Skip to main content

Switching between multiple AWS accounts & renewing API access keys

Project description

PyPI

This package provides tools for AWS platform, such as:

  • switching between multiple accounts
  • renewing API access keys

and others.

The main reason why aws-tools came to be, was using awscli with different access keys in the secure and easy way.

Switching between AWS accounts:

$ awsenv test
<test> $ aws s3 ls
...list of S3 objects on TEST environment...

### Explanation:
### <test> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=w0bM0rucARITPOUpcyAaX3iI9lGjJo7g8UUCUxIv
### AWS_ACCESS_KEY_ID=AKIAJPVK7VGH6CBZT5EQ
### AWS_ENV=test

<test> $ awsenv prod
<prod> $ aws s3 ls
...list of S3 objects on PROD environment...

### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod

Renewing AWS API access keys:

$ awsenv prod

### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod

<prod> $ awsroll prod
Rolled key for env prod: AccessKeyId=****************ZKQFQ; CreateDate=2018-11-14 13:10:04+00:00
<prod> $ awsenv prod

### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=napb9J2RKzsSiTIjLRavN09qIfFzrMo7846zr2ou
### AWS_ACCESS_KEY_ID=AKIAJTGB6EFV7F4ZKQFQ
### AWS_ENV=prod

Getting started

Prerequisites:

aws-tools requires gpg (version >= 2.X) to decrypt/encrypt your AWS credentials.

Install necessary packages, and generate a new key pair:

$ sudo apt-get install gpg gpg-agent
$ gpg --gen-key
This document covers only gpg commands required to run aws-tools! If you need to use other gpg parameters, go to gpg documentation.

Configure your region using awscli if you haven’t done that yet:

$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: eu-west-1
Default output format [None]:
Do not provide any keys here!

Installation

Simply run:

$ pip install --user aws-tools

Configuration

AWS Credentials

In ~/.aws directory create temporary env.<environment>.conf file for each AWS environment.

For example, if you have 3 AWS environments: TEST, STAGE and PROD, there should be 3 config files in ~/.aws directory:

env.test.conf
env.stage.conf
env.prod.conf

Edit each file:

[default]
aws_access_key_id = <your_environment_specific_access_key_id>
aws_secret_access_key = <your_environment_specific_secret_access_key>

Encrypt each file with gpg:

$ gpg --encrypt --armor --output env.<environment>.conf.asc -r <your-gpg-user-id-name> env.<environment>.conf

and remove temporary env.*.conf files!

Run gpg -K to find out what is your <your-gpg-user-id-name>

Shell

aws-tools comes with handy command completion and bash prompt features. Simply add to your ~/.bashrc:

source $HOME/.local/bin/aws_tools_completion.bash 2>/dev/null
export PS1="\$(__awsenv_ps1 2>/dev/null)${PS1}"

SMTP credentials (optional)

This step is helpful if you want to send renewed AWS access keys to an email.

In ~/.aws directory create temporary smtp.cfg file.

Edit smtp settings:

smtplogin = <your_full_smtp_login>
smtppass = <your_password>
smtphost = <smtp_host>
smtpport = <smtp_port>

Encrypt config file with gpg:

$ gpg --encrypt --armor --output smtp.cfg.asc -r <your-gpg-user-id-name> smtp.cfg

and remove temporary smtp.cfg file!

Usage

Examples

Autocompletion:

$ awsenv<TAB><TAB>
prod stage test

Use TEST access keys:

$ awsenv test

Unset AWS access keys for current shell:

$ awsenv unset

Rotate PROD access keys:

$ awsroll prod

Rotate access keys for all environments:

$ awsroll

Rotate access keys for all environments using gpg agent, and send them to the email:

$ aws-roll-keys.py -a -e all -s <email@domain.org>

Rotate access keys for TEST environment and send info to the email:

$ aws-roll-keys.py -e test -i <email@domain.org>

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
aws_tools-1.1.3-py2.py3-none-any.whl (11.7 kB) Copy SHA256 hash SHA256 Wheel py2.py3
aws-tools-1.1.3.tar.gz (11.1 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page