aws-aliased-profiles

command module

v0.0.0-...-63760f7 Latest Latest Go to latest Published: Feb 13, 2022 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/logston/aws-aliased-profiles

Links

Open Source Insights

README ¶

aws-aliased-profiles

The Issue:

You have a bunch of accounts in an organization. You want to be able to use the --profile flag easily and don't want to add profiles to the ~/.aws/config file for each. This tool fetches the accounts in your organization, fetches the aliases associated with each account in your organization, and then inserts the profiles necessary into your config file.

Installation

go get github.com/logston/aws-aliased-profiles

Usage

Initialize the ~/.aws/aliased-profiles/config.tmpl file.
```
aws-aliased-profiles init
```
This places the default profile template contents into the file at ~/.aws/aliased-profiles/config.tmpl.
To fetch all accounts in your organization and their aliases, run the following command:
```
# aws-aliased-profiles fetch <aws profile with organization access> <role to assume>

aws-aliased-profiles fetch default Production
```
The <aws profile with organization access> argument specifies the profile in your ~/.aws/config file to use for access AWS API calls.

The <role to assume> argument specifies the role to assume when getting STS tokens for alias retrieval in each child account. For example, something like ReadOnly, Production, ProductionAdmin, etc. Each team names this according to their own style.
The upsert command uses the downloaded account IDs and aliases to build new profiles and insert them into the ~/.aws/config file.
```
aws-aliased-profiles upsert
```
The profiles inserted into the ~/.aws/config file are generated by populating a template file at ~/.aws/aliased-profiles/config.tmpl. You need to place something like the following in the file named above. You will need to change MyFavRoleToAssume to the role you want to assume when using the profile. Often, this is the same profile used in the fetch command.
```
[profile {{ alias }}]
role_arn = arn:aws:iam::{{ accountId }}:role/MyFavRoleToAssume
source_profile = default
```

Day To Day

Once run, you should be able to use all your profiles readily...

aws --profile staging-123 sts get-caller-identity
{
    "UserId": "ABCDEFGHIJKLMNOP:botocore-session-1234567890",
    "Account": "987654321",
    "Arn": "arn:aws:sts::987654321234:assumed-role/MyFavRoleToAssume/botocore-session-1234567890"
}

Development

When developing, please note that make install will install to ~/.local/bin/.

Timing

Running this program on an organization with 5000 accounts takes about 10 minutes assuming a high speed internet connection.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
common
defaults
fetch
upsert

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL