/aws-identity

Amazon Web Services identity switching shell script to easily juggle multiple accounts

Primary LanguageShellMIT LicenseMIT

aws-identity

This script makes it easier to switch among multiple Amazon Web Services identities for the AWS command line tools, as I must at work.

Create a directory for each identity under $AWS_DIR (~/aws-identities by default). Each identity directory may contain an EC2 certificate and private key pair, an AWS credential file, or both. The certificate and private key may retain their original Amazon-generated filenames. The credential file should look like:

AWSAccessKeyId=accesskeyhere
AWSSecretKey=isureamtellingyoumysecretkeyrightnow

This script can generate either Bourne-like (sh, zsh, bash, ksh) or C Shell-like (csh, tcsh) syntax as chosen by the second argument 'sh' or 'csh'. Since child shell scripts can't change the environment of their parent, this output should be evaled to change your AWS environment variables. When the second argument is omitted, the script will return human-readable output describing what it changes.

I like to invoke this script like so, from my .zshrc:

aws() {eval `bin/aws-identity $1 sh` && bin/aws-identity $1}

If a chosen identity is lacking either an EC2 keypair or an AWS credential file, those environment variables will be unset

Here's an example with an identity containing both a keypair and a credential file:

[nreid@minamo#nreid] bin/aws-identity client1 sh
export EC2_CERT=/Users/nreid/aws-identities/client1/cert-ARFCVP24OJED4KQP2WXYPDX7XYV62UYJ.pem && 
export EC2_PRIVATE_KEY=/Users/nreid/aws-identities/client1/pk-ARFCVP24OJED4KQP2WXYPDX7XYV62UYJ.pem &&
export AWS_CREDENTIAL_FILE=/Users/nreid/aws-identities/client1/aws-credentials

[nreid@minamo#nreid] aws client1
Switched EC2 and AWS identity to client1

[nreid@minamo#nreid] export | grep -E 'EC2_CERT|EC2_PRIV|AWS_CRED'
AWS_CREDENTIAL_FILE=/Users/nreid/aws-identities/client1/aws-credentials
EC2_CERT=/Users/nreid/aws-identities/client1/cert-ARFCVP24OJED4KQP2WXYPDX7XYV62UYJ.pem
EC2_PRIVATE_KEY=/Users/nreid/aws-identities/client1/pk-ARFCVP24OJED4KQP2WXYPDX7XYV62UYJ.pem

[nreid@minamo#nreid] as-describe-auto-scaling-instances 
INSTANCE  i-effb1d573  client1-promo  us-east-1a  InService  HEALTHY  client1-promo
INSTANCE  i-afd343ce3  client1-promo  us-east-1d  InService  HEALTHY  client1-promo

And another with an identity containing only an EC2 keypair:

[nreid@minamo#nreid] bin/aws-identity client2 sh
export EC2_CERT=/Users/nreid/aws-identities/client2/cert-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem && 
export EC2_PRIVATE_KEY=/Users/nreid/aws-identities/client2/pk-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem &&
unset AWS_CREDENTIAL_FILE

[nreid@minamo#nreid] aws client2
Switched EC2 identity to client2

[nreid@minamo#nreid] export | grep -E 'EC2_CERT|EC2_PRIV|AWS_CRED'
EC2_CERT=/Users/nreid/aws-identities/client2/cert-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem
EC2_PRIVATE_KEY=/Users/nreid/aws-identities/client2/pk-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem

[nreid@minamo#nreid] as-describe-auto-scaling-instances
INSTANCE  i-8c5733f5  Client2FB  us-east-1d  InService  HEALTHY  Client2FB
INSTANCE  i-c45ed870  Client2FB  us-east-1b  InService  HEALTHY  Client2FB

Lastly, CSH syntax:

[nreid@minamo#nreid] bin/aws-identity client2 csh
setenv EC2_CERT /Users/nreid/aws-identities/client2/cert-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem && 
setenv EC2_PRIVATE_KEY /Users/nreid/aws-identities/client2/pk-YHGL5M3BBXFTMRYP3R42VNT32B634ESH.pem &&
unsetenv AWS_CREDENTIAL_FILE