npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

awsudo

v3.0.0-alpha.0

Published

A simple utility for executing cli commands with an assumed role.

Downloads

12,484

Readme

awsudo

Node.js CI test

A simple utility for easily executing AWS cli commands with an assumed role.

For more information about the motiviation behind developing this utility, please read our blog post Assuming roles in AWS with sudo-like agility.

Usage

awsudo [-d|--duration] [-p|--profile] [-n|--session-name] [-e|--external-id] [-v|--verbose]
[-m|--mfa-token-arn] [-t|--mfa-token] <arn> <command..>

Assume an IAM role for the duration of a command

Positionals:
  arn      ARN to assume                                                [string]
  command  Command to run

Options:
  --help               Show help                                       [boolean]
  --version            Show version number                             [boolean]
  -d, --duration       The duration to assume this role in seconds. See
                       https://docs.aws.amazon.com/STS/latest/APIReference/API_A
                       ssumeRole.html#API_AssumeRole_RequestParameters
                                                         [number] [default: 900]
  -p, --profile       The profile used to assume the role
                                                          [string] [default: ""]
  -n, --session-name   The role session name to use
                                               [string] [default: "RoleSession"]
  -e, --external-id    The external id string used to authenticate role
                       assumption                      [string] [default: false]
  -v, --verbose        Show debug information         [boolean] [default: false]
  -t, --mfa-token      Current MFA token [Must also supply mfa-token-arn]
                                                       [string] [default: false]
  -m, --mfa-token-arn  ARN for users MFA [Must also supply mfa-token]
                                                       [string] [default: false]
      --preserve-credentials-cache  Retain the AWS credentials cache folder when
                                    command is complete; otherwise remove it
                                                      [boolean] [default: false]

Install

awsudo can be installed as a global utility to use alongside the AWS cli for day-to-day operations, local troubleshooting, etc:

npm install -g awsudo

Node.js

awsudo can also be installed for use by specific Node.js projects (i.e. as part of a CI/CD build process) by adding it as a dependency like any other:

npm install --save-dev awsudo

npm will place it in the execution PATH for any scripts defined in it package.json that it runs (e.g. start, test).

deb and rpm packages

In addition to the native npm package and Docker image, there are .deb and .rpm packages avaialble.

These can be downloaded from

  1. the releases tab in your browser

  2. the command-line:

    Latest .deb

    curl -LO $(curl -s https://api.github.com/repos/meltwater/awsudo/releases/latest | grep -Eo 'https://github\.com/meltwater/awsudo/releases/download/v.*\.deb')

    Latest .rpm

    curl -LO $(curl -s https://api.github.com/repos/meltwater/awsudo/releases/latest | grep -Eo 'https://github\.com/meltwater/awsudo/releases/download/v.*\.rpm')

Warning: You must install Node.js separately, because these packages are not marked as dependent on Node.js within the Debian or Red Hat ecosystems. This facilitates portability across distributions and better accomodates the multitude of ways Node.js can be installed (e.g. using nvm).

Docker

awsudo can also be used from its official Docker image, which packages it along with its dependencies and the AWS cli.

docker pull awsudo/awsudo

Note: See Docker under Usage for details of what the image includes.

Usage

Basic usage when awsudo is on the PATH resembles this example:

awsudo arn:aws:iam::123456789012:role/S3Access aws s3 cp ./some/directory s3://some-bucket

💡 Tip: awsudo shell!

When running multiple commands as the same role (especially when using MFA), it can be convenient to temporarily authenticate all commands as that role by launching a new shell using awsudo:

awsudo arn:aws:iam::123456789012:role/S3Access /bin/bash
aws s3 cp ./some/directory s3://some-bucket
aws s3 cp ./another/directory s3://some-bucket
aws s3api list-objects --bucket some-bucket

Note: the lifespan of the authentication within the shell is dictated by the --duration argument to awsudo

Docker

The Docker image can be used as a direct command:

docker run awsudo/awsudo awsudo --help

In order to assume roles, the AWS configuration needs to be mounted as a volume in the container:

docker run -v ~/.aws:/root/.aws \
    awsudo/awsudo \
    awsudo arn:aws:iam::123456789012:role/S3Access aws s3 ls

If you need to operate on local files, those need to be mounted to a working directory for the container as well:

docker run -v ~/.aws:/root/.aws awsudo/awsudo \
    --volume $PWD:/docker-working-directory --workdir /docker-working-directory \
    awsudo/awsudo \
    awsudo arn:aws:iam::123456789012:role/S3Access aws s3 cp ./some/directory s3://some-bucket

Docker image contents

The main focus of the Docker image is to provide awsudo, however it includes some other tools that may be of use:

  • aws - a key component for many uses of awsudo
  • node - the runtime engine of awsudo itself
  • an OS with a package manager to facilitate installing additional software

Each of these have their own releases which may affect a consumer of the awsudo image. To provide a predictable environment for consumers we guarantee that, starting with v1.7.2:

  • an image for each version of awsudo is available
  • an image for each active or maintenance Node.js LTS version is available
  • an image for each combination of awsudo and Node.js LTS is available
  • the latest release of the v2 AWS CLI will be included
  • the choice of base OS is tied to a Node.js LTS version

To allow selection across all of these possibilities, the awsudo image is published with a selection of tags.

The table below illustrates what version of each tool can be expected for a given image tag:

| | :latest |:vX.Y.Z | :nodeLTS | :vX.Y.Z-nodeLTS | | ------- | --------- | -------- | ---------- | ----------------- | | awsudo | latest | vX.Y.Z | latest | vX.Y.Z | | aws | latest v2 | latest v2 | latest v2 | latest v2 | | Node.js | latest | latest | nodeLTS | nodeLTS | | OS | debian | debian | debian | debian |

Docker-based CI/CD

The Docker image can also be used with CI/CD tools like Drone or CircleCI.

Here is an example Drone pipeline step which uses the awsudo Docker image to deploy into AWS:

deploy:
  image: awsudo/awsudo:iron
  commands:
    # Copy build artifacts to publicly-readable S3 bucket
    - awsudo arn:aws:iam::${AWS_ACCOUNT_ID}:role/S3Access aws s3 cp ./build s3://some-bucket --acl public-read --recursive
  environment:
    - AWS_DEFAULT_REGION=us-east-1
  secrets:
    - aws_access_key_id
    - aws_account_id
    - aws_secret_access_key

Prerequisites

Valid AWS Configuration

Any one of the following is required for awsudo to function correctly

  • Appropriate environment variables are set for aws-sdk to work
  • A default profile (e.g. created using aws configure)
  • A set of any named profiles you would like to use

Developing / Testing

validate-features

This is an included script which validates significant features of awsudo as functioning properly in a true running context.

Not every feature that exists is, or should be, exercised by this tool. If a unit test can adequately validate a given behavior, that is preferred.

Before running, it will check for prerequisites, but for the sake of planning they are:

  • Docker
  • A post-aws configure environment with
    • at least one profile
    • at least one profile requiring an MFA

To execute the tool, run the following from the project root:

scripts/validate-features

it will prompt for profile names and MFA tokens as necessary.

Contributing

Gitpod ready-to-code

Do we accept contributions? YES! (see our policy for details)

Thank you to everyone who has been one of our contributors!

Questions/Contact?

The maintainer of this repository is the AWS sudo open source maintainers at Meltwater, please send us any questions.