Logsmith is a desktop trayicon to assume your favorite aws roles.
“Who are you and how did you get in here?” -
”I'm a locksmith and i'm a locksmith”
- Police Squad! (1982)
- switch profiles
- switch regions
- keeps you logged in
- removes unused profiles
- icon will change color. You see which profiles you are using
- set and rotate access key
- fetches mfa token for you
- has a graphical user interface and a cli
The config will be stored in ${HOME}/.logsmith/accounts.yaml
and should look like this:
productive:
team: team1
region: eu-central-1
color: '#388E3C'
profiles:
- profile: nonlive
account: '123456789123'
role: developer
default: true
- profile: live
account: '123456789123'
role: developer
If you have account ids with leading zeros, please make sure to put them in quotes.
You may add a "source" profile which will be used to assume a given role.
This is useful when your own user account can not assume service specific roles.
productive:
team: team1
region: eu-central-1
color: '#388E3C'
profiles:
- profile: developer
account: '123456789123'
role: developer-role
- profile: service
account: '123456789123'
role: service-role
source: developer
In this example, logsmith will first assume the role 'developer-role', write the credentials in profile 'developer' and the uses the said profile to assume the role 'service-role'.
Please keep in mind that the roles will be assumed in the given order.
Please use the dialog option provided by logsmith to set your access key or save it in .aws/credentials
under the profile name access-key.
[access-key]
aws_access_key_id = blablubb
aws_secret_access_key = supersecret
Logsmith will use the .aws/config
to set your region independent of your credentials in .aws/credentials
.
[profile nonlive]
region = eu-central-1
output = json
The region in your config will be used if you don't specify a region in your aws cli call or set AWS_REGION environment variable.
Logsmith can fetch mfa tokens from your yubikey if you have a suitable cli tool installed.
For example:
- ykman (mac)
- yubioath (linux)
On the logsmith config dialog, you can specify the appropriate command to fetch the token. Your command should return the 6 digit code. Please also keep in mind that you might have to provide the whole path/command.
Example:
/usr/local/bin/ykman oath code | awk 'NF>1{print $NF}'
.
Logsmith will write the active profile group to ${HOME}/.logsmith/active_group
. This could be used to include the current profile group in your shell prompt.
Example:
some_directory [master] (production) %
If you provide one of the following parameter logsmith will automatically start in cli mode:
--list lists profile groups
--login LOGIN Login with group
--logout Remove profiles
--region REGION Overwrite region to login to
--set-access-key set access key
--rotate-access-key rotate access key
-o --oneshot exit after login
Example to login with cli mode:
./logsmith --login team1
If you want to build a binary, please use the following steps:
./setup.sh
./package.sh
The binary will be in dist
.
For mac, just drop the dist/logsmith.app
in your application directory.
This icon was provided by game-icons.net and was made by Lorc under CC BY 3.0
The icons in app/assets
were provided by material.io and are licenced under Apache license version 2.0.
logsmith is currently in active development and welcomes code improvements, bug fixes, suggestions and feature requests.
For those of your interested, providing documentation to other parties is equally welcome.
Please document all notable changes to this project in the provided changelog. Note that this project adheres to Semantic Versioning.
Distributed under Apache License 2.0