Name: awstools
Owner: AutoScout24
Owner: AutoScout24
Description: A few helpful AWS tools written in Go
Forked from: sam701/awstools
Created: 2017-08-29 15:18:32.0
Updated: 2017-08-29 15:18:34.0
Pushed: 2017-12-12 15:40:08.0
Size: 87
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
:
wstools - AWS tools
E:
wstools [global options] command [command options] [arguments...]
ION:
.13.1
ANDS:
assume assume role on a specified account
accounts print known accounts
ec2 print EC2 instances and ELBs
cloudformation, cf print CloudFormation stacks information
rotate-main-account-key, r create a new access key for main account and delete the current one
dynamodb, ddb dynamodb commands
kms encrypt/decrypt text
kinesis print records from kinesis streams
cloudwatch, cw search in cloudwatch logs
help, h Shows a list of commands or help for one command
AL OPTIONS:
-config value, -c value path to config.toml file (default: ~/.config/awstools/config.toml)
-no-color turn off color output
-help, -h show help
-version, -v print the version
We provide binaries for all releases through GitHub. The latest release is 0.13.1.
To install awstools
choose the binary for your architecture (either OSX or Linux), run a download and use chmod
to make it executable.
On Mac you can use Homebrew to install the binary:
ew tap sam701/awstools
ew install awstools
rl -o awstools -SsL https://github.com/sam701/awstools/releases/download/0.13.1/awstools_linux_amd64
mod +x awstools
Export reqired environment variables:
rt GOPATH=$HOME/goprojects
rt PATH=$PATH:$GOPATH/bin
Install glide.
Install awstools
:
et -d -u github.com/sam701/awstools
GOPATH/src/github.com/sam701/awstools
e install
nstall
The default path to the configuration file is $HOME/.config/awstools/config.toml
.
Here is an example of a config.toml
:
ultRegion = "eu-west-1"
ultKmsKey = "arn:aws:kms:eu-west-1:000000000001:key/00000000-1111-1111-2222-333333333333"
tate the main account access key every week
otationIntervalMinutes = 10080
use current credentials, if they are valid for at least 10 minutes.
eCredentialsIfValidForMinutes = 10
files]
Account = "main_account"
AccountMfaSession = "main_account_mfa_session"
ounts]
= "000000000001"
= "000000000002"
= "000000000003"
profiles
section contains profile names that will be saved in $HOME/.aws/credentials
.accounts
section contains account ids and its names.Add to your .bash_profile
assume(){
tmpFile=/tmp/assume.tmp
awstools assume --export $tmpFile --export-profile $@ && source $tmpFile
rm $tmpFile
or to your ~/.config/fish/config.fish
tion aws_assume
set tmp /tmp/aws_assume.tmp
awstools assume --export $tmp --export-profile $argv; and source $tmp
rm $tmp
--export-profile
flag tells awstools
to print only AWS_PROFILE
instead of printing AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
and AWS_SESSION_TOKEN
variables.
This will become the default behavior later.
Now in order to assume a role on a subaccount, you can run something like this
assume AccountName MyRoleOnSubAccount
For assuming a role in another account awstools
needs the following permissions:
iam:GetUser
iam:ListAccessKeys
Note: awstools
is using the MFA authenticated sessions for operations on your AWS access key.
For rotating access keys on the relevant account awstools
needs the following permissions:
iam:GetUser
iam:CreateAccessKey
iam:DeleteAccessKey
iam:ListAccessKeys
iam:UpdateAccessKey
Note: awstools
is using the MFA authenticated sessions for operations on your AWS access key.
This project is licensed under the MIT license. You can find a copy of the license at the top level of the repository.