credentor

package module

v0.0.0-...-2c86fd9 Latest Latest Go to latest Published: Aug 31, 2018 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/youyo/credentor

Links

Open Source Insights

README ¶

credentor

AWS assume role credential wrapper.

Description

credentor is useful for some commands which couldn't resolve an assume role credentials in ~/.aws/credentials.

For example,

Install

Place a credentor command to your PATH and set an executable flag.
Download the latest release from github. https://github.com/youyo/credentor/releases/latest

# darwin/amd64
$ curl -s https://api.github.com/repos/youyo/credentor/releases/latest \
	| grep "browser_download_url.*darwin" \
	| cut -d : -f 2,3 \
	| tr -d \" \
	| wget -qi -

# linux/amd64
$ curl -s https://api.github.com/repos/youyo/credentor/releases/latest \
	| grep "browser_download_url.*linux" \
	| cut -d : -f 2,3 \
	| tr -d \" \
	| wget -qi -

Usage

# ~/.aws/credentials

[my-profile]
aws_access_key_id=XXX
aws_secret_access_key=YYY

# ~/.aws/config

[profile foo]
role_arn=arn:aws:iam::999999999999:role/MyRole
source_profile=my-profile

As command wrapper

$ AWS_PROFILE=foo credentor -- some_command [arg1 arg2...]

credentor works as below.

Find AWS_PROFILE section in ~/.aws/credentials and ~/.aws/config .
Call aws sts assume-role to a get temporary credentials.
Set the credentilas to environment variables.
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
Execute some_command with args.

As env exporter

When credentor is executed with no arguments, credentor outputs shell script to export AWS credentials environment variables.

$ export AWS_PROFILE=foo
$ credentor
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=zWarBXUtMKJYnC8y4dNAf9e5HQqFTp....
export AWS_SESSION_TOKEN=Wj3YGuSMwn8aJx4AN6TFsbtB5URKHEpVgdDkPvy7....

You can set the credentials in current shell by eval.

$ eval "$(credentor)"

Temporary credentials has expiration time (about 1 hour).

References

credentor is inspired by aswrap.
Original software is aswrap. https://github.com/fujiwara/aswrap

Documentation ¶

Index ¶

func GetCredentials(arn string, options session.Options) (*credentials.Value, error)
type Config
- func NewConfig() *Config
type EnvironmentVariable
type FilePath
type RoleInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetCredentials ¶

func GetCredentials(arn string, options session.Options) (*credentials.Value, error)

Types ¶

type Config ¶

type Config struct {
	EnvironmentVariables EnvironmentVariable
	FilePaths            FilePath
	Role                 RoleInfo
}

func NewConfig ¶

func NewConfig() *Config

func (*Config) ExportSessionOptions ¶

func (c *Config) ExportSessionOptions() session.Options

func (*Config) ExtractRoleInfo ¶

func (c *Config) ExtractRoleInfo() error

func (*Config) GetRoleArn ¶

func (c *Config) GetRoleArn() string

type EnvironmentVariable ¶

type EnvironmentVariable struct {
	AwsProfile    string
	AwsConfigFile string
}

type FilePath ¶

type FilePath struct {
	AwsConfigFile string
}

type RoleInfo ¶

type RoleInfo struct {
	RoleArn       string
	SourceProfile string
	MfaSerial     string
	ExternalID    string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
credentor
cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL