search

kreuzwerker / awsu

Enhanced account switching for AWS, supports Yubikey as MFA source
GNU General Public License v3.0
175 stars 16 forks source link

Add option to write credentials to shared credentials file #38

Closed tinexw closed 3 years ago

tinexw commented 5 years ago

This is a new feature that makes it easier to run a spring boot applications from IntelliJ that need to access AWS resources. Without this, all three environment variables need to manually be copied/pasted to the IntelliJ Run Configuration.

tinexw commented 5 years ago

@yawn Any chance of getting this merged soonish?

yawn commented 5 years ago

Tomorrow !

Kristine Jetzke notifications@github.com schrieb am Do. 24. Okt. 2019 um 22:00:

@yawn https://github.com/yawn Any chance of getting this merged soonish?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/kreuzwerker/awsu/pull/38?email_source=notifications&email_token=AAAEOQTO3RKPH2ERXNYG3BLQQH5GFA5CNFSM4I5H3CL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECGICLI#issuecomment-546079021, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAEOQVJJRDVU6TCRF62PZ3QQH5GFANCNFSM4I5H3CLQ .

-- kreuzwerker GmbH - we touch running systems kreuzwerker.de | twitter.com/kreuzwerker | kreuzwerker.de/blog | facebook.com/kreuzwerker fon / signal +49 170 757 11 62 | fax +49 30 609 83 88 99 Ritterstr. 12-14, 10969 Berlin | joern.barthel@kreuzwerker.de HR B 129427 B | AG Charlottenburg | Geschäftsführer: Tilmann Eing

peermuellerxw commented 4 years ago

As a workaround you can create a credential_process script (see aws documentation), such as

# aws-sdk-core v1 (since 1.11.489) does not cope with the expiration date format awsu provides
`awsu -p stage` && jq -n --arg AWS_SESSION_TOKEN "$AWS_SESSION_TOKEN" --arg AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" --arg AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" '{ "Version": 1, "AccessKeyId": $AWS_ACCESS_KEY_ID, "SecretAccessKey": $AWS_SECRET_ACCESS_KEY, "SessionToken":  $AWS_SESSION_TOKEN}'
# aws-sdk-core v2 (since 2.5.26) does parse the date correctly, which should provide the feature of automagic token renewal on expiry
`awsu -p stage` && jq -n --arg AWS_SESSION_TOKEN "$AWS_SESSION_TOKEN" --arg AWSU_EXPIRES "$AWSU_EXPIRES" --arg AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" --arg AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" '{ "Version": 1, "AccessKeyId": $AWS_ACCESS_KEY_ID, "SecretAccessKey": $AWS_SECRET_ACCESS_KEY, "SessionToken":  $AWS_SESSION_TOKEN, "Expiration":  $AWSU_EXPIRES}'

and create a profile in ~/.aws/credentials that references the script

[stage-awsu-temp]
credential_process = /Users/current_user/aws_credentials.sh
mavogel commented 3 years ago

@tinexw please rebase :)

tinexw commented 3 years ago

I'm going to close this. I'm not sure if this feature is actually still needed. If it is, we can reopen this.