-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathaws-vault-wrapper
executable file
·39 lines (32 loc) · 1.26 KB
/
aws-vault-wrapper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
#
# Wraps command in aws-vault.
#
# Expects the command you want to run is symlinked to this file.
#
set -eu -o pipefail
cmd=$(basename "$0")
if [[ $cmd = aws-vault-wrapper ]]; then
echo "This wrapper should not be called directly."
exit 1
fi
# for convenience, don't wrap commands without arguments (no API calls)
[[ -z $* ]] && AWS_VAULT_WRAPPER_DISABLE=true
# for convenience, don't wrap specific commands which run without AWS API calls
[[ $cmd = aws && ${1:-} = configure ]] && AWS_VAULT_WRAPPER_DISABLE=true
[[ $cmd = terraform && ${1:-} = fmt ]] && AWS_VAULT_WRAPPER_DISABLE=true
# remove the dir this script and symlinks are in so we find the real executable
my_bin_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
PATH=${PATH//$my_bin_dir:}
# set the debug flag
debug_flag=""
[[ -n ${AWS_VAULT_DEBUG:-} ]] && debug_flag="--debug"
# set the no-session flag
no_session_flag=""
[[ -n ${AWS_VAULT_NO_SESSION:-} ]] && no_session_flag="--no-session"
# check if we've been invoked by aws-vault or if it should be disabled
if [[ -n ${AWS_VAULT:-} || -n ${AWS_VAULT_WRAPPER_DISABLE:-} ]]; then
exec "$cmd" "$@" # run without aws-vault
else
exec aws-vault $debug_flag exec $no_session_flag --assume-role-ttl=1h "$AWS_PROFILE" -- "$cmd" "$@"
fi