AWS temporary keys fetcher - simple command-line tool to fetch temporary aws credentials and stores them in your configs so that third party that require actual access keys can work with them.
Project description
Fetching AWS IAM permissions
Introduction
Working with AWS, you typically has access to an ever-growing number of accounts and it is not advisable to create (IAM) users plus associated access keys in each of them.
Hence, you either work with AWS SSO, federated authentication, or you work with a central landing zone, and from there you assume roles in the account you want to work with.
However, some applications (in this case the Redshift JDBC driver) expects real access keys for a particular profile, in order to make use of temporary database credentials.
A well beloved tool for federated authentication does exist, but if you use native AWS authentication I couldn't find it.
This is a very simple tool that fetches temporary access keys for a particular profile and stores them in your ~/.aws/credentials file. So run the command, and refer to your profile (followed by -tmp).
Usage
Usage is pretty simple, you need to know the (working!) aws profile name for which you want to fetch temporary credentials.
The role_arn is read from the profile and temporary credentials are retrieved, and written to ~/.aws/credentials with the same profile name, followed by -tmp.
$ aws-tmp-keys-fetcher --profile my-profile
Use profile my-profile with role arn:aws:iam::1111111111:role/MY_ROLE_NAME
Enter MFA code for arn:aws:iam::0000000000000:mfa/pietje.puk:
Temporary credentials written to /Users/pietjepuk/.aws/credentials with profile my-profile-tmp
If you want to use the output to set environment variables, you can show the output and if desired use command substition to initialize your shell with it.
$ aws-tmp-keys-fetcher -p my-profile --show
AWS_ACCESS_KEY_ID=XXXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYY
AWS_SESSION_TOKEN=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
# Use command substitution to load these values into your environment
$ $(aws-tmp-keys-fetcher -p my-profile --show)
$ env | grep -i aws
AWS_ACCESS_KEY_ID=XXXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYY
AWS_SESSION_TOKEN=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
or if you want to remove these credentials from your environment:
$ aws-tmp-keys-fetcher --reset
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
$ $(aws-tmp-keys-fetcher --reset)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-tmp-keys-fetcher-0.0.5.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c690503c189a56ffbec96267cb8f0ae3015b7c8f0f52c4991e1e4bcf587d2c09 |
|
| MD5 | f1b3290a1d2a682a97c0785d39aa19f1 |
|
| BLAKE2b-256 | 02ae34bd43f99e755e408b5c650eddf8ffc32ab96620ba5eb5f4c92ed415779f |
Hashes for aws_tmp_keys_fetcher-0.0.5-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d14e2b8ca7b5cf9ae85e7a34cecc9913bc8f758391c29f30e4b4787e99fd2099 |
|
| MD5 | a544580ffe93a876165574a8b0febe1d |
|
| BLAKE2b-256 | a0397bd82787bd5d1ece8abdf14a36a8b5b25bea936dc9e32d53655c722e82d5 |
