Simple script to access the AWS Federation Proxy (AFP). Its main use case is starting a new shell where your temporary AWS credentials have been exported into the environment.
Inspired by https://github.com/ImmobilienScout24/afp-cli
The started bash
will notice when the AWS tokens are about to expire. It will then renew the necessary tokens itself. No need to log out and in again.
$ ./afpre
token expired - need to renew...
authenticating as some.user for some.account/some.role against some.afp.host
done.
AFP| ~/git/hub/afpre$ # do some work ...
AFP| ~/git/hub/afpre$ # typically for an hour or so ...
AFP| ~/git/hub/afpre$ # your tokens have expired ...
token expired - need to renew...
authenticating as some.user for some.account/some.role against some.afp.host
done.
AFP| ~/git/hub/afpre$ # do some more work ...
You can type awsenv
to print aws-specific environment information.
Whithin an afpre
session you can - if you feel the need - manually trigger a token renewal. Either only if your old tokens have expired ...
$ condrenew
... or even unconditionally by calling
$ renew
You can call awsenv
to check for your current AWS credentials.
AFP| ~/git/hub/afpre$ awsenv
AWS_ROLE=admin
AWS_SECRET_ACCESS_KEY=...
AWS_VALID_SECONDS=3600
AWS_ACCOUNT=...
AWS_SESSION_TOKEN=...
AWS_ACCESS_KEY_ID=...
AWS_SECURITY_TOKEN=...
In case you find that condrenew
command somewhat useless you got it pretty much right - because that's what afpre
does anyway. But since version 0.9.15
both commands are available for subprocesses as well. So even (e. g.) running scripts could trigger their own token renewals.
$ cat ~/.afpre
ACCOUNT=<your desired account>
ROLE=<your desired role>
HOST=<your afp host>
_PATH=<your path to service endpoint, typically "/afp-api/latest/account">
NAME=<your username> # optional
PW=<your password> # optional, I wouldn't put it here
PATTERN=\${ACCOUNT}/\${ROLE} # optional, the message you want to see in front of the prompt
RENEW_INT=<custom token renew interval> # optional, defaults to token's expiry
INSECURE=<true|false> # optional, perform "insecure" SSL connections, defaults to false
Use option --example-cfg
to create an example configuration file.
See https://github.com/leflamm/afpre/releases
- .deb
- .rpm