trek10inc / awsets

A utility for crawling an AWS account and exporting all its resources for further analysis.
MIT License
205 stars 25 forks source link

New flag to pass aws credentials or a way to run awsets without aws cli and creds configured? #28

Open ClimenteA opened 1 year ago

ClimenteA commented 1 year ago

Hi,

Awesome work on this project!

I've read the documentation and I didn't find a way to run awsets list -o all.json without having aws cli configured (most probably I'm missing something).

How we can run awsets list -o all.json without aws cli configured?

I would gladly help with work on this project, but I'm still a beginner in Go..

Update: Or role-arn?

catdevman commented 11 months ago

Thanks for the interest @ClimenteA! Here is where the aws sdk is configured in awsets and you'll see that it has an option for a profile or it loads the default config on line 34. It is best if awsets is not responsible for assuming roles or creating short lived credentials. Trek10 has developed a tool to be able to do that as well that you might want to check here. It isn't so much that you need the aws cli configured as you need credentials, which the aws cli helps provide a way to do that but you can also just create the file manually with credentials or put credential (long or short lived) in your environment variables. If you run awsets from an EC2 instance w/ an instance role or lambda w/ execution role those are the permissions that will get used. If you run awsets from the cli the user is responsible for making sure a credentials file is created, through aws configure or otherwise or they are using one of the other way that credentials are loaded by defaul with the go aws sdk. You can learn more about aws credentials here and here. If you have any questions let me know.