AWS credentials loader
awsecrets config precedence
- Command Line Options (Awscreds#load method args OR self optparse)
- Environment Variables
- YAML file (secrets.yml)
- The AWS credentials file
- The CLI configuration file
- Instance profile credentials
Installation
Add this line to your application's Gemfile:
gem 'awsecrets'
And then execute:
$ bundle
Or install it yourself as:
$ gem install awsecrets
Usage example
Generate exception with wrong configuration
For some use cases, awsecrets might raise an exception if (even after all attempts to configure access to an AWS account) there is missing configuration parameters.
In other cases, this might not be desired.
To have control on that, you can use the environment variable
DISABLE_AWS_CLIENT_CHECK
: if you set it to the string 'true'
, it will not
attempt to early create an Aws::EC2::Client
instance with the found
parameters.
By default, even if you don't set DISABLE_AWS_CLIENT_CHECK
it will be treated
like true
.
To enable this early checking, you must setup DISABLE_AWS_CLIENT_CHECK
with the string 'false'
.
Basic example
Create a command line tool ec2sample
like following code:
#!/usr/bin/env ruby
require 'awsecrets'
Awsecrets.load
ec2_client = Aws::EC2::Client.new
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first
Then execute it with command line parameters:
$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1
or with environment variables configuration:
$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa
or using an YAML file:
$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
$ ec2sample i-1aa1aaaa
Use AssumeRole
Support role_arn
role_session_name
source_profile
external_id
.
1. .aws/config
and .aws/credentials
see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
# .aws/config
[profile assumed]
role_arn = arn:aws:iam::123456780912:role/assumed-role
external_id = myfoo_id
source_profile = assume_test
# .aws/credentials
[assume_test]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
And execute
$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
2. secrets.yml
$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
role_arn = arn:aws:iam::123456780912:role/assumed-role
And execute
$ ec2sample i-1aa1aaaa
Disable load YAML (secrets.yml
)
Awsecrets.load(disable_load_secrets:true)
or
Awsecrets.load(secrets_path:false)
Contributing
- Fork it !
- Create your feature branch (
git checkout -b my-new-feature
). - Commit your changes (
git commit -am 'Add some feature'
). - Push to the branch (
git push origin my-new-feature
). - Create a new Pull Request.