AWS roles toolkit
Project description
Trustyroles
An AWS Roles Toolkit
Trusty Roles is intended to alleviate some of the painpoints I have dealt with in AWS automation leveraging boto3. The first version of this focuses on easily editing the assume role policy document of a role.
Install
pip install trustyroles
Assume Role Policy Update Module
Command Line Tool
arpd_update
usage: arpd_update.py [-h] [-a ARN [ARN ...]] -u UPDATE_ROLE
[-m {get,update,remove}] [-e ADD_EXTERNAL_ID] [-r] [-j]
[-p] [-s SID]
optional arguments:
-h, --help show this help message and exit
-a ARN [ARN ...], --arn ARN [ARN ...]
Add new ARNs to trust policy. Takes a comma-seperated
list of ARNS.
-u UPDATE_ROLE, --update_role UPDATE_ROLE
Role for updating trust policy. Takes an role friendly
name as string.
-m {get,update,remove}, --method {get,update,remove}
Takes choice of method to get, update, or remove.
-e ADD_EXTERNAL_ID, --add_external_id ADD_EXTERNAL_ID
Takes an externalId as a string.
-r, --remove_external_id
Method for removing externalId condition. Takes no
arguments
-j, --json Add to print json in get method.
--backup_policy Creates a backup of previous policy in current directory
as <ISO-time>.policy.bk
--add_sid ADD_SID Add a Sid to trust policy. Takes a string.
--remove_sid Remove a Sid from a trust policy. Takes no arguments.
Example usage:
Get Policy
arpd_update -m get -u 'test-role' --json
Returns:
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam:::user/test-role"]
}
}
Using Python Modules
arpd_update
Get Policy
from trustyroles.arpd_update import arpd_update
arpd_update.get_arpd(role_name='test-role')
Returns:
{
"Action": "sts:AssumeRole",
"Condition": {},
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam:::user/test-role"]
}
}
Update Policy ARNS
The update_arn method takes a list of ARNS(arn_list) and a role_name to add to trust policy of suppplied role.
from trustyroles.arpd_update import arpd_update
arpd_update.update_arn(arn_list=["arn:aws:iam:::user/test-role2"], role_name='test-role')
Remove Policy ARNS
The remove_arn method takes a list of ARNS(arn_list) and a role_name to add to trust policy of suppplied role.
from trustyroles.arpd_update import arpd_update
arpd_update.remove_arn(arn_list=["arn:aws:iam:::user/test-role2"], role_name='test-role')
Add ExternalId
The add_external_id method takes an external_id and role_name as strings to allow the addition of an externalId condition.
from trustyroles.arpd_update import arpd_update
arpd_update.add_external_id(external_id='<external_id>', role_name='test-role')
Remove ExternalId
The remove_external_id method takes a role_name as a string to allow the removal of an externalId condition.
from trustyroles.arpd_update import arpd_update
arpd_update.remove_external_id(role_name='test-role')
Add Sid
Add a Sid to trust policy. Takes a string.
from trustyroles.arpd_update import arpd_update
arpd_update.add_sid(role_name='test-role', sid='testRoleId')
Remove Sid
Remove a Sid from a trust policy. Takes no arguments.
from trustyroles.arpd_update import arpd_update
arpd_update.remove_sid(role_name='test-role')
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file trustyroles-1.5.7.tar.gz.
File metadata
- Download URL: trustyroles-1.5.7.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/44.0.0 requests-toolbelt/0.9.1 tqdm/4.41.1 CPython/3.8.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
37ff3573c343604b4e27868577fff2057bc50cacc8cfb3c97dc699d9757cbf2b
|
|
| MD5 |
396d913963f9bc49b3de9b5bd677c071
|
|
| BLAKE2b-256 |
d30336740265c554b69832b1001927538e237b2ab876fcaea390c20db610a88a
|
