Skip to content

Crown-Commercial-Service/aws-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

aws-auth

AWS authentication wrapper to handle MFA and IAM roles. It's useful for applications which are not able to handle MFA or switch IAM roles.

If you defined your AWS credentials with the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variables the script will simply pass them through.

If you defined AWS profiles in ~/.aws/credentials and ~/.aws/config the script will handle authentication, get temporary credentials if necessary and expose the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN variables.

Dependencies

The AWS cli (>= 1.14) and jq must be installed on your system.

pip install awscli

For installing jq please follow the instructions: https://stedolan.github.io/jq/download/

Installation

sudo curl -s https://raw.githubusercontent.com/alphagov/aws-auth/main/aws-auth.sh -o /usr/local/bin/aws-auth
sudo chmod +x /usr/local/bin/aws-auth

Usage

Simply prepend your command with aws-auth.

E.g. to see the AWS_* environment variables exposed:

AWS_PROFILE=some-profile aws-auth env | grep AWS

AWS profile examples

~/.aws/credentials

[some-profile]
region=eu-west-1
aws_access_key_id=AKIAI...
aws_secret_access_key=FYd4t...

~/.aws/config

[profile some-profile-with-role]
source_profile=some-profile
mfa_serial=arn:aws:iam::<AWS account id>:mfa/<IAM username>
role_arn = arn:aws:iam::<AWS account id>:role/<IAM role>

How it works

The script simply calls aws sts get-caller-identity to handle the whole authentication process with the AWS cli. Temporary credentials are stored in ~/.aws/cli/cache and are valid for one hour.

About

AWS authentication wrapper to handle MFA and roles

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages