Manage AWS Security Token Service (STS)
Project description
awsgen
awsgen is the software that manage AWS Security Token Service (STS) and enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). For more detailed information about using this service, go to Temporary Security Credentials.
Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
Prerequisites
You will need to have python and pip installed on your machine.
On Linux (Debian/Ubuntu)
$ sudo apt-get install python python-pip -y
Right after having it installed you'll need to get aws-cli and aws-gen.
$ sudo pip install awscli awsgen --upgrade --no-cache-dir
On Windows
For install python go to Python.org
Right after having it installed you'll need to get aws-cli and aws-gen.
> pip install awscli awsgen --upgrade --no-cache-dir
On MacOS (under construction)
Please add instructions here
Installing
First you need to create an account with aws (please go to Amazon Website)
Go to the terminal and create a new AWS profile using the following command:
$ aws-gen configure \
--account AWS_ACCOUNT \
--trust-role-arn TRUSTROLEARN \
--access-key-id AWS_ACCESS_KEY_ID \
--secret-access-key AWS_SECRET_ACCESS_KEY
Parameters:
AWS_ACCOUNT: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.TRUSTROLEARN: Role you need to create with a Superadmin user allowing you do whatever you need. This role will give the properly permissions to run builds, create/update/delete cloudformation, create new services on AWS, etc.AWS_ACCESS_KEY_ID: stands for the access key you will get once you create a user.AWS_SECRET_ACCESS_KEY: stands for the secret key you will have once you create your user.
After configuring it, you need to create a profile:
$ aws-gen create-profile \
--account AWS_ACCOUNT \
--profile AWS_PROFILE \
--region-name AWS_REGION \
--output AWS_OUTPUT
Parameters:
AWS_REGION: stands for the region you mostly use on your account, where your infrastructure relies.AWS_OUTPUT: We usually use JSON as output format, but there are other options you can explore.AWS_PROFILE: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
Using
Generating an authenticaded AWS console link
If you need to access the AWS Console using the TRUSTROLEARN role, please do the following:
$ aws-gen get-link --account AWS_ACCOUNT --profile AWS_PROFILE
Parameters:
AWS_ACCOUNT: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.AWS_PROFILE: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
Generating temporary AWS Access key
If you need to access the AWS using access key over the TRUSTROLEARN role, please do the following:
$ aws-gen get-key --account AWS_ACCOUNT --profile AWS_PROFILE
Parameters:
AWS_ACCOUNT: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.AWS_PROFILE: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
Output:
AWS_ACCESS_KEY_ID: The access key ID that identifies the temporary security credentials.AWS_SECRET_ACCESS_KEY: The secret access key that can be used to sign requests.AWS_SESSION_TOKEN: The token that users must pass to the service API to use the temporary credentials.
Setting active profile
If you need active profile default, please do the following:
$ aws-gen set-active-profile --profile AWS_PROFILE
Parameters:
AWS_PROFILE: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
Getting active profile
If you need get active profile, please do the following:
$ aws-gen get-active-profile
Listing profiles
If you need list profiles, please do the following:
$ aws-gen list-profiles
Deploying with Serverless
Doing the deploy with Serverless should be pretty simple and you need to use the --aws-profile parameter
$ sls deploy --aws-profile AWS_PROFILE
Using aws cli
Doing the use with aws cli should be pretty simple and you need to use the --profile parameter
$ aws s3 ls --profile AWS_PROFILE
Step-by-step example
Here is an example of how it should look like during the installing:
$ sudo apt-get install python python-pip -y
$ sudo pip install awscli awsgen --upgrade --no-cache-dir
$ aws-gen configure \
--account brand-project \
--trust-role-arn arn:aws:iam::123456789123:role/AWSTrustUserRole \
--access-key-id AK***************KQ \
--secret-access-key Y*********************0*******P*******S
$ aws-gen create-profile \
--account brand-project \
--profile aboscatto@brand-project \
--region-name us-west-2 \
--output json
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Versioning
We use GitHub for versioning. For the versions available, see the tags on this repository.
Authors
- Marcos Vallim - Initial work, Test, Documentation - mvallim
- André Boscatto - Validation use, Test, Documentation - andreboscatto
- Kalianne Rosa - Validation use, Test - kaliannerosa
- Daniel Nunes - Validation use, Test - daspn
See also the list of contributors who participated in this project.
License
This project is licensed under the BSD License - see the LICENSE file for details
Acknowledgments (under construction)
- Hat tip to anyone whose code was used
- Inspiration
- etc
Code of Conduct
Everyone interacting in the awsgen project's codebases, issue trackers, chat rooms, and mailing lists is expected to follow the PyPA Code of Conduct.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file awsgen-0.0.16.tar.gz.
File metadata
- Download URL: awsgen-0.0.16.tar.gz
- Upload date:
- Size: 10.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4517ea89f666a01b98a9d193d08ee6b3adad1ecd67f09fd03c49f8ce30e38db8 |
|
| MD5 | b9190a998fbc93bc0e0b1a0c4a0402b8 |
|
| BLAKE2b-256 | 5e066559c4455d00fd9ea93ebba2001468327b964dc9efe1a2c02eea6e81322c |
File details
Details for the file awsgen-0.0.16-py2.py3-none-any.whl.
File metadata
- Download URL: awsgen-0.0.16-py2.py3-none-any.whl
- Upload date:
- Size: 15.6 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | aead304cb911bbb323dfcf5dc59400d6db9dbfbe6195844ab150da71659e4c3a |
|
| MD5 | e4c7ab7ac3f01509642a324f5b0f5fd6 |
|
| BLAKE2b-256 | 8c4802125bf3448f7ec7c11050ec40ca81e4cc999ca9676c12a46977503d5d6b |
