/sts-helper

a CLI tool used to make assuming AWS roles more convenient

Primary LanguageGoApache License 2.0Apache-2.0

sts-helper

sts-helper is a CLI tool used to make assuming AWS roles more convenient.

Prebuilt binaries

Only Darwin and Linux 64 bit binaries are available on the releases page.

Build and install from source

go get github.com/metadave/sts-helper
cd ${GOPATH}/src/github.com/metadave/sts-helper
dep ensure
go install

Setup

Create an ~/.sts-helper.yaml file:

---
s3-stuff:
  duration-seconds: 3600
  role-arn: arn:aws:iam::1234566778899:role/foo
  mfa-arn: arn:aws:iam::1234566778899:mfa/some-arn
  session-name: foobar123
  clear-env: true
rds-readonly:
  duration-seconds: 3600
  role-arn: arn:aws:iam::1234566778899:role/foo
  mfa-arn: arn:aws:iam::1234566778899:mfa/some-arn
  session-name: foobar123
  clear-env: true

Paste this function into your .bashrc

function sts_assume() {
     read -p "Helper profile: " prof
     read -p "MFA token: " token
     eval $(sts-helper assume-role --helper-profile $prof --token $token)
}

or just use a snippet like:

eval $(sts-helper assume-role --helper-profile my_profile --token 123456)

If you want to see a list of sts-helper profiles, use a function like this:

function sts_assume_with_list() {
     echo "Available sts-help profiles:"
     sts-helper list-helper-profiles
     read -p "Helper profile: " prof
     read -p "MFA token: " token
     eval $(sts-helper assume-role --helper-profile $prof --token $token)
}

Example

source ~/.bashrc
export AWS_PROFILE=some_profile

$ sts_assume_with_list 
Available sts-help profiles:
s3-stuff arn:aws:iam:: 1234566778899:role/foobar123
rds-readonly arn:aws:iam::1234566778899:role/barbaz123
Helper profile: s3-stuff
MFA token: 123456

$ env | grep AWS
AWS_SESSION_TOKEN=...
AWS_SECRET_ACCESS_KEY=...
AWS_ACCESS_KEY_ID=...

By default, AWS_PROFILE will be unset as part of the output from sts-helper

License

Apache Software License 2.0