Project

aws-sts

0.0
No commit activity in last 3 years
No release in over 3 years
This tool allows you to a assume an AWS role using short-lived credentials, it follows your aws config file
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

 Project Readme

Ruby Gem Version

aws-sts

asciicast

The problem: You want to be able to have short term credentials to your AWS account for security

The solution: AWS STS and aws-sts.rb

Features

This supports ~/.aws/config making this tool easier to set-up.

How it Works

Roles are assumed, or session tokens are simply acquired (if --no-role is specified) via the [AssumeRole][assume-role] or the [GetSessionToken][get-session-token] AWS STS API calls. After this, your command or shell is launched with the standard AWS credential chain environment variables set:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN

Usage

Install the tool:

  1. gem install aws-sts
  2. aws-sts <role>

Configuration

Setup a profile for each role you'd like to use in your ~/.aws/config.

[profile account]
region = eu-west-2

[profile dev]
region = eu-north-1
role_arn = arn:aws:iam::1999:role/admin
source_profile = account

And then in your ~/.aws/credentials

[account]
aws_access_key_id=XXXXXX
aws_secret_access_key=XXX

Usage

$ ./aws-sts <role>
export AWS_ACCESS_KEY_ID=SXXXX
export AWS_SECRET_ACCESS_KEY=XXXX
export AWS_SESSION_TOKEN=XXXX
export ASSUMED_ROLE=dev
# run eval $(ruby aws-sts.rb <profile>)

By default the credentials last for 3600 seconds or 1 hour.