Project

credsummoner

0.0
No commit activity in last 3 years
No release in over 3 years
credsummonervhl/credsummonerHomepageDocumentationSource CodeBug TrackerWiki
Retrieve temporary AWS credentials via an identity provider.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
2,972
Stars
3
Forks
2
Watchers
1
 Releases
Current version
0.1.0
Total releases
1
First release
2019-07-03
Latest release
2019-07-03
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
GPL-3.0+
Average date of last 50 commits
2020-12-12
Reverse Dependencies
0

 Dependencies

Runtime

aws-sdk-core
~> 3.0
nokogiri
~> 1.0
tty-prompt
~> 0.19
 Project Readme

CredSummoner

CredSummoner is a tool that developers can use to generate temporary AWS credentials. It works by integrating with your identity provider for user authentication and AWS role access. As of now, the only supported identity provider is Okta.

Usage

First, CredSummoner must be configured to use the proper Okta embed link for AWS access:

credsummoner config okta_aws_embed_link https://example.okta.com/home/amazon_aws/xxxxxxxxxxxxxxxxxxxx/999

Once configured, credsummoner get may be used like so:

credsummoner get your-okta-username

CredSummoner will prompt for a password and TOTP token. Upon successful authentication, CredSummoner will prompt for the AWS account and IAM role to assume. A new shell process is then created with the following environment variables configured with a fresh set of temporary AWS credentials:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN

There are several other ways to invoke credsummoner get. For example, if you know the AWS account alias and IAM role name, you can skip the prompts like so:

credsummoner get your-okta-username --account=foo --role=Developer

You can also tell CredSummoner to spawn an arbitrary program rather than a shell:

credsummoner get your-okta-username -- rails server

Or, you can skip spawning another program altogether and just print out environment variables for easy copy/pasting elsewhere:

credsummoner get your-okta-username --env

By default, CredSummoner tries to generate credentials that are valid for 12 hours, the maximum currently allowed by AWS STS. If an IAM role has a lower maximum session duration, then the --duration flag must be used to set the desired session duration (in seconds) without exceeding the limit.

Installation

CredSummoner is a Ruby gem, and thus can be easily installed with the gem program:

gem install credsummoner