Skip to main content
Help the Python Software Foundation raise $60,000 USD by December 31st!  Building the PSF Q4 Fundraiser

AWS roles toolkit

Project description

Trustyroles

PyPI version PyPI license

An AWS Roles Toolkit

Trusty Roles is intended to alleviate some of the painpoints I have dealt with in AWS automation leveraging boto3. The first version of this focuses on easily editing the assume role policy document of a role.

Install

pip install trustyroles

Assume Role Policy Update Module

Command Line Tool

arpd_update
usage: arpd_update.py [-h] [-a ARN [ARN ...]] -u UPDATE_ROLE
                      [-m {get,update,remove}] [-e ADD_EXTERNAL_ID] [-r] [-j]
                      [-p] [-s SID]

optional arguments:
  -h, --help            show this help message and exit
  -a ARN [ARN ...], --arn ARN [ARN ...]
                        Add new ARNs to trust policy. Takes a comma-seperated
                        list of ARNS.
  -u UPDATE_ROLE, --update_role UPDATE_ROLE
                        Role for updating trust policy. Takes an role friendly
                        name as string.
  -m {get,update,remove}, --method {get,update,remove}
                        Takes choice of method to get, update, or remove.
  -e ADD_EXTERNAL_ID, --add_external_id ADD_EXTERNAL_ID
                        Takes an externalId as a string.
  -r, --remove_external_id
                        Method for removing externalId condition. Takes no
                        arguments
  -j, --json            Add to print json in get method.
  --backup_policy       Creates a backup of previous policy in current directory
                        as <ISO-time>.policy.bk
  --add_sid ADD_SID     Add a Sid to trust policy. Takes a string.
  --remove_sid          Remove a Sid from a trust policy. Takes no arguments.

Example usage:

Get Policy

arpd_update -m get -u 'test-role' --json

Returns:
{
 "Action": "sts:AssumeRole",  
 "Condition": {},
 "Effect": "Allow",
 "Principal": {
  "AWS": ["arn:aws:iam:::user/test-role"]
 }
}

Using Python Modules

arpd_update

Get Policy

from trustyroles.arpd_update import arpd_update
arpd_update.get_arpd(role_name='test-role')
Returns:
{  
 "Action": "sts:AssumeRole",  
 "Condition": {},
 "Effect": "Allow",
 "Principal": {
  "AWS": ["arn:aws:iam:::user/test-role"]
 }
}

Update Policy ARNS

The update_arn method takes a list of ARNS(arn_list) and a role_name to add to trust policy of suppplied role.

from trustyroles.arpd_update import arpd_update
arpd_update.update_arn(arn_list=["arn:aws:iam:::user/test-role2"], role_name='test-role')

Remove Policy ARNS

The remove_arn method takes a list of ARNS(arn_list) and a role_name to add to trust policy of suppplied role.

from trustyroles.arpd_update import arpd_update
arpd_update.remove_arn(arn_list=["arn:aws:iam:::user/test-role2"], role_name='test-role')

Add ExternalId

The add_external_id method takes an external_id and role_name as strings to allow the addition of an externalId condition.

from trustyroles.arpd_update import arpd_update
arpd_update.add_external_id(external_id='<external_id>', role_name='test-role')

Remove ExternalId

The remove_external_id method takes a role_name as a string to allow the removal of an externalId condition.

from trustyroles.arpd_update import arpd_update
arpd_update.remove_external_id(role_name='test-role')

Add Sid

Add a Sid to trust policy. Takes a string.

from trustyroles.arpd_update import arpd_update
arpd_update.add_sid(role_name='test-role', sid='testRoleId')

Remove Sid

Remove a Sid from a trust policy. Takes no arguments.

from trustyroles.arpd_update import arpd_update
arpd_update.remove_sid(role_name='test-role')

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for trustyroles, version 1.5.7
Filename, size File type Python version Upload date Hashes
Filename, size trustyroles-1.5.7.tar.gz (6.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page