The highest tagged major version is
README
¶
go-aws-auth
Go package providing methods and tools for determining or assigning AWS credentials.
This package targets aws-sdk-go-v2. For similar functionality targeting aws-sdk-go please consult the aaronland/go-aws-session package.
Documentation
Tools
$> make cli
go build -mod vendor -o bin/aws-mfa-session cmd/aws-mfa-session/main.go
go build -mod vendor -o bin/aws-get-credentials cmd/aws-get-credentials/main.go
go build -mod vendor -o bin/aws-set-env cmd/aws-set-env/main.go
aws-get-credentials
aws-get-credentials is a command line tool to emit one or more keys from a given profile in an AWS .credentials file.
$> ./bin/aws-get-credentials -h
Usage of ./bin/aws-get-credentials:
-profile string
A valid AWS credentials profile (default "default")
aws-mfa-session
aws-mfa-session is a command line to create session-based authentication keys and secrets for a given profile and multi-factor authentication (MFA) token and then writing that key and secret back to a "credentials" file in a specific profile section.
$> ./bin/aws-mfa-session -h
Usage of ./bin/aws-mfa-session:
-duration string
A valid ISO8601 duration string indicating how long the session should last (months are currently not supported) (default "PT1H")
-profile string
A valid AWS credentials profile (default "default")
-session-profile string
The name of the AWS credentials profile to update with session credentials (default "session")
For example:
$> ./bin/aws-mfa-session -profile {PROFILE} -duration PT8H
Enter your MFA token code: 123456
2018/07/26 09:47:09 Updated session credentials for 'session' profile, expires Jul 26 17:47:09 (2018-07-27 00:51:52 +0000 UTC)
aws-set-env
aws-set-env is a command line tool to assign required AWS authentication environment variables for a given profile in a AWS .credentials file.
$> ./bin/aws-set-env -h
Usage of ./bin/aws-set-env:
-profile string
A valid AWS credentials profile (default "default")
-session-token
Require AWS_SESSION_TOKEN environment variable (default true)
See also:
Documentation
¶
Overview ¶
package auth provides methods and tools for determining or assigning AWS credentials.
Index ¶
- func CredentialsStringPatterns() []string
- func GetCredentialsWithMFA(cfg aws.Config, token string, duration int32) (*types.Credentials, error)
- func GetCredentialsWithMFAWithContext(ctx context.Context, cfg aws.Config, token string, duration int32) (*types.Credentials, error)
- func NewConfig(ctx context.Context, uri string) (aws.Config, error)
- func NewConfigWithCredentialsString(ctx context.Context, str_creds string) (aws.Config, error)
- type Credentials
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CredentialsStringPatterns ¶ added in v1.1.0
func CredentialsStringPatterns() []string
CredentialsStringPatterns() returns the list of valid credential strings patterns.
func GetCredentialsWithMFA ¶
func GetCredentialsWithMFA(cfg aws.Config, token string, duration int32) (*types.Credentials, error)
GetCredentialsWithMFA will return a time-limited AWS credentials (defined by 'duration') for the account associated with 'cfg' a valid multi-factor authentication (MFS) token defined by 'token'.
func GetCredentialsWithMFAWithContext ¶
func GetCredentialsWithMFAWithContext(ctx context.Context, cfg aws.Config, token string, duration int32) (*types.Credentials, error)
GetCredentialsWithMFAWithContext will return a time-limited AWS credentials (defined by 'duration') for the account associated with 'cfg' a valid multi-factor authentication (MFS) token defined by 'token' using a custom `context.Context` instance.
func NewConfig ¶ added in v1.1.0
NewConfig() returns a new `aws.Config` derived from 'uri' which is expected to be configured in the form of:
aws://{AWS_REGION}?credentials={CREDENTIALS_STRING}
Where {AWS_REGION} is a valid AWS region name and {CREDENTIALS_STRING} is a string in the form of:
`anon:` Use anonymous credentials
`env:` Use credentials derived from "AWS_" environment variables
`iam:` Use IAM credentials
`{PROFILE}` Use a specific profile defined by {PROFILE} from the default credentials file
`{PATH}:{PROFILE}` Use a specific profile definied by {PROFILE} from the credentials file defined by {PATH}
`static:{KEY}:{SECRET}:{TOKEN}` Read credentials as positional elements in a string
`` If credentials are passed as an empty string then use default credentials strategy defined by `aws-sdk-go-v2`
func NewConfigWithCredentialsString ¶ added in v1.1.0
NewConfigWithCredentialsString() returns a new `aws.Config` derived from 'str_creds' which is expected to be passed in as one of the following:
`anon:` Use anonymous credentials
`env:` Use credentials derived from "AWS_" environment variables
`iam:` Use IAM credentials
`{PROFILE}` Use a specific profile defined by {PROFILE} from the default credentials file
`{PATH}:{PROFILE}` Use a specific profile definied by {PROFILE} from the credentials file defined by {PATH}
`static:{KEY}:{SECRET}:{TOKEN}` Read credentials as positional elements in a string
`` If credentials are passed as an empty string then use default credentials strategy defined by `aws-sdk-go-v2`
Types ¶
type Credentials ¶
type Credentials struct {
// Path is the path to the credentials file on disk
Path string
// contains filtered or unexported fields
}
type Credentials defines a struct for encapsulating information about an .ini style AWS credentials file
func NewCredentials ¶
func NewCredentials() (*Credentials, error)
NewCredentials will iterate through the list of default shared credentials files locations and return a new `Credentials` instance for the first match that can be successfully opened and parsed as a .ini-style config file.
func (*Credentials) AWSConfigWithProfile ¶
AWSConfigWithProfile will return a new `aws.Config` instance for the profile matching 'profile' in 'c'. This method also assumes that AWS region information is stored in a "region" key inside a "default" section block of the underlying AWS credentials file.
func (*Credentials) SetSessionCredentialsWithProfile ¶
func (c *Credentials) SetSessionCredentialsWithProfile(ctx context.Context, profile string, creds *types.Credentials) error
SetSessionCredentialsWithProfile will write AWS credentials information derived from 'creds' to a block labeled after 'profile' to the the underlying AWS credentials file.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
aws-get-credentials
command
aws-get-credentials is a command line tool to emit one or more keys from a given profile in an AWS .credentials file.
|
aws-get-credentials is a command line tool to emit one or more keys from a given profile in an AWS .credentials file. |
|
aws-mfa-session
command
aws-mfa-session is a command line to create session-based authentication keys and secrets for a given profile and multi-factor authentication (MFA) token and then writing that key and secret back to a "credentials" file in a specific profile section.
|
aws-mfa-session is a command line to create session-based authentication keys and secrets for a given profile and multi-factor authentication (MFA) token and then writing that key and secret back to a "credentials" file in a specific profile section. |
|
aws-set-env
command
aws-set-env is a command line tool to assign required AWS authentication environment variables for a given profile in a AWS .credentials file.
|
aws-set-env is a command line tool to assign required AWS authentication environment variables for a given profile in a AWS .credentials file. |
|
aws-sign
command
|