Skip to content
/ assume-sts-role Public

A Python CLI tool to easily assume a role from AWS STS and save resulting credentials

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

irby/assume-sts-role

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.env.template
.env.template
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__version.py
__version.py
 
 
aws-session-token.py
aws-session-token.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Assume STS Role

A simple Python CLI script to assume a role from AWS STS.

Requirements

Setup

To install the requirements for the Python CLI, please run the following:

pip3 install -r requirements.txt

How to run

You can call the CLI tool by running the following from your console:

python3 aws-session-token.py

Here is the documentation for the CLI tool:

python3 aws-session-token.py --help
usage: aws-session-token.py [-h] [-x EXPIRY] [-xh EXPIRY_HOURS] [-a ACTING_AS] [-e ENV_FILE] [-d DEVICE] [-t TOKEN] [-r ROLE_ARN] [-s] [-p PROFILE] [-v] [--version]

Get AWS Session Token

options:
  -h, --help            show this help message and exit
  -x EXPIRY, --expiry EXPIRY
                        Expiry time in seconds. Can also be set as EXPIRY_TIME environment variable. Default: 3600
  -xh EXPIRY_HOURS, --expiry-hours EXPIRY_HOURS
                        Expiry time in hours. Can also be set as EXPIRY_TIME_HOURS environment variable. Default: 1
  -a ACTING_AS, --acting-as ACTING_AS
                        AWS profile to act as to execute STS call. Can also be set as AWS_PROFILE environment variable
  -e ENV_FILE, --env-file ENV_FILE
                        Path to env file with AWS configuration.
  -d DEVICE, --device DEVICE
                        MFA device identifier. Can also be set as AWS_MFA_DEVICE environment variable
  -t TOKEN, --token TOKEN
                        MFA token from your device. Required if MFA device is set
  -r ROLE_ARN, --role-arn ROLE_ARN
                        Role ARN to assume. Can also be set as AWS_ROLE_ARN environment variable
  -s, --save            Saves STS tokens to AWS profile. Default: false
  -p PROFILE, --profile PROFILE
                        AWS profile to set token for. Can also be set as AWS_SET_PROFILE environment variable
  -v, --verbose         Verbose output. Default: false
  --version             show program's version number and exit

Environment variables

As seen above, you can use environment variables in place of some fields such as PROFILE, DEVICE and ROLE_ARN. These values can be stored inside an environment file (.env) and the CLI tool will import the environment variable if the file path is provided with the -e flag.

Here is a template for the .env file:

AWS_MFA_DEVICE=arn:aws:iam::1234567890:mfa/my_device
AWS_ROLE_ARN=arn:aws:iam::1234567890:role/cli_role
AWS_PROFILE=my-profile
AWS_SET_PROFILE=my-profile-token

EXPIRY_TIME_HOURS=8

Example usage

Assuming a .env file has been setup with the values defined above, you can use the following command to save the credentials generated by STS to your ~/.aws/credentials file under the profile app-dev-token with the MFA one-time token 123456:

python3 aws-session-token.py -e .env --save -t 123456

About

A Python CLI tool to easily assume a role from AWS STS and save resulting credentials

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

1.0.2 Latest
Apr 24, 2024
+ 2 releases

Packages

No packages published

Languages