Provides an endpoint on 169.254.169.254:80 that can answer AWS client requests for credentials (boto, aws-sdk-ruby, and others will try to pull from here automatically ), and an interface to assume roles to configure those credentials through a web interface.
You need a local 169.254.169.254 address which can be routed by local sources.
setup.sh has been my dumping ground for commands. I've found the pf stuff to be a good solution o osx. I think there's an iptables invocation for linux. It's absolutely critical that you make sure this is only available locally.
The program expects to find credentials in either ~/.aws/credentials or /code/.aws/credentials (useful in docker). You choose the profile in the application.
Docker makes this easy.
make
If this fails because make is not available, simply cat Makefile and you'll be on your way to running the very simple invocation of docker-compose to produce a running server.
Navigate to http://169.254.169.254.
- Select a profile.
- Patiently await the loading of the roles under that account (your user requires read permission for this of course)
- Select the desired role from the list.
- Type in MFA token, configure time if desired
- Submit
- 169.254.169.254 supplies credentials to the local machine, for any AWS SDK that uses the standard credential search processes
- Browser back button is shamefully required to complete cycle and return to the main role selection page
It's pretty self explanatory and quite simplistic, barely adequate for the job.