Creates and Opens an AWS console login URL in a Browser
Project description
AWS Console URL
Generates and launches an AWS console login URL in a new tab for the default browser.
Installation
pip install awsconsurl
- This installs boto3 and Python requests. Consider you may prefer either a local installation or a virtual environment.
Basic Command
In basic usage:
# consurl
This will use your default
AWS profile (from ~/.aws/credentials) to launch a console window in your default browser.
The -h or --help prints the command arguments summary and exits. Note that the help message includes the defaults as expressed in the current environment. Example:
$ consurl -h
usage: consurl [-h] [-V] [-v] [-p PROFILE] [-o] [-a] [-s SHORT_ROLE_NAME]
[-r ROLE_ARN] [-n NAME] [-d DURATION]
Open AWS Console in a Browser
optional arguments:
-h, --help show this help message and exit
-V, --version Print version and exit.
-v, --verbose Verbose output [False]
-p PROFILE, --profile PROFILE
Specify AWS profile [default]
-o, --output Only Print the URL [False]
-a, --assume-role Assume role first [False]
-s SHORT_ROLE_NAME, --short-role-name SHORT_ROLE_NAME
Specify role name to assume [DefaultConsoleRole]
-r ROLE_ARN, --role-arn ROLE_ARN
(optonal) full arn to assume [None]
-n NAME, --name NAME Session name for assume role [rkras-rkmbp.sunyocc.edu]
-d DURATION, --duration DURATION
Specify session duration [3600 Sec]
-------------------------
The -V or --version prints the version information and exits.
The -v or --verbose flag prints debug output to stderr as the URL is created.
The -o or --output flag outputs the created console login URL to stdout, and does not launch the URL in the users browser.
The -p or --profile arguments specify a configured aws profile to use with the command, described below.
The Remainder of the command arguments relate to (assuming a role and are described below.](README.md#Assuming_Roles)
Selecting Credentials
consurl uses the AWS boto3 library, and so includes the same basic behavior as awscli in using the AWS credentials
file.
consurl will use the profile named in AWS_PROFILE environment varaible, or AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. If no environment varailbes are set, consurl will used configured default profile.
A specific profile can be selected with the -p profilename> or --profile profilename command arguments. This is probably the most important switch for general use.
# consurl -p sandboxcreds
The credentials profile named [sandboxcreds] will be used to launch the AWS console.
These credentials will be used to obtain a console login token and a console login URL is created and used to launch the AWS console.
Assuming Roles
consurl is useful to open a console session with an assumed role. This can, with the correct iam permissions, launch a console in a different account than the users credentials.
If you would like to assume a role, and use that roles temporary credentials for the console, use the -a or --assume-role command switch.
consurl will assume the role defined in AWS_ROLE_ARN environment variable containing the full ARN (Amazon Resource Name) for the role.
To override this use either the -r role-arn or --role-arn role-arn switch to specify the role. This is the best methond for assuming cross-account roles:
# consurl --assume-role --role-arn arn:aws:iam::123456789012:role/MyFavoriteRole
Alternatively, you can use the -s short-role-name or --short-role-name short-role-name switch. We define the short role name as the non-ARN name of the role. The full ARN is generated for the AWS account of the users credentials.
# consurl --assume-role -s MyFavoriteRole
For credentials from account 123456789012 will create the role ARN arn:aws:iam::123456789012:role/MyFavoriteRole
If --assume-role flag is used, but neither switches nor environment strings define a role ARN, one is created with the name DefaultConsoleRole in the account of the users credentials, and consurl attempts to assume that role.
If no --assume-role flag is used, but either --role-arn or --short-role-name are specified consurl will attempt to assume the role only if it is using iam credentials (i.e. the session isn't already running an assumed role or temporary credentials.)
For assumed roles session name is retrieved from the AWS_ROLE_SESSION_NAME environment variable, but this can be overriden with the -n session-name> or --name session-name> switch. If neither are specified a default is formed as [username]-[hostname]
# consurl -a -s ITSRole -n "alice@example.org"
This results in an assumed role user of arn:aws:sts::123456789012:assumed-role/ITSRole/alice@example.org - which can assure a consistent principle to use in IAM policies.
The -d seconds or --duration seconds switch provide the duration in Seconds for the assumed role to be valid, with the default of 3600 seconds. For Assumed roles the maximum is set in the IAM role.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for awsconsurl-24.4.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 531b3692c6bce7b4eb80067987e5bbf75ab2484eb5355c91f84a7b6aa800d558 |
|
MD5 | 2dea18e4889a44f060527defaecb8453 |
|
BLAKE2b-256 | fbabb78a9544427f2209487c5686505e511729b093b6fb58304abf74a2e67287 |