As of 31.07.2023, this repository will be archived and set to read-only. This means that while the existing code and resources will remain accessible, no further updates, enhancements, or bug fixes will be provided. We understand that this decision may impact some of your workflows and projects, and we apologize for any inconvenience it may cause.
aws-cfg-generator is a CLI tool to generate configs for AWS helper tools based on an IAM user's permissions.
To use this tool you need AWS credentials for an IAM user. This IAM user also needs sufficient permissions to read their own permission sets and group memberships.
Usage: aws-cfg-generator <command>
Flags:
-h, --help Show context-sensitive help.
Commands:
vault --vault-config-path=STRING
generates a config for aws-vault
switch-roles --output-file=STRING
generates a config for aws-extend-switch-roles
In order to name profiles correctly, aws-cfg-generator will attempt to call organizations.ListAccounts
and match that
with account IDs in the roles the user has access to. If the user has permissions for a role not in the same AWS
organization the profile will be named by the account ID instead. Similarly, if the user lacks permissions to list the
organization's accounts, the profiles will be named by account IDs as well,