Project

aws_cli_config_parser

0.0
No commit activity in last 3 years
No release in over 3 years
aws_cli_config_parserbrunze/aws_cli_config_parserHomepageDocumentationSource CodeBug TrackerWiki
Parses profile settings and secrets from AWS CLI configuration files, including temporary credentials cached by the CLI when using roles.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,074
Stars
0
Forks
0
Watchers
1
 Releases
Current version
0.2.0
Total releases
2
First release
2021-05-08
Latest release
2021-05-26
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2021-05-20
Reverse Dependencies
0

 Dependencies
 Project Readme

AWS CLI Configuration Parser

This Ruby gem provides a tool to parse profile settings and secrets from AWS CLI configuration files, including temporary credentials cached by the CLI when using IAM roles. This is often useful when using CLI profiles that assume roles requiring an MFA code. After authenticating successfully with an MFA code, temporary session credentials are cached in your ~/.aws folder. You'll often need to pass these temporary credentials to other tools such as Docker containers. This gem parses the files in your ~/.aws folder and merges all information allowing you to retrieve any credential or setting.

Installation

Add this line to your application's Gemfile:

gem 'aws_cli_config_parser'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install aws_cli_config_parser

Usage

With a file tree like this:

~/.aws/
├── cli
│   └── cache
│       ├── 1a2b3c4d5etc.json
├── config
└── credentials

~/.aws/config

[default]
region = eu-west-1

[profile admin]
role_arn = arn:aws:iam::222200002222:role/SomeRole
source_profile = default
role_session_name = session_name
region = eu-central-1

~/.aws/credentials

[default]
aws_access_key_id = ASIA1111000011110000
aws_secret_access_key = SECRET1111000011110000111100001111000011

~/.aws/cli/cache/1a2b3c4d5etc.json

{
  "Credentials": {
    "AccessKeyId": "ASIA2222000022220000",
    "SecretAccessKey": "SECRET2222000022220000222200002222000022",
    "SessionToken": "SESSIONTOKEN222200002222000022220000222200002222000022220000etc",
    "Expiration": "<some timestamp in the future>"
  },
  "AssumedRoleUser": {
    "AssumedRoleId": "ARLID2222000022220000:session_name",
    "Arn": "arn:aws:sts::222200002222:assumed-role/SomeRole/session_name"
  },
  ...
}

You can obtain any individual configuration value like this:

profiles = AwsCliConfigParser.parse
# => #<AwsCliConfigParser::Profiles:0x000055b0526261e8>

default = profiles.get('default')
# => #<AwsCliConfigParser::Profile:0x000055b052654ea8>

default.get('region')
# => "eu-west-1"
default.get('aws_access_key_id')
# => "ASIA1111000011110000"
default.get('aws_secret_access_key')
# => "SECRET1111000011110000111100001111000011"

admin = profiles.get('admin')
# => #<AwsCliConfigParser::Profile:0x000055b052644b98>

admin.get('region')
# => "eu-central-1"
admin.get('role_arn')
# => "arn:aws:iam::222200002222:role/SomeRole"
admin.get('aws_access_key_id')
# => "ASIA2222000022220000"
admin.get('aws_secret_access_key')
# => "SECRET2222000022220000222200002222000022"
admin.get('aws_session_token')
# => "SESSIONTOKEN222200002222000022220000222200002222000022220000etc"

Or if you prefer using hashes:

AwsCliConfigParser.parse.to_h == {
  'default' => {
    'region'                => 'eu-west-1',
    'aws_access_key_id'     => 'ASIA1111000011110000',
    'aws_secret_access_key' => 'SECRET1111000011110000111100001111000011'
  },
  'admin' => {
    'region'                => 'eu-central-1',
    'role_arn'              => 'arn:aws:iam::222200002222:role/SomeRole',
    'source_profile'        => 'default',
    'role_session_name'     => 'session_name',
    'aws_access_key_id'     => 'ASIA2222000022220000',
    'aws_secret_access_key' => 'SECRET2222000022220000222200002222000022',
    'aws_session_token'     => 'SESSIONTOKEN222200002222000022220000222200002222000022220000etc',
  }
}
# => true

If you have your AWS CLI configuration directory somewhere other than the default you can tell the parser where to look for it:

AwsCliConfigParser.parse(aws_directory: '/somewhere/else/.my-aws-folder')
# => ...

CLI frontend

This gem includes a limited CLI frontend. You can obtain a configuration value like this:

aws_cli_config_parser --profile admin --key aws_access_key_id
# ASIA2222000022220000
aws_cli_config_parser -p admin -k aws_access_key_id
# ASIA2222000022220000

You can optionally define a fallback value to be returned in case the specified profile does not exist or the configuration parameter is not defined:

aws_cli_config_parser --profile bogus --key aws_access_key_id --fallback OOOPS
# OOOPS
aws_cli_config_parser -p bogus -k aws_access_key_id -f OOOPS
# OOOPS

You can also specify a custom directory where the command will look for your AWS CLI configuration files:

aws_cli_config_parser --profile someone --key aws_access_key_id --directory /somewhere/else/.my-aws-folder
# ASIA................
aws_cli_config_parser -p someone -k aws_access_key_id -d /somewhere/else/.my-aws-folder
# ASIA................

License

The gem is available as open source under the terms of the MIT License.