README
¶
awstools
A few helpful AWS tools.
NAME:
awstools - AWS tools
USAGE:
awstools [global options] command [command options] [arguments...]
VERSION:
0.13.2
COMMANDS:
assume assume role on a specified account
accounts print known accounts
ec2 print EC2 instances and ELBs
cloudformation, cf print CloudFormation stacks information
rotate-main-account-key, r create a new access key for main account and delete the current one
dynamodb, ddb dynamodb commands
kms encrypt/decrypt text
kinesis print records from kinesis streams
cloudwatch, cw search in cloudwatch logs
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--config value, -c value path to config.toml file (default: ~/.config/awstools/config.toml)
--no-color turn off color output
--help, -h show help
--version, -v print the version
Note
Consider also awscredx if you are mostly interested in role assumption.
Install
We provide binaries for all releases through GitHub. The latest release is 0.13.2.
To install awstools choose the binary for your architecture (either OSX or Linux), run a download and use chmod to make it executable.
OSX
On Mac you can use Homebrew to install the binary:
$ brew tap sam701/awstools
$ brew install awstools
Linux
$ curl -o awstools -SsL https://github.com/sam701/awstools/releases/download/0.13.2/awstools_linux_amd64
$ chmod +x awstools
Build
Export reqired environment variables:
export GOPATH=$HOME/goprojects
export PATH=$PATH:$GOPATH/bin
Install awstools:
go get -u github.com/sam701/awstools
Configuration
The default path to the configuration file is $HOME/.config/awstools/config.toml.
Here is an example of a config.toml:
defaultRegion = "eu-west-1"
defaultKmsKey = "arn:aws:kms:eu-west-1:000000000001:key/00000000-1111-1111-2222-333333333333"
# Rotate the main account access key every week
keyRotationIntervalMinutes = 10080
# Reuse current credentials, if they are valid for at least 10 minutes.
reuseCredentialsIfValidForMinutes = 10
[profiles]
mainAccount = "main_account"
mainAccountMfaSession = "main_account_mfa_session"
[accounts]
main = "000000000001"
dev = "000000000002"
prod = "000000000003"
profilessection contains profile names that will be saved in$HOME/.aws/credentials.accountssection contains account ids and its names.
Add to your .bash_profile
aws_assume(){
tmpFile=/tmp/assume.tmp
awstools assume --export $tmpFile --export-profile $@ && source $tmpFile
rm $tmpFile
}
or to your ~/.config/fish/config.fish
function aws_assume
set tmp /tmp/aws_assume.tmp
awstools assume --export $tmp --export-profile $argv; and source $tmp
rm $tmp
end
--export-profile flag tells awstools to print only AWS_PROFILE instead of printing AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN variables.
This will become the default behavior later.
Now in order to assume a role on a subaccount, you can run something like this
aws_assume AccountName MyRoleOnSubAccount
Required IAM permissions
AssumeRole
For assuming a role in another account awstools needs the following permissions:
iam:GetUseriam:ListAccessKeys
Note: awstools is using the MFA authenticated sessions for operations on your AWS access key.
Access Key Rotation
For rotating access keys on the relevant account awstools needs the following permissions:
iam:GetUseriam:CreateAccessKeyiam:DeleteAccessKeyiam:ListAccessKeysiam:UpdateAccessKey
Note: awstools is using the MFA authenticated sessions for operations on your AWS access key.
License
This project is licensed under the MIT license. You can find a copy of the license at the top level of the repository.
Documentation
¶
There is no documentation for this package.
Source Files
Directories