Unified CLI tool for streamlined AWS operations
Project description
aws fusion
Unified CLI tool for streamlined AWS operations, enhancing developer productivity
Installation
Via Pip directly
Install via pip install. note this also requires git to be present
pip install git+https://github.com/snigdhasjg/aws-fusion.git@main
Manually
Simply clone this repository and run pip install
git clone https://github.com/snigdhasjg/aws-fusion.git
cd aws-fusion
pip install .
Command line tool
To invoke the cli, there are 2 option
- Directly use
aws-fusioncommand - Use it via aws cli alias with
aws fusion
Usage of open-browser
Try
aws-fusion open-browser --helpfor detailed parameter
- Make AWS credentials available via aws profile
- Execute the script:
aws-fusion open-browser --profile my-profile - :tada: Your browser opens, and you are signed in into the AWS console
Use cases
This only works with assume-role and federated-login, doesn't work with IAM user or user session.
IAM assume role
Profiles that use IAM roles pull credentials from another profile, and then apply IAM role permissions.
In the following examples, iam-user is the source profile for credentials and iam-assume-role borrows the same credentials then assumes a new role.
Credentials file
[profile iam-user]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Config file
[profile iam-user]
region = us-east-1
output = json
[profile iam-assume-role]
source_profile = iam-user
role_arn = arn:aws:iam::777788889999:role/user-role
role_session_name = my-session
region = ap-south-1
output = json
Federated login
Using IAM Identity Center, you can log in to Active Directory, a built-in IAM Identity Center directory, or another IdP connected to IAM Identity Center. You can map these credentials to an AWS Identity and Access Management (IAM) role for you to run AWS CLI commands.
In the following examples, using aws-sso profile assumes sso-read-only-role on 111122223333 account.
Config file
[profile aws-sso]
sso_session = my-sso-session
sso_account_id = 111122223333
sso_role_name = sso-read-only-role
role_session_name = my-session
region = us-east-1
output = json
[sso-session my-sso-session]
sso_region = us-east-2
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access
Refer
The docs
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
Usage of store-iam-user-credentials
Try
aws-fusion store-iam-user-credentials --helpfor detailed parameter
Store AWS credentials in system default credential store
Use cases
To store IAM user credential in the system credential store for best security rather than plain text ~/.aws/credentials file.
Manually the save the credential in the store using
aws-fusion store-iam-user-credentials \
--access-key 'AKIAIOSFODNN7EXAMPLE' \
--secret-key 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' \
--account-id '123456789012' \
--username 'my-iam-user'
Usage of get-iam-user-credentials
Try
aws-fusion get-iam-user-credentials --helpfor detailed parameter
Retrieve AWS credentials from system default credential store. Optionally plug the CLI to aws external credential process.
Use cases
Configure aws config file to use credential process
Config file
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion get-iam-user-credentials --account-id 123456789012 --username 'my-iam-user' --access-key 'AKIAIOSFODNN7EXAMPLE' --credential-process
Refer
The docs
Usage of generate-okta-device-auth-credentials
Try
aws-fusion generate-okta-device-auth-credentials --helpfor detailed parameter
Simplifies the process of obtaining AWS session credentials using SAML assertion from Okta device authentication
Use cases
Configure aws config file to use credential process
Config file
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion generate-okta-device-auth-credentials --org-domain my.okta.com --oidc-client-id 0pbs4fq1q2vbGoFkC1m7 --aws-acct-fed-app-id 0oa8z9xa8BS9b2AFb1t7 --aws-iam-role arn:aws:iam::123456789012:role/PowerUsers --credential-process
License
This project is licensed under the MIT License - see the LICENSE file for details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aws-fusion-1.1.tar.gz.
File metadata
- Download URL: aws-fusion-1.1.tar.gz
- Upload date:
- Size: 11.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b0e918667375a18b8e6de83360ac05ff9b98967f023483b1726eaa67aa397026 |
|
| MD5 | 646d7eeda4affdba73798693d16bd6b4 |
|
| BLAKE2b-256 | bf2accc4a2b65820379d64ab674cf2ad9787a8b5491c3b436414b07d1b67f94b |
Provenance
File details
Details for the file aws_fusion-1.1-py3-none-any.whl.
File metadata
- Download URL: aws_fusion-1.1-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a8c3befc7c13a02127afc0cb6f1b0bf05dadc404b5b8aba0eb8f81323b1da4c4 |
|
| MD5 | b39df89991e161a8c8cfc39e4673aa41 |
|
| BLAKE2b-256 | 0a07dc1ea1f871edc6ab82af99a503dcd661318e38ff3bc0d0fe54015c83167b |
