benkehoe / aws-export-credentials Goto Github PK
View Code? Open in Web Editor NEWGet AWS credentials from a profile to inject into other programs
License: Apache License 2.0
Get AWS credentials from a profile to inject into other programs
License: Apache License 2.0
It would be nice if a command like:
aws-export-credentials \
--debug \
--profile $profile \
--cache-file ~/.aws/aec/$profile.cache
would work even if the aec directory does not exist
After merging and releasing aws/aws-cli#7398, I believe aws configure export-credentials
should be the recommended solution. It would be worth to note in the README.md
that aws-export-credentials
is either a legacy solution (is it?) or highlight differences between these two approaches.
Any way to force an update after creds are already exported to the cred files?
I have creds with expiration time and needs to be refreshed but the tool doesn't seem to do that if cred files are already present. There is a --refresh
option but i think that may be for something else.
I thought someone had opened an issue for this, but now I can't find any. I think IMDS might break without a session token, which means we would need to get temporary credentials if it's an IAM user. This would also need to be implemented on the standalone server https://github.com/benkehoe/imds-credential-server
Currently, aws-export-credentials --profile my-profile --exec aws lambda list-functions
will fail because the subprocess cannot find a region to use. aws-export-credentials
should determine the region, if one is set, on the session, and pass it in to the subprocess as AWS_DEFAULT_REGION
.
I'm not clear if it should be included for --env
or --credentials-file-profile
Needs some additional data per benkehoe/imds-credential-server#4
The proper environment variable for credential expiration is AWS_CREDENTIAL_EXPIRATION
, supported in botocore, but I was unaware of that and named it AWS_CREDENTIALS_EXPIRATION
. So that needs to be changed. Also update the field for the credentials file option, though that is not at all supported as far as I'm aware.
aws --profile mine sts assume-role --role-arn "arn:aws:iam::XYZ:role/ViewLogsPlease" --role-session-name ViewOne
{
"Credentials": {
"AccessKeyId": "REDACTED",
"SecretAccessKey": "REDACTED",
"SessionToken": "REDACTED",
"Expiration": "2021-08-17T09:56:17+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "AROARIZSHQ5ZB4BAEOCU2:ViewOne",
"Arn": "arn:aws:sts::XYZ:assumed-role/ViewLogsPlease/ViewOne"
}
}
Right now, AFAICT I'm supposed to set this up manually, maddeningly
Using Python's build-in web server, we should be able to mimic the EC2 instance metadata server, which would be a convenient way of retrieving credentials for certain situations.
I have the following ~/.aws/config
file on an EC2. I know it seems redundant as it isn't assuming a role, but I need the named profile for my use case:
[profile myprofile]
credential_source = Ec2InstanceMetadata
region = us-west-2
output = json
When running aws-export-credentials --credentials-file-profile myprofile
I receive the following error:
Traceback (most recent call last):
File "/home/ubuntu/.local/bin/aws-export-credentials", line 8, in <module>
sys.exit(main())
File "/home/ubuntu/.local/lib/python3.10/site-packages/aws_export_credentials/aws_export_credentials.py", line 269, in main
write_values(session, args.credentials_file_profile, values)
File "/home/ubuntu/.local/lib/python3.10/site-packages/aws_export_credentials/config_file_writer.py", line 54, in write_values
session.get_config_variable('credentials_file'))
AttributeError: 'Session' object has no attribute 'get_config_variable'
Didn't quite grok pipx. I assumed it would install to pwd, but I think it installed into ~/.local/bin... and it still didn't find the module.
pipx run aws_export_credentials
'aws_export_credentials' executable script not found in package 'aws_export_credentials'. Available executable scripts:
aws-export-credentials
Workaround was to use python3 -m pip install --user aws-export-credentials
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.