npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-authenticate

v1.6.136

Published

AWS CLI tool for authorization

Downloads

41

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

hoegertnhoegertntaimos-usertaimos-user

Keywords

amazonauthaws

Readme

AWS Authenticate

This CLI tool helps you to configure your AWS access in CI/CD environments. You can set the region, the IAM profile to use or assume IAM roles with one CLI call.

The tool prints environment variables to the console to use in subsequent calls. By using eval you can set the environment in one call.

How to install

To install this tool you need NodeJS and NPM installed on your machine. You can then execute npm install -g aws-authenticate to install the aws-authenticate executable.

Examples

One-liners

To use a profile configured in your ~/.aws/config file, issue the following command:

eval "$(aws-authenticate auth --profile myprofile)"

To assume a role using your default config you call it like:

eval "$(aws-authenticate auth --role MyRole)"

To assume a role in another account, use:

eval "$(aws-authenticate auth --role MyRole --roleAccount 123456789012)"

To assume a role in another account using a different policy, call:

eval "$(aws-authenticate auth --role MyRole --roleAccount 123456789012 --roleSessionPolicy 'arn:aws:iam::aws:policy/AdministratorAccess')"

To clear all AWS related environment variable and use the defaults, call:

eval "$(aws-authenticate clear)"

Example using sub-shell

If you do not want to pollute your environment with settings, you can use a sub-shell to only configure AWS for several calls:

#!/bin/bash -e

...
(
    eval "$(aws-authenticate auth --profile myprofile)"
    aws s3 ls
)
...

Looping through all accounts

If you want to do something for a accounts in an organization, use the following code:

#!/bin/bash -e

export accounts=$(aws-authenticate accounts)

echo "${accounts}" | while read account; do
(
    id=$(echo "${account}" | cut -d ',' -f 1)
    safeName=$(echo "${account}" | cut -d ',' -f 4)
    
    echo "Doing stuff for account ${id} with safe name ${safeName}"

    eval "$(aws-authenticate auth --roleAccount ${id} --role master --region eu-central-1)"

    aws-authenticate set-alias --name "${safeName}"
)

done

If you have a tag called Alias on your accounts, you can set the account alias with the following script:

#!/bin/bash -e

export accounts=$(aws-authenticate accounts --tags Alias)

echo "${accounts}" | while read account; do
(
    id=$(echo "${account}" | cut -d ',' -f 1)
    alias=$(echo "${account}" | cut -d ',' -f 6)
    eval "$(aws-authenticate auth --roleAccount ${id} --role master --region eu-central-1)"
    aws-authenticate set-alias --name "${alias}"
)

done

Documentation

aws-authenticate <command> [options]

auth

The auth command is used to configure credentials or assume roles.

Valid options are:

  • --role <role> - The IAM role to assume
  • --roleAccount <accountId> - The AWS account owning the role to assume. If not specified, your current account is used.
  • --region <region> - The region to configure for subsequent calls
  • --profile <profile> - The profile configured in ~/.aws/config to use
  • --targetProfile <profile> - The profile in ~/.aws/config to write the new credentials to
  • --externalId <id> - The external ID to use when assuming roles
  • --duration <seconds> - The number of seconds the temporary credentials should be valid. Default is 3600.
  • --roleSessionName <name> - The name of the session of the assumed role. Defaults to AWS-Auth-<xyz> with xyz being the current milliseconds since epoch.
  • --roleSessionPolicy <str> - The ARN or filename of the policy to use for the assumed session
  • --id - Print the final user information to the console for debugging purpose

id

With the id command, the tool prints the currently configured IAM principal to the console

$ aws-authenticate id
# Account: 123456789012 - User: arn:aws:iam::123456789012:user/johndoe

clear

The clear command creates a bash snippet to clear all AWS related environment vafriables.

accounts

The accounts command lists AWS accounts withing the currect organization.

Accounts are printed one account per line with the following fields in a CSV format.

<ID>,<EMAIL>,<NAME>,<SAFENAME>,<STATUS>

The safe name is the name with only alphanumeric characters and the rest being replaced with dashes.

123456789012,[email protected],My Example Account,my-example-account,ACTIVE
210987654321,[email protected],My Sub Account,my-sub-account,ACTIVE

Valid options are:

  • --parent <parent> - Limit the account list to the given orga parent (OU)
  • --tags key1,key2 - Show account tags as additional columns

update-idp

The update-idp command is used to create or update the given SAML identity provider

Valid options are:

  • --name <name> - Name of the IdP to configure. Defaults to SAML
  • --metadata <file> - The file to use as SAML metadata

set-alias

The set-alias command enables you to configure an AWS account alias.

Valid options are:

  • --name <name> - Name of the alias to configure

Changelog

NEWER

See Github releases

1.5.0

  • update deps
  • add support to write auth to new profile

1.4.0

  • update deps

1.3.1

  • fix --roleAccount when account id has leading zeros

1.3.0

  • add --roleSessionPolicy to provide IAM policies when assuming roles
  • add --tags to account list

1.2.0

  • remove --script option as it is completely broken. Use sub-shells instead. BREAKING CHANGE

1.1.0

  • add --script option to run bash scripts directly
  • add accounts command to list AWS accounts
  • add update-idp command to manage SAML IdP
  • add set-alias command to manage SAML IdP
  • fix clear command

1.0.1

  • add README and help command

1.0.0

  • Initial project implementation

Contribute

Did you find a bug?

  • Ensure the bug was not already reported by searching on GitHub under Issues.

  • If you're unable to find an open issue addressing the problem, open a new one. Be sure to include a title and clear description, as much relevant information as possible, and a code sample demonstrating the expected behavior that is not occurring.

Did you write a patch that fixes a bug?

  • Open a new GitHub pull request with the patch.

  • Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.

Did you fix whitespace, format code, or make a purely cosmetic patch?

Changes that are cosmetic in nature and do not add anything substantial to the stability, functionality, or testability will normally not be accepted.

Do you intend to add a new feature or change an existing one?

  • Suggest your change under Issues.

  • Do not open a pull request on GitHub until you have collected positive feedback about the change.

Do you want to contribute to the aws-authenticate documentation?

  • Just file a PR with your recommended changes