roo

command module

v0.3.5 Latest Latest Go to latest Published: Apr 21, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jkueh/roo

Links

Open Source Insights

README ¶

roo

A little utility to help make AWS calls from an authentication account with MFA.

It caches credentials in its 'pouch' (aka a file on disk), reaching out to renew them when needed.

Use Case

I wrote this because I came across the following pattern:

Every user logs into an 'authentication account' as an IAM user.
Each user can create their own set of access keys, and they must have MFA enabled in order to log in.
Once they have logged in to the authentication account, users then assume a role in another account to do what they need to do (e.g. deleting the production environment).

Quite frankly, I tired of using a convoluted bash script to generate session tokens in order to assume a role, so I wrote a thing to do it for me.

Command Precedence

There's a few flags that are used to determine behaviour, and they are given the following precedence:

--console or --console-url
--write-profile

If none of the above are specified, it defaults to executing the command provided.

Configuration

If you run roo once without a configuration file, it will generate a dummy one for you (at ${HOME}/.roo/config.yaml)

Alternatively, you can write your own (See Configuration Reference).

Configuration Reference

This is an example of the configuration file, commonly found at ${HOME}/.roo/config.yaml. Modify these values to your liking / requirements

mfa_serial: arn:aws:iam::000000000000:mfa/my_mfa_serial
base_profile: some-base-profile # optional - this is the AWS profile you use to log into the authentication account.
roles:
  - name: something-prod-readonly
    default: yes # Optional, but helpful!
    arn: arn:aws:iam::000000000000:role/ReadOnly
    aliases: # Optional, and also helpful!
      - something-prod
      - prod-readonly
    # target_aws_profile (Optional):
    # This is the name of the profile that 'roo' will write to when '-write-profile' is specified on the command line.
    # If not specified, using -write-profile will require -profile-target.
    target_aws_profile: "roo-default"

  - name: something-prod-deleteonly
    arn: arn:aws:iam::000000000000:role/DeleteOnly
    aliases:
      - deleteprod
    target_aws_profile: "my-other-profile"

  - name: something-test-developer
    arn: arn:aws:iam::111111111111:role/Developer
    aliases:
      - something-dev
      - test-dev
    target_aws_profile: "yet-another-profile"

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cachedcredsprovider
config
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL