no arguments, credentor outputs shell script to export AWS credentials environment variables.

$ export AWS_PROFILE=foo
$ credentor
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=zWarBXUtMKJYnC8y4dNAf9e5HQqFTp....
export AWS_SESSION_TOKEN=Wj3YGuSMwn8aJx4AN6TFsbtB5URKHEpVgdDkPvy7....

You can set the credentials in current shell by eval.

$ eval "$(credentor)"

Temporary credentials has expiration time (about 1 hour).

References

credentor is inspired by aswrap.
Original software is aswrap. https://github.com/fujiwara/aswrap

Documentation ¶

Index ¶

func GetCredentials(arn string, options session.Options) (*credentials.Value, error)
type Config
- func NewConfig() *Config
type EnvironmentVariable
type FilePath
type RoleInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetCredentials ¶

func GetCredentials(arn string, options session.Options) (*credentials.Value, error)

Types ¶

type Config ¶

type Config struct {
	EnvironmentVariables EnvironmentVariable
	FilePaths            FilePath
	Role                 RoleInfo
}

func NewConfig ¶

func NewConfig() *Config

func (*Config) ExportSessionOptions ¶

func (c *Config) ExportSessionOptions() session.Options

func (*Config) ExtractRoleInfo ¶

func (c *Config) ExtractRoleInfo() error

func (*Config) GetRoleArn ¶

func (c *Config) GetRoleArn() string

type EnvironmentVariable ¶

type EnvironmentVariable struct {
	AwsProfile    string
	AwsConfigFile string
}

type FilePath ¶

type FilePath struct {
	AwsConfigFile string
}

type RoleInfo ¶

type RoleInfo struct {
	RoleArn       string
	SourceProfile string
	MfaSerial     string
	ExternalID    string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
credentor
cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL