awscredswrap

AWS assume role credential wrapper.

Description

awscredswrap uses temporary credentials for the specified iam role to set a shell environment variable or execute a command.

Use as CLI

Install

Brew

$ brew install youyo/tap/awscredswrap

Other platforms are download from github release page.

Usage

$ awscredswrap --help
awscredswrap uses temporary credentials for the specified iam role to set a shell environment variable or execute a command.

Usage:
  awscredswrap [flags]

Flags:
  -d, --duration-seconds int       The duration, in seconds, of the role session. (default 3600)
  -h, --help                       help for awscredswrap
  -m, --mfa-serial string          The identification number of the MFA device that is associated with the user who is making the AssumeRole call.
  -r, --role-arn string            The arn of the role to assume.
  -n, --role-session-name string   An identifier for the assumed role session.
      --version                    version for awscredswrap

As command wrapper

$ awscredswrap --role-arn arn:aws:iam::00000000:role/foo -- some_command [arg1 arg2...]

As env exporter

When awscredswrap is executed with no arguments, awscredswrap outputs shell script to export AWS credentials environment variables.

$ awscredswrap --role-arn arn:aws:iam::00000000:role/foo
export AWS_ACCESS_KEY_ID='XXXXXXXXXXXXXXXX'
export AWS_SECRET_ACCESS_KEY='zWarBXUtMKJYnC8y4dNAf9e5HQqFTp....'
export AWS_SESSION_TOKEN='Wj3YGuSMwn8aJx4AN6TFsbtB5URKHEpVgdDkPvy7....'
export AWS_DEFAULT_REGION='us-east-1'

You can set the credentials in current shell by eval.

$ eval $(awscredswrap --role-arn arn:aws:iam::00000000:role/foo)

Temporary credentials has expiration time (about 1 hour).

Use as GitHub Actions

DEPRECATED IN FAVOR OF THE OFFICIAL aws-actions/configure-aws-credentials

Inputs

role_arn Required The arn of the role to assume.
role_session_name An identifier for the assumed role session. (default awscredswrap@GitHubActions)
duration_seconds The duration, in seconds, of the role session. (default 3600)

ENV

AWS_ACCESS_KEY_ID Required
AWS_SECRET_ACCESS_KEY Required
AWS_DEFAULT_REGION Required

Recommended to get AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from secrets.

Example usage

on: [push]

jobs:
  assume_role:
    runs-on: ubuntu-latest
    steps:
      - name: Assume Role
        uses: youyo/awscredswrap@v1
        with:
          role_arn: ${{ secrets.ROLE_ARN }}
          duration_seconds: 3600
          role_session_name: 'awscredswrap@GitHubActions'
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'ap-northeast-1'
      - name: Install aws-cli
        uses: chrislennon/action-aws-cli@v1.1
      - name: Identity Check
        run: aws sts get-caller-identity

License

MIT

Author

youyo

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
.github/workflows		.github/workflows
awscredswrap		awscredswrap
github-actions		github-actions
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
_awscredswrap		_awscredswrap
action.yml		action.yml
awscredswrap.go		awscredswrap.go
cli.go		cli.go
go.mod		go.mod
go.sum		go.sum

License

youyo/awscredswrap

Folders and files

Latest commit

History

Repository files navigation

awscredswrap

Description

Use as CLI

Install

Usage

As command wrapper

As env exporter

Use as GitHub Actions

Inputs

ENV

Example usage

License

Author

About

Topics

Resources

License

Stars

Watchers

Forks

Languages