Execute AWS CLI commands after assuming role
Project description
Execute AWS CLI commands after assuming role
Prerequisite
Python 3.6 or above
AWS CLI or equivalent AWS supported CLI
Install
Install using pip
$ pip install awsassume
Install using setup script
$ python setup.py install
Usage
usage: awsassume [-h] -a ROLE_ARN -n ROLE_SESSION_NAME [--no-cache]
[-r REGION] [-c COMMAND [COMMAND ...]]
Execute AWS CLI commands after assuming role
optional arguments:
-h, --help show this help message and exit
--no-cache Disable caching of the assumed role response
-r REGION, --region REGION
The region to be associated with the client
-c COMMAND [COMMAND ...], --command COMMAND [COMMAND ...]
The AWS CLI command to execute after assuming role
required arguments:
-a ROLE_ARN, --role-arn ROLE_ARN
The ARN of the role to assume
-n ROLE_SESSION_NAME, --role-session-name ROLE_SESSION_NAME
An identifier for the assumed role session
Caching
By default, the assumed role response will be cached to ~/.awsassume/cache and used until it expires. The cache will expire one hour after the assume role request is successful.
If caching of the assumed role response is undesirable, use the --no-cache flag to disable caching of the assumed role response.
Example
$ awsassume -a arn:aws:iam::0123456789012:role/assume_role_test -n sessionname --no-cache
Region
The -r or --region option can be used to set the AWS_DEFAULT_REGION environment variable.
Example
$ awsassume -a arn:aws:iam::0123456789012:role/assume_role_test -n sessionname -r ap-southeast-1
Command
The -c or --command option can be used to pass the AWS CLI that is to be executed after successfully assuming role. The command will be executed with the following environment variables set to the credentials returned by the assumed role response.
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
AWS_DEFAULT_REGION (only if the -r or --region option is set)
Example
$ awsassume -a arn:aws:iam::0123456789012:role/assume_role_test -n sessionname -c aws s3 ls
If the -c or --command option is omitted, the output of the program can be evaluated to export the following environment variables to the current shell.
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
AWS_DEFAULT_REGION (only if the -r or --region option is set)
Example
$ `awsassume -a arn:aws:iam::0123456789012:role/assume_role_test -n sessionname`
Development
Clone the repository
$ git clone https://github.com/zulhilmizainuddin/aws-assume.git
Create and activate virtual environment
$ python -m venv ./venv $ source ./venv/bin/activate
Install into development environment
$ python setup.py develop
Run unit test with pytest
$ python setup.py test
Run typing checking with mypy
$ mypy awsassume
Publishing to PyPI
Create source and binary distribution
$ python setup.py sdist bdist_wheel
Upload to PyPI
$ twine upload dist/*
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file awsassume-0.1.1.tar.gz.
File metadata
- Download URL: awsassume-0.1.1.tar.gz
- Upload date:
- Size: 6.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c1e1dacfd9e9e7de745d3b12bf41a9ceb70bfce6b3c9f879d7c44ca045cfcf23 |
|
| MD5 | 0e7dc320b31aba7bac29512272a67bd6 |
|
| BLAKE2b-256 | c2cb4cbc3e674877d2b204b8f05241da8d83a57679f3cbedfe8439e2e6ee2dc4 |
File details
Details for the file awsassume-0.1.1-py3-none-any.whl.
File metadata
- Download URL: awsassume-0.1.1-py3-none-any.whl
- Upload date:
- Size: 12.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f8c342c955382f374826413610206140fe00b87c050d8f99b8cc730257076968 |
|
| MD5 | 1617d4a7ebc0448bb6f11f949e67bc62 |
|
| BLAKE2b-256 | fd83642b6c19498ff4fa7d25afc7caa0b91f2c2e3396881b48277c89faff8b6d |
