README
¶
awscredswrap
AWS assume role credential wrapper.
Description
awscredswrap uses temporary credentials for the specified iam role to set a shell environment variable or execute a command.
Use as CLI
Install
- Brew
$ brew install youyo/tap/awscredswrap
Other platforms are download from github release page.
Usage
$ awscredswrap --help
awscredswrap uses temporary credentials for the specified iam role to set a shell environment variable or execute a command.
Usage:
awscredswrap [flags]
Flags:
-d, --duration-seconds int The duration, in seconds, of the role session. (default 3600)
-h, --help help for awscredswrap
-m, --mfa-serial string The identification number of the MFA device that is associated with the user who is making the AssumeRole call.
-r, --role-arn string The arn of the role to assume.
-n, --role-session-name string An identifier for the assumed role session.
--version version for awscredswrap
As command wrapper
$ awscredswrap --role-arn arn:aws:iam::00000000:role/foo -- some_command [arg1 arg2...]
As env exporter
When awscredswrap is executed with no arguments, awscredswrap outputs shell script to export AWS credentials environment variables.
$ awscredswrap --role-arn arn:aws:iam::00000000:role/foo
export AWS_ACCESS_KEY_ID='XXXXXXXXXXXXXXXX'
export AWS_SECRET_ACCESS_KEY='zWarBXUtMKJYnC8y4dNAf9e5HQqFTp....'
export AWS_SESSION_TOKEN='Wj3YGuSMwn8aJx4AN6TFsbtB5URKHEpVgdDkPvy7....'
export AWS_DEFAULT_REGION='us-east-1'
You can set the credentials in current shell by eval.
$ eval $(awscredswrap --role-arn arn:aws:iam::00000000:role/foo)
Temporary credentials has expiration time (about 1 hour).
Use as GitHub Actions
DEPRECATED IN FAVOR OF THE OFFICIAL aws-actions/configure-aws-credentials
Inputs
role_arnRequired The arn of the role to assume.role_session_nameAn identifier for the assumed role session. (default awscredswrap@GitHubActions)duration_secondsThe duration, in seconds, of the role session. (default 3600)
ENV
AWS_ACCESS_KEY_IDRequiredAWS_SECRET_ACCESS_KEYRequiredAWS_DEFAULT_REGIONRequired
Recommended to get AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from secrets.
Example usage
on: [push]
jobs:
assume_role:
runs-on: ubuntu-latest
steps:
- name: Assume Role
uses: youyo/awscredswrap@v1
with:
role_arn: ${{ secrets.ROLE_ARN }}
duration_seconds: 3600
role_session_name: 'awscredswrap@GitHubActions'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
- name: Install aws-cli
uses: chrislennon/action-aws-cli@v1.1
- name: Identity Check
run: aws sts get-caller-identity
License
Author
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AwsCredsWrap ¶
type AwsCredsWrap struct {
Session *session.Session
Credentials credentials.Value
Region string
}
func (*AwsCredsWrap) ExecuteCommand ¶
func (a *AwsCredsWrap) ExecuteCommand(com string, args ...string) (err error)
func (*AwsCredsWrap) ExportEnvironments ¶
func (a *AwsCredsWrap) ExportEnvironments() []string
func (*AwsCredsWrap) GetCredentials ¶
func (a *AwsCredsWrap) GetCredentials(roleArn, roleSessionName, mfaSerial string, durationSeconds time.Duration) (err error)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.