awscli_bastion extends the awscli by managing mfa protected short-lived credentials.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aidan-melen from gravatar.com aidan-melen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT license)
  • Author: Aidan Melen
  • Tags awscli_bastion
  • Requires: Python >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*
Classifiers

Project description

awscli_bastion

https://img.shields.io/pypi/v/awscli_bastion.svg https://img.shields.io/travis/aidanmelen/awscli_bastion.svg Documentation Status Updates

awscli_bastion extends the awscli by managing mfa protected short-lived credentials.

Install

$ pip install awscli_bastion

Configure

~/.aws/credentials:

# (required) aws bastion profiles

[bastion] # these are fake credentials
aws_access_key_id = ASIA554SXDVIHKO5ACW2
aws_secret_access_key = VLJQKLEqs37HCDG4HgSDrxl1vLNrk9Is8gm0VNfA

[bastion-sts]
mfa_serial = arn:aws:iam::123456789012:mfa/aidan-melen
credential_process = bastion get-session-token
source_profile = bastion


# (optional) aws assume role profiles

[dev]
role_arn = arn:aws:iam::234567890123:role/admin
source_profile = bastion-sts

[stage]
role_arn = arn:aws:iam::345678901234:role/poweruser
source_profile = bastion-sts

[prod]
role_arn = arn:aws:iam::456789012345:role/spectator
source_profile = bastion-sts

~/.aws/config:

[default]
region = us-west-2
output = json

Usage

Run awscli commands normally and the bastion credential_process will handle the rest:

$ aws sts get-caller-identity --profile dev
{
    "UserId": "AAAAAAAAAAAAAAAAAAAAA:botocore-session-1234567890",
    "Account": "123456789012",
    "Arn": "arn:aws:sts::234567890123:assumed-role/admin/botocore-session-1234567890"
}

$ aws sts get-caller-identity --profile stage
{
    "UserId": "BBBBBBBBBBBBBBBBBBBBB:botocore-session-2345678901",
    "Account": "345678901234",
    "Arn": "arn:aws:sts::345678901234:assumed-role/poweruser/botocore-session-2345678901"
}

$ aws sts get-caller-identity --profile prod
{
    "UserId": "CCCCCCCCCCCCCCCCCCCCC:botocore-session-3456789012",
    "Account": "456789012345",
    "Arn": "arn:aws:sts::456789012345:assumed-role/spectator/botocore-session-3456789012"
}

Renew the bastion credentials cache:

$ bastion get-session-token --mfa-code 123456

Replace default profile with assume_role profile:

$ bastion set-default dev
updating the default profile with the dev profile

Reset the bastion credentials cache:

$ bastion reset-cache

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

History

0.1.0 (2019-09-13)

  • First release on PyPI.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aidan-melen from gravatar.com aidan-melen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT license)
  • Author: Aidan Melen
  • Tags awscli_bastion
  • Requires: Python >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*
Classifiers

Release history Release notifications | RSS feed

0.9.6

0.9.5

0.9.4

0.9.3

0.9.1

0.9.0

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.1

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awscli_bastion-0.2.0.macosx-10.14-x86_64.tar.gz (6.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page